lambo
2014-09-03, 07:31
Hi,
I clicked a link this afternoon that took me to the FBI/MoneyPak Ransomware page which asks you to wire money via MoneyPak. Of course, I did not follow the instructions. I immediately exited the page from by hitting ctrl-alt-delete and exiting Chrome. Unfortunately, I then re-set Windows 7 to a Restore point from 8/28. I had not yet read the posting rules that caution against reverting to a Restore point. My PC is not currently hijacked or ransomed (the ransom demand isn't popping up when I try to use my PC) and I'm not seeing any obvious signs of malware. Nevertheless, I understand Ransomware has advanced and gotten more sneaky, and I want to make sure I don't have anything nasty running in the background that's logging my keystrokes, etc. I was hoping someone would review my FRST and MBR logs to make sure I don't have anything suspicious. Thank you very much in advance!
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by Robin (administrator) on THINKCENTRE on 02-09-2014 22:02:04
Running from C:\Users\Robin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27464 2013-02-26] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [MusicManager] => C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 01UnsuppModule -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 02SyncingModule -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 03SyncedModule -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 04ReadOnlyModule -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com/?pc=LNJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKLM-x32 - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKCU - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL =
SearchScopes: HKCU - {DD5893EC-A835-4715-B209-0244079A258C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://mail.google.com/", "hxxp://www.washingtonpost.com/opinions", "hxxp://gundogforum.com/"
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-02]
CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-02]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
CHR Extension: (Adblock Plus) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-02]
CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
CHR Extension: (Google News) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-08-02]
CHR Extension: (Google Play Music) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]
CHR Extension: (Plex) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2014-08-02]
CHR Extension: (The Economist) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2014-08-02]
CHR Extension: (Magisto - Magical Video Editor) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk [2014-08-02]
CHR Extension: (avast! Online Security) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-02]
CHR Extension: (Google Play) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-08-02]
CHR Extension: (Pocket) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-08-02]
CHR Extension: (WeatherBug) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-08-02]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LBAEvent; C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [27464 2013-04-02] (Lenovo)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-02-26] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-02-26] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-24] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-03-18] (Intel Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [16200 2013-04-02] (Lenovo)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 22:02 - 2014-09-02 22:02 - 00019817 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-09-02 22:00 - 2014-09-02 22:02 - 00000000 ____D () C:\FRST
2014-09-02 22:00 - 2014-09-02 22:00 - 02104832 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-09-02 21:58 - 2014-09-02 21:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THINKCENTRE-Microsoft-Windows-7-Professional-(64-bit).dat
2014-09-02 21:58 - 2014-09-02 21:58 - 00000000 ____D () C:\RegBackup
2014-09-02 21:55 - 2014-09-02 21:55 - 04057608 _____ () C:\Users\Robin\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-02 21:55 - 2014-09-02 21:55 - 00002250 _____ () C:\Users\Robin\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-02 21:39 - 2014-09-02 21:39 - 00028603 _____ () C:\ComboFix.txt
2014-09-02 21:33 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-02 21:30 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 21:30 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 21:30 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 21:29 - 2014-09-02 21:39 - 00000000 ____D () C:\Windows\erdnt
2014-09-02 21:29 - 2014-09-02 21:39 - 00000000 ____D () C:\Qoobox
2014-09-02 21:16 - 2014-09-02 21:16 - 00000000 _____ () C:\autoexec.bat
2014-09-02 21:14 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-02 21:14 - 2014-09-02 21:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-02 21:12 - 2014-09-02 21:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
2014-09-02 20:50 - 2014-09-02 20:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Robin\Downloads\HijackThis.exe
2014-09-02 20:50 - 2014-09-02 20:50 - 00012319 _____ () C:\Users\Robin\Downloads\hijackthis.log
2014-09-02 20:40 - 2014-09-02 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-02 20:35 - 2014-09-02 20:37 - 11193392 _____ (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro_x64.exe
2014-09-02 16:34 - 2014-09-02 16:34 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iTunes
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iPod
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-02 16:26 - 2014-09-02 16:26 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-09-02 16:26 - 2014-09-02 16:26 - 00003164 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-09-02 16:26 - 2014-09-02 16:26 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-09-02 16:25 - 2014-09-02 16:25 - 25723644 _____ () C:\Users\Robin\Downloads\installer_win.exe
2014-09-02 16:24 - 2014-09-02 16:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-02 16:22 - 2014-09-02 16:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 16:22 - 2014-09-02 16:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 16:22 - 2014-09-02 16:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 16:22 - 2014-09-02 16:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 16:21 - 2014-09-02 16:21 - 04862664 _____ (AVAST Software) C:\Users\Robin\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 16:20 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 16:20 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 16:20 - 2014-08-22 18:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-02 15:48 - 2014-09-02 15:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 14:56 - 2014-09-02 16:26 - 00000000 ____D () C:\Program Files\pia_manager
2014-08-30 08:42 - 2014-08-30 08:42 - 00026112 _____ () C:\Users\Hayley\Downloads\query_12639_26313.xls
2014-08-30 08:40 - 2014-08-30 08:40 - 00045568 _____ () C:\Users\Hayley\Downloads\tempPh71Oobc.xls
2014-08-30 08:37 - 2014-08-30 08:37 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12639_26295.xls
2014-08-30 08:36 - 2014-08-30 08:36 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26280.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26278.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Desktop\query_12638_26278.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823 (1).xls
2014-08-30 08:26 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12638_30823.xls
2014-08-30 08:25 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823.xls
2014-08-30 08:24 - 2014-08-30 08:24 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12638_30816.xls
2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12588_16997.xls
2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12588_16997.xls
2014-08-18 21:58 - 2014-08-18 21:58 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12588_16985.xls
2014-08-16 03:00 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:00 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:00 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 03:00 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:00 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:00 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:00 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 15:02 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\Documents\My Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nitro PDF
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\GARMIN_Corp
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 15:00 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Garmin
2014-08-15 15:00 - 2014-08-15 15:00 - 53312376 _____ () C:\Users\Robin\Downloads\BaseCamp_435.exe
2014-08-15 13:02 - 2014-08-06 20:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 13:02 - 2014-08-06 20:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 13:02 - 2014-07-31 17:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 13:02 - 2014-07-31 17:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 13:02 - 2014-07-25 08:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 13:02 - 2014-07-25 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 13:02 - 2014-07-25 08:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 13:02 - 2014-07-25 07:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 13:02 - 2014-07-25 07:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 13:02 - 2014-07-25 07:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 13:02 - 2014-07-25 07:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 13:02 - 2014-07-25 07:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 13:02 - 2014-07-25 07:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 13:02 - 2014-07-25 07:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 13:02 - 2014-07-25 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 13:02 - 2014-07-25 07:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 13:02 - 2014-07-25 07:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 13:02 - 2014-07-25 07:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 13:02 - 2014-07-25 07:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 13:02 - 2014-07-25 06:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 13:02 - 2014-07-25 06:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 13:02 - 2014-07-25 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 13:02 - 2014-07-25 06:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 13:02 - 2014-07-25 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 13:02 - 2014-07-25 06:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 13:02 - 2014-07-25 06:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 13:02 - 2014-07-25 06:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 13:02 - 2014-07-25 06:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 13:02 - 2014-07-25 06:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 13:02 - 2014-07-25 06:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 13:02 - 2014-07-25 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 13:02 - 2014-07-25 06:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 13:02 - 2014-07-25 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 13:02 - 2014-07-25 06:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 13:02 - 2014-07-25 06:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 13:02 - 2014-07-25 06:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 13:02 - 2014-07-25 06:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 13:02 - 2014-07-25 06:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 13:02 - 2014-07-25 05:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 13:02 - 2014-07-25 05:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 13:02 - 2014-07-25 05:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 13:02 - 2014-07-25 05:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 13:02 - 2014-07-25 05:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 13:02 - 2014-07-25 05:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 13:02 - 2014-07-25 05:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 13:02 - 2014-07-25 05:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 13:02 - 2014-07-25 05:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 13:02 - 2014-07-25 05:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 13:02 - 2014-07-25 05:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 13:02 - 2014-07-25 05:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 13:02 - 2014-07-25 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 13:02 - 2014-07-25 05:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 13:02 - 2014-07-25 04:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 13:02 - 2014-07-25 04:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 13:02 - 2014-07-25 04:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 13:02 - 2014-07-25 04:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 13:02 - 2014-07-25 04:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 13:02 - 2014-07-25 04:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 13:02 - 2014-07-15 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 13:02 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 13:02 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 13:02 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 13:02 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 13:02 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 13:02 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 13:02 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 13:02 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 13:02 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 13:02 - 2014-06-03 04:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 13:02 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 13:02 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 13:02 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 13:02 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 13:02 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 13:02 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 12:57 - 2014-08-12 12:57 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Apple
2014-08-09 12:58 - 2014-08-09 13:04 - 516628867 _____ () C:\Users\Hayley\Downloads\Video.zip
2014-08-09 12:54 - 2014-08-09 13:00 - 582762633 _____ () C:\Users\Hayley\Downloads\Photos.zip
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Nitro
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\FileOpen
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\ProgramData\FileOpen
2014-08-04 19:32 - 2014-09-02 15:36 - 00000000 ____D () C:\Users\Robin\Downloads\Shareit
2014-08-04 15:27 - 2014-08-04 19:03 - 00000000 ____D () C:\Users\Robin\AppData\Local\CloudStation
2014-08-04 15:27 - 2014-08-04 15:27 - 00001162 _____ () C:\Users\Robin\Desktop\Synology Cloud Station.lnk
2014-08-04 15:27 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-08-04 15:20 - 2014-08-04 15:20 - 32031440 _____ () C:\Users\Robin\Downloads\Synology-CloudStation-Setup-3111.exe
2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\Program Files (x86)\Plex
2014-08-04 15:01 - 2014-08-04 15:02 - 62222680 _____ (Plex, Inc.) C:\Users\Robin\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
2014-08-04 14:10 - 2014-08-04 14:10 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Lenovo
2014-08-04 02:22 - 2014-08-04 02:22 - 00000000 ____D () C:\Windows\system32\LSC
2014-08-03 15:05 - 2014-08-03 15:05 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Titanium
2014-08-03 14:22 - 2014-08-03 14:22 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\LSC
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieUserList
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieSiteList
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Intel Corporation
2014-08-03 14:12 - 2014-09-02 16:42 - 00000000 ____D () C:\Users\Hayley
2014-08-03 14:12 - 2014-08-03 14:12 - 00058016 _____ () C:\Users\Hayley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 14:12 - 2014-08-03 14:12 - 00001428 _____ () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-03 14:12 - 2014-08-03 14:12 - 00000020 ___SH () C:\Users\Hayley\ntuser.ini
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Leadertech
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Apple Computer
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\VirtualStore
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Google
2014-08-03 14:12 - 2014-07-15 23:03 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Macromedia
2014-08-03 14:12 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-03 14:12 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-03 13:55 - 2014-09-02 21:44 - 00000000 ____D () C:\Users\Robin\AppData\Local\Eye-Fi
2014-08-03 13:55 - 2014-09-02 14:34 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Eye-Fi
2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
2014-08-03 13:41 - 2014-08-03 13:41 - 22619832 _____ (Eye-Fi, Inc.) C:\Users\Robin\Downloads\Setup.exe
2014-08-03 13:20 - 2014-08-03 13:20 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-03 13:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-03 12:41 - 2014-09-02 21:46 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job
2014-08-03 12:41 - 2014-08-27 12:46 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job
2014-08-03 12:41 - 2014-08-03 12:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA
2014-08-03 12:41 - 2014-08-03 12:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core
2014-08-03 12:41 - 2014-08-03 12:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-08-03 12:35 - 2014-08-03 12:35 - 00000000 ___HD () C:\Users\Robin\AppData\Roaming\.Lenovo
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 22:02 - 2014-09-02 22:02 - 00019817 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-09-02 22:02 - 2014-09-02 22:00 - 00000000 ____D () C:\FRST
2014-09-02 22:00 - 2014-09-02 22:00 - 02104832 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-09-02 21:58 - 2014-09-02 21:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THINKCENTRE-Microsoft-Windows-7-Professional-(64-bit).dat
2014-09-02 21:58 - 2014-09-02 21:58 - 00000000 ____D () C:\RegBackup
2014-09-02 21:55 - 2014-09-02 21:55 - 04057608 _____ () C:\Users\Robin\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-02 21:55 - 2014-09-02 21:55 - 00002250 _____ () C:\Users\Robin\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-02 21:54 - 2009-07-13 22:51 - 00066146 _____ () C:\Windows\setupact.log
2014-09-02 21:51 - 2009-07-13 22:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 21:51 - 2009-07-13 22:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 21:48 - 2014-07-15 22:57 - 01365695 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 21:48 - 2009-07-13 23:13 - 00783114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-02 21:46 - 2014-08-03 12:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job
2014-09-02 21:44 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Local\Eye-Fi
2014-09-02 21:44 - 2014-08-02 18:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-02 21:44 - 2014-08-02 17:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 21:44 - 2010-11-20 21:47 - 00358336 _____ () C:\Windows\PFRO.log
2014-09-02 21:44 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 21:44 - 2009-07-13 22:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 21:39 - 2014-09-02 21:39 - 00028603 _____ () C:\ComboFix.txt
2014-09-02 21:39 - 2014-09-02 21:29 - 00000000 ____D () C:\Windows\erdnt
2014-09-02 21:39 - 2014-09-02 21:29 - 00000000 ____D () C:\Qoobox
2014-09-02 21:38 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 21:33 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-02 21:33 - 2014-09-02 21:14 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-02 21:20 - 2014-07-15 23:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-02 21:19 - 2014-08-02 17:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 21:16 - 2014-09-02 21:16 - 00000000 _____ () C:\autoexec.bat
2014-09-02 21:14 - 2014-09-02 21:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-02 21:12 - 2014-09-02 21:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
2014-09-02 20:50 - 2014-09-02 20:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Robin\Downloads\HijackThis.exe
2014-09-02 20:50 - 2014-09-02 20:50 - 00012319 _____ () C:\Users\Robin\Downloads\hijackthis.log
2014-09-02 20:41 - 2014-09-02 20:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-02 20:37 - 2014-09-02 20:35 - 11193392 _____ (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro_x64.exe
2014-09-02 16:42 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley
2014-09-02 16:42 - 2014-08-02 18:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-02 16:34 - 2014-09-02 16:34 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iTunes
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iPod
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-02 16:26 - 2014-09-02 16:26 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-09-02 16:26 - 2014-09-02 16:26 - 00003164 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-09-02 16:26 - 2014-09-02 16:26 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-09-02 16:26 - 2014-09-02 14:56 - 00000000 ____D () C:\Program Files\pia_manager
2014-09-02 16:25 - 2014-09-02 16:25 - 25723644 _____ () C:\Users\Robin\Downloads\installer_win.exe
2014-09-02 16:24 - 2014-09-02 16:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-02 16:23 - 2014-09-02 16:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 16:22 - 2014-09-02 16:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 16:22 - 2014-09-02 16:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 16:22 - 2014-09-02 16:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 16:21 - 2014-09-02 16:21 - 04862664 _____ (AVAST Software) C:\Users\Robin\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 16:15 - 2014-08-02 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-09-02 16:15 - 2014-08-02 17:59 - 00000000 ____D () C:\Program Files\PeerBlock
2014-09-02 16:15 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\BitTorrent
2014-09-02 16:15 - 2014-08-02 16:44 - 00000000 ____D () C:\Users\Robin
2014-09-02 16:15 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Lenovo
2014-09-02 16:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-09-02 16:00 - 2014-07-15 23:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-02 15:48 - 2014-09-02 15:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 15:36 - 2014-08-04 19:32 - 00000000 ____D () C:\Users\Robin\Downloads\Shareit
2014-09-02 14:34 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Eye-Fi
2014-08-30 08:42 - 2014-08-30 08:42 - 00026112 _____ () C:\Users\Hayley\Downloads\query_12639_26313.xls
2014-08-30 08:40 - 2014-08-30 08:40 - 00045568 _____ () C:\Users\Hayley\Downloads\tempPh71Oobc.xls
2014-08-30 08:37 - 2014-08-30 08:37 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12639_26295.xls
2014-08-30 08:36 - 2014-08-30 08:36 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26280.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26278.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Desktop\query_12638_26278.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823 (1).xls
2014-08-30 08:25 - 2014-08-30 08:26 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12638_30823.xls
2014-08-30 08:25 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823.xls
2014-08-30 08:24 - 2014-08-30 08:24 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12638_30816.xls
2014-08-27 12:46 - 2014-08-03 12:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job
2014-08-22 20:07 - 2014-09-02 16:20 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:45 - 2014-09-02 16:20 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 18:59 - 2014-09-02 16:20 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12588_16997.xls
2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12588_16997.xls
2014-08-18 21:58 - 2014-08-18 21:58 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12588_16985.xls
2014-08-16 12:55 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-16 03:44 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 03:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 03:02 - 2014-08-02 18:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:01 - 2014-08-02 18:06 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:00 - 2014-08-02 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 15:02 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\Documents\My Garmin
2014-08-15 15:02 - 2014-08-15 15:00 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nitro PDF
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\GARMIN_Corp
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 15:01 - 2014-07-15 22:57 - 00000000 ____D () C:\Program Files\DIFX
2014-08-15 15:00 - 2014-08-15 15:00 - 53312376 _____ () C:\Users\Robin\Downloads\BaseCamp_435.exe
2014-08-15 00:48 - 2014-07-15 23:03 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-08-12 12:57 - 2014-08-12 12:57 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Apple
2014-08-09 13:04 - 2014-08-09 12:58 - 516628867 _____ () C:\Users\Hayley\Downloads\Video.zip
2014-08-09 13:00 - 2014-08-09 12:54 - 582762633 _____ () C:\Users\Hayley\Downloads\Photos.zip
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Nitro
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\FileOpen
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\ProgramData\FileOpen
2014-08-07 22:38 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-06 20:06 - 2014-08-15 13:02 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 20:01 - 2014-08-15 13:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 19:03 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Local\CloudStation
2014-08-04 15:27 - 2014-08-04 15:27 - 00001162 _____ () C:\Users\Robin\Desktop\Synology Cloud Station.lnk
2014-08-04 15:27 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-08-04 15:20 - 2014-08-04 15:20 - 32031440 _____ () C:\Users\Robin\Downloads\Synology-CloudStation-Setup-3111.exe
2014-08-04 15:03 - 2014-08-02 18:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\Program Files (x86)\Plex
2014-08-04 15:02 - 2014-08-04 15:01 - 62222680 _____ (Plex, Inc.) C:\Users\Robin\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
2014-08-04 14:10 - 2014-08-04 14:10 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Lenovo
2014-08-04 03:00 - 2014-07-15 23:03 - 00775352 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-04 02:22 - 2014-08-04 02:22 - 00000000 ____D () C:\Windows\system32\LSC
2014-08-03 15:20 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Local\Plex Media Server
2014-08-03 15:05 - 2014-08-03 15:05 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Titanium
2014-08-03 14:22 - 2014-08-03 14:22 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\LSC
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieUserList
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieSiteList
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Intel Corporation
2014-08-03 14:12 - 2014-08-03 14:12 - 00058016 _____ () C:\Users\Hayley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 14:12 - 2014-08-03 14:12 - 00001428 _____ () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-03 14:12 - 2014-08-03 14:12 - 00000020 ___SH () C:\Users\Hayley\ntuser.ini
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Leadertech
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Apple Computer
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\VirtualStore
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Google
2014-08-03 14:03 - 2014-08-02 19:24 - 00000000 ____D () C:\Users\Robin\AppData\Local\Lenovo
2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
2014-08-03 13:41 - 2014-08-03 13:41 - 22619832 _____ (Eye-Fi, Inc.) C:\Users\Robin\Downloads\Setup.exe
2014-08-03 13:31 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Apple Computer
2014-08-03 13:20 - 2014-08-03 13:20 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-03 13:20 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple Computer
2014-08-03 12:41 - 2014-08-03 12:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA
2014-08-03 12:41 - 2014-08-03 12:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core
2014-08-03 12:41 - 2014-08-03 12:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-08-03 12:41 - 2014-08-02 17:14 - 00000000 ____D () C:\Users\Robin\AppData\Local\Google
2014-08-03 12:35 - 2014-08-03 12:35 - 00000000 ___HD () C:\Users\Robin\AppData\Roaming\.Lenovo
2014-08-03 12:31 - 2014-08-02 18:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 00:25
==================== End Of Log ============================
FRST Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by Robin at 2014-09-02 22:02:20
Running from C:\Users\Robin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32692 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.8 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.0.32.7350 - Intel(R) Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.0.0004.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.14.3 - Marvell)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
Nitro Pro 8 (HKLM\...\{35E1FF5F-E8E1-4DE2-B3EC-BBE296B27336}) (Version: 8.5.2.10 - Nitro)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.01.0004 - Lenovo Group Limited)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0230 - REALTEK Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Cloud Station (remove only) (HKCU\...\Synology CloudStation) (Version: - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.42.0 - Lenovo)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
View Management Utility (HKLM\...\View Management Utility_is1) (Version: 3.0.1.20120921 - Lenovo Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Intel (e1dexpress) Net (02/26/2013 12.6.47.0) (HKLM\...\F33A1BB12CD7108455BD796E038CD7B0B4732FBB) (Version: 02/26/2013 12.6.47.0 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display (06/24/2013 9.18.10.3220) (HKLM\...\279F572DD6D797E852EE092875A1D4B6A65C48EF) (Version: 06/24/2013 9.18.10.3220 - Intel Corporation)
Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\0A6166936538BB5B864A5723AF3A45E6D54FC14A) (Version: 02/25/2013 9.4.0.1017 - Intel)
Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\AE21626B45E3873B80BDD584D229A19CD48EF2D0) (Version: 02/25/2013 9.4.0.1017 - Intel)
Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\D0BD2762F58C24C10CB784FDD17B9D98FF2470FF) (Version: 02/25/2013 9.4.0.1017 - Intel)
Windows Driver Package - Intel USB (02/25/2013 9.4.0.1017) (HKLM\...\65AB5CB2D70EB936A3BC424D9E64EF8B676558B4) (Version: 02/25/2013 9.4.0.1017 - Intel)
Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (05/22/2013 6.16.00.3112) (HKLM\...\1CD14F8CAAAFF160D1FB8F12ABC0298A517BB394) (Version: 05/22/2013 6.16.00.3112 - Intel(R) Corporation)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (02/19/2013 6.0.1.6844) (HKLM\...\2EA098366EBDF7112F40FDC23F33AEEB37BD2732) (Version: 02/19/2013 6.0.1.6844 - Realtek Semiconductor Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
24-08-2014 06:00:00 Scheduled Checkpoint
28-08-2014 09:00:10 Windows Update
02-09-2014 20:57:02 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
02-09-2014 21:45:47 avast! antivirus system restore point
02-09-2014 22:15:16 Restore Operation
02-09-2014 22:21:42 avast! antivirus system restore point
02-09-2014 22:26:51 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
03-09-2014 03:14:24 Installed SpyHunter
03-09-2014 03:31:16 Removed SpyHunter
03-09-2014 03:32:51 Removed SpyHunter
03-09-2014 03:41:35 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2014-09-02 21:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {118EC617-2FE3-42B0-920E-60E275630759} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {1F79D11E-3FBA-436C-AAC9-4620BB835DAA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {31E27B04-F765-4AC6-8BC7-02EEA7913BEB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {3A4B1E03-C587-4372-A9CC-39C869CC9AC8} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2013-02-26] (Lenovo Group Limited)
Task: {3AEF64A3-98AE-41BE-AF60-DB7CBC26D238} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-09-02] ()
Task: {4615B8F8-0E24-446A-B72E-F242B7BF7852} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {55C20559-D05F-4828-9221-AD15E0D5A102} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5AE24D1A-E9E3-4B81-AD27-EEF0196AEDED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {5B37534F-AB79-489A-A609-C8D8E0E2048E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-03] (Google Inc.)
Task: {77F85197-567A-4BC3-A6EC-C787934FAFB2} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {8FA39B68-13FC-4840-B43F-3D76FDD89FA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-03] (Google Inc.)
Task: {944F3E80-91C9-4682-A7A2-48D086B368DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {958C6667-406A-4E0D-AA40-F3E93CB4B99D} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {A2D32512-10A9-4000-9C33-0D736868D9BA} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A4DE0AF3-194E-483B-B220-9BC8DEA3BF97} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-02] (AVAST Software)
Task: {A924256E-B538-46CD-AA41-71E3AD081CD2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {B1FE1F6C-9248-4B8F-A9C3-0CCFF2D868F2} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2013-04-10] (Intel Corporation)
Task: {BC7E75BD-4919-4740-8D35-61111A63FA57} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {BD818FE5-6495-461D-BD9D-22ACD52095A9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {CC0F5B1F-61AB-4B45-91C8-F74EA4875E9C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {DE839F6E-C172-4094-A2DC-A20444CCCF8B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-02-19] (Realtek Semiconductor)
Task: {E28A3512-A010-4CE9-BF3B-059DE8AB7EA0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {E6A41F9B-71B1-45A2-B73C-A9E09D9CF392} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {EB49F532-D415-403A-972C-8DA4B8E0E5F4} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-24 19:28 - 2014-02-24 19:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-06-11 08:08 - 2014-06-11 08:08 - 00909312 _____ () C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\ContextMenu.dll
2014-07-15 23:03 - 2013-02-26 17:31 - 00035656 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2014-09-02 16:22 - 2014-09-02 16:22 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-02 16:22 - 2014-09-02 16:22 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\14090201\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-02 18:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-02 18:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-02 18:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-02 18:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-02 18:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 10683392 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 07741952 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 02248192 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 01681408 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-05-15 15:20 - 2014-05-15 15:20 - 00117248 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 15:20 - 2014-05-15 15:20 - 00231936 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 15:21 - 2014-05-15 15:21 - 00253440 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 15:24 - 2014-05-15 15:24 - 00344064 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 00026624 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 02100360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 01923720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2014-09-02 16:22 - 2014-09-02 16:22 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00035976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-08-13 07:22 - 2014-08-06 21:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 07:22 - 2014-08-06 21:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 07:22 - 2014-08-06 21:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 07:22 - 2014-08-06 21:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 07:22 - 2014-08-06 21:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-07-15 22:59 - 2013-03-12 15:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/02/2014 09:44:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 04:16:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 03:45:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1f08
Start Time: 01cfc6f41b46f604
Termination Time: 4
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Report Id: 5fe7124b-32ea-11e4-bf58-0023245d7c9c
Error: (08/28/2014 02:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/28/2014 03:15:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2014 03:19:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19032
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19032
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/10/2014 02:34:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18034
System errors:
=============
Error: (09/02/2014 09:38:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/02/2014 09:38:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (09/02/2014 09:37:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/02/2014 08:37:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Small Business Advantage service terminated unexpectedly. It has done this 1 time(s).
Error: (09/02/2014 08:31:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
Error: (09/02/2014 04:45:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/28/2014 02:30:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:29:37 PM on 8/28/2014 was unexpected.
Error: (08/26/2014 04:58:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Small Business Advantage service terminated unexpectedly. It has done this 1 time(s).
Error: (08/25/2014 08:13:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
Error: (08/20/2014 06:11:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
Microsoft Office Sessions:
=========================
Error: (09/02/2014 09:44:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 04:16:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 03:45:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDScan.exe2.4.40.1811f0801cfc6f41b46f6044C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe5fe7124b-32ea-11e4-bf58-0023245d7c9c
Error: (08/28/2014 02:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/28/2014 03:15:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2014 03:19:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19032
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19032
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/10/2014 02:34:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18034
CodeIntegrity Errors:
===================================
Date: 2014-09-02 21:38:35.158
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-02 21:38:35.110
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 33%
Total physical RAM: 8082 MB
Available physical RAM: 5398.54 MB
Total Pagefile: 16162.17 MB
Available Pagefile: 13184.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:102.33 GB) (Free:50.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.44 GB) (Free:3.43 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 0B17766B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR log:
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-02 22:03:42
-----------------------------
22:03:42.573 OS Version: Windows x64 6.1.7601 Service Pack 1
22:03:42.573 Number of processors: 4 586 0x3C03
22:03:42.573 ComputerName: THINKCENTRE UserName: Robin
22:03:42.720 Initialize success
22:03:42.720 VM: initialized successfully
22:03:42.721 VM: Intel CPU BiosDisabled
22:03:49.686 VM: disk I/O iaStorA.sys
22:03:52.455 AVAST engine defs: 14090201
22:04:06.860 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
22:04:06.861 Disk 0 Vendor: ATA_____ 205_ Size: 122104MB BusType: 11
22:04:06.865 Disk 0 MBR read successfully
22:04:06.866 Disk 0 MBR scan
22:04:06.868 Disk 0 unknown MBR code
22:04:06.869 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
22:04:06.871 Disk 0 Boot: NTFS code=1
22:04:06.873 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 104790 MB offset 3074048
22:04:06.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15812 MB offset 217683968
22:04:06.880 Disk 0 scanning C:\Windows\system32\drivers
22:04:08.733 Service scanning
22:04:12.438 Modules scanning
22:04:12.440 Disk 0 trace - called modules:
22:04:12.447 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
22:04:12.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c66060]
22:04:12.451 3 CLASSPNP.SYS[fffff880017cf43f] -> nt!IofCallDriver -> [0xfffffa8006b5bc50]
22:04:12.453 5 iaStorF.sys[fffff8800163ba2c] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80069ee480]
22:04:12.581 AVAST engine scan C:\Windows
22:04:12.896 AVAST engine scan C:\Windows\system32
22:04:44.552 AVAST engine scan C:\Windows\system32\drivers
22:04:46.989 AVAST engine scan C:\Users\Robin
22:04:57.063 AVAST engine scan C:\ProgramData
22:05:06.259 Scan finished successfully
22:05:34.650 Disk 0 MBR has been saved successfully to "C:\Users\Robin\Desktop\MBR.dat"
22:05:34.653 The log file has been saved successfully to "C:\Users\Robin\Desktop\aswMBR.txt"
I clicked a link this afternoon that took me to the FBI/MoneyPak Ransomware page which asks you to wire money via MoneyPak. Of course, I did not follow the instructions. I immediately exited the page from by hitting ctrl-alt-delete and exiting Chrome. Unfortunately, I then re-set Windows 7 to a Restore point from 8/28. I had not yet read the posting rules that caution against reverting to a Restore point. My PC is not currently hijacked or ransomed (the ransom demand isn't popping up when I try to use my PC) and I'm not seeing any obvious signs of malware. Nevertheless, I understand Ransomware has advanced and gotten more sneaky, and I want to make sure I don't have anything nasty running in the background that's logging my keystrokes, etc. I was hoping someone would review my FRST and MBR logs to make sure I don't have anything suspicious. Thank you very much in advance!
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by Robin (administrator) on THINKCENTRE on 02-09-2014 22:02:04
Running from C:\Users\Robin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27464 2013-02-26] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [MusicManager] => C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 01UnsuppModule -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 02SyncingModule -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 03SyncedModule -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 04ReadOnlyModule -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com/?pc=LNJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKLM-x32 - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKCU - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL =
SearchScopes: HKCU - {DD5893EC-A835-4715-B209-0244079A258C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://mail.google.com/", "hxxp://www.washingtonpost.com/opinions", "hxxp://gundogforum.com/"
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-02]
CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-02]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
CHR Extension: (Adblock Plus) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-02]
CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
CHR Extension: (Google News) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-08-02]
CHR Extension: (Google Play Music) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]
CHR Extension: (Plex) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2014-08-02]
CHR Extension: (The Economist) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2014-08-02]
CHR Extension: (Magisto - Magical Video Editor) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk [2014-08-02]
CHR Extension: (avast! Online Security) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-02]
CHR Extension: (Google Play) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-08-02]
CHR Extension: (Pocket) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-08-02]
CHR Extension: (WeatherBug) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-08-02]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LBAEvent; C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [27464 2013-04-02] (Lenovo)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-02-26] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-02-26] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-24] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-03-18] (Intel Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [16200 2013-04-02] (Lenovo)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 22:02 - 2014-09-02 22:02 - 00019817 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-09-02 22:00 - 2014-09-02 22:02 - 00000000 ____D () C:\FRST
2014-09-02 22:00 - 2014-09-02 22:00 - 02104832 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-09-02 21:58 - 2014-09-02 21:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THINKCENTRE-Microsoft-Windows-7-Professional-(64-bit).dat
2014-09-02 21:58 - 2014-09-02 21:58 - 00000000 ____D () C:\RegBackup
2014-09-02 21:55 - 2014-09-02 21:55 - 04057608 _____ () C:\Users\Robin\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-02 21:55 - 2014-09-02 21:55 - 00002250 _____ () C:\Users\Robin\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-02 21:39 - 2014-09-02 21:39 - 00028603 _____ () C:\ComboFix.txt
2014-09-02 21:33 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-02 21:30 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 21:30 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 21:30 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 21:30 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 21:29 - 2014-09-02 21:39 - 00000000 ____D () C:\Windows\erdnt
2014-09-02 21:29 - 2014-09-02 21:39 - 00000000 ____D () C:\Qoobox
2014-09-02 21:16 - 2014-09-02 21:16 - 00000000 _____ () C:\autoexec.bat
2014-09-02 21:14 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-02 21:14 - 2014-09-02 21:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-02 21:12 - 2014-09-02 21:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
2014-09-02 20:50 - 2014-09-02 20:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Robin\Downloads\HijackThis.exe
2014-09-02 20:50 - 2014-09-02 20:50 - 00012319 _____ () C:\Users\Robin\Downloads\hijackthis.log
2014-09-02 20:40 - 2014-09-02 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-02 20:35 - 2014-09-02 20:37 - 11193392 _____ (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro_x64.exe
2014-09-02 16:34 - 2014-09-02 16:34 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iTunes
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iPod
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-02 16:26 - 2014-09-02 16:26 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-09-02 16:26 - 2014-09-02 16:26 - 00003164 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-09-02 16:26 - 2014-09-02 16:26 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-09-02 16:25 - 2014-09-02 16:25 - 25723644 _____ () C:\Users\Robin\Downloads\installer_win.exe
2014-09-02 16:24 - 2014-09-02 16:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-02 16:22 - 2014-09-02 16:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 16:22 - 2014-09-02 16:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 16:22 - 2014-09-02 16:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 16:22 - 2014-09-02 16:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 16:21 - 2014-09-02 16:21 - 04862664 _____ (AVAST Software) C:\Users\Robin\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 16:20 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 16:20 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 16:20 - 2014-08-22 18:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-02 15:48 - 2014-09-02 15:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 14:56 - 2014-09-02 16:26 - 00000000 ____D () C:\Program Files\pia_manager
2014-08-30 08:42 - 2014-08-30 08:42 - 00026112 _____ () C:\Users\Hayley\Downloads\query_12639_26313.xls
2014-08-30 08:40 - 2014-08-30 08:40 - 00045568 _____ () C:\Users\Hayley\Downloads\tempPh71Oobc.xls
2014-08-30 08:37 - 2014-08-30 08:37 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12639_26295.xls
2014-08-30 08:36 - 2014-08-30 08:36 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26280.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26278.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Desktop\query_12638_26278.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823 (1).xls
2014-08-30 08:26 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12638_30823.xls
2014-08-30 08:25 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823.xls
2014-08-30 08:24 - 2014-08-30 08:24 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12638_30816.xls
2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12588_16997.xls
2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12588_16997.xls
2014-08-18 21:58 - 2014-08-18 21:58 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12588_16985.xls
2014-08-16 03:00 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:00 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:00 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 03:00 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:00 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:00 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:00 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 15:02 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\Documents\My Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nitro PDF
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\GARMIN_Corp
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 15:00 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Garmin
2014-08-15 15:00 - 2014-08-15 15:00 - 53312376 _____ () C:\Users\Robin\Downloads\BaseCamp_435.exe
2014-08-15 13:02 - 2014-08-06 20:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 13:02 - 2014-08-06 20:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 13:02 - 2014-07-31 17:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 13:02 - 2014-07-31 17:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 13:02 - 2014-07-25 08:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 13:02 - 2014-07-25 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 13:02 - 2014-07-25 08:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 13:02 - 2014-07-25 07:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 13:02 - 2014-07-25 07:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 13:02 - 2014-07-25 07:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 13:02 - 2014-07-25 07:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 13:02 - 2014-07-25 07:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 13:02 - 2014-07-25 07:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 13:02 - 2014-07-25 07:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 13:02 - 2014-07-25 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 13:02 - 2014-07-25 07:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 13:02 - 2014-07-25 07:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 13:02 - 2014-07-25 07:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 13:02 - 2014-07-25 07:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 13:02 - 2014-07-25 06:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 13:02 - 2014-07-25 06:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 13:02 - 2014-07-25 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 13:02 - 2014-07-25 06:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 13:02 - 2014-07-25 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 13:02 - 2014-07-25 06:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 13:02 - 2014-07-25 06:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 13:02 - 2014-07-25 06:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 13:02 - 2014-07-25 06:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 13:02 - 2014-07-25 06:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 13:02 - 2014-07-25 06:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 13:02 - 2014-07-25 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 13:02 - 2014-07-25 06:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 13:02 - 2014-07-25 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 13:02 - 2014-07-25 06:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 13:02 - 2014-07-25 06:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 13:02 - 2014-07-25 06:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 13:02 - 2014-07-25 06:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 13:02 - 2014-07-25 06:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 13:02 - 2014-07-25 05:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 13:02 - 2014-07-25 05:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 13:02 - 2014-07-25 05:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 13:02 - 2014-07-25 05:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 13:02 - 2014-07-25 05:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 13:02 - 2014-07-25 05:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 13:02 - 2014-07-25 05:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 13:02 - 2014-07-25 05:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 13:02 - 2014-07-25 05:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 13:02 - 2014-07-25 05:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 13:02 - 2014-07-25 05:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 13:02 - 2014-07-25 05:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 13:02 - 2014-07-25 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 13:02 - 2014-07-25 05:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 13:02 - 2014-07-25 04:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 13:02 - 2014-07-25 04:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 13:02 - 2014-07-25 04:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 13:02 - 2014-07-25 04:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 13:02 - 2014-07-25 04:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 13:02 - 2014-07-25 04:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 13:02 - 2014-07-15 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 13:02 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 13:02 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 13:02 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 13:02 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 13:02 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 13:02 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 13:02 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 13:02 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 13:02 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 13:02 - 2014-06-03 04:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 13:02 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 13:02 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 13:02 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 13:02 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 13:02 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 13:02 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 12:57 - 2014-08-12 12:57 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Apple
2014-08-09 12:58 - 2014-08-09 13:04 - 516628867 _____ () C:\Users\Hayley\Downloads\Video.zip
2014-08-09 12:54 - 2014-08-09 13:00 - 582762633 _____ () C:\Users\Hayley\Downloads\Photos.zip
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Nitro
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\FileOpen
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\ProgramData\FileOpen
2014-08-04 19:32 - 2014-09-02 15:36 - 00000000 ____D () C:\Users\Robin\Downloads\Shareit
2014-08-04 15:27 - 2014-08-04 19:03 - 00000000 ____D () C:\Users\Robin\AppData\Local\CloudStation
2014-08-04 15:27 - 2014-08-04 15:27 - 00001162 _____ () C:\Users\Robin\Desktop\Synology Cloud Station.lnk
2014-08-04 15:27 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-08-04 15:20 - 2014-08-04 15:20 - 32031440 _____ () C:\Users\Robin\Downloads\Synology-CloudStation-Setup-3111.exe
2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\Program Files (x86)\Plex
2014-08-04 15:01 - 2014-08-04 15:02 - 62222680 _____ (Plex, Inc.) C:\Users\Robin\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
2014-08-04 14:10 - 2014-08-04 14:10 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Lenovo
2014-08-04 02:22 - 2014-08-04 02:22 - 00000000 ____D () C:\Windows\system32\LSC
2014-08-03 15:05 - 2014-08-03 15:05 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Titanium
2014-08-03 14:22 - 2014-08-03 14:22 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\LSC
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieUserList
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieSiteList
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Intel Corporation
2014-08-03 14:12 - 2014-09-02 16:42 - 00000000 ____D () C:\Users\Hayley
2014-08-03 14:12 - 2014-08-03 14:12 - 00058016 _____ () C:\Users\Hayley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 14:12 - 2014-08-03 14:12 - 00001428 _____ () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-03 14:12 - 2014-08-03 14:12 - 00000020 ___SH () C:\Users\Hayley\ntuser.ini
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Leadertech
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Apple Computer
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\VirtualStore
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Google
2014-08-03 14:12 - 2014-07-15 23:03 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Macromedia
2014-08-03 14:12 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-03 14:12 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-03 13:55 - 2014-09-02 21:44 - 00000000 ____D () C:\Users\Robin\AppData\Local\Eye-Fi
2014-08-03 13:55 - 2014-09-02 14:34 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Eye-Fi
2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
2014-08-03 13:41 - 2014-08-03 13:41 - 22619832 _____ (Eye-Fi, Inc.) C:\Users\Robin\Downloads\Setup.exe
2014-08-03 13:20 - 2014-08-03 13:20 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-03 13:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-03 12:41 - 2014-09-02 21:46 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job
2014-08-03 12:41 - 2014-08-27 12:46 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job
2014-08-03 12:41 - 2014-08-03 12:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA
2014-08-03 12:41 - 2014-08-03 12:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core
2014-08-03 12:41 - 2014-08-03 12:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-08-03 12:35 - 2014-08-03 12:35 - 00000000 ___HD () C:\Users\Robin\AppData\Roaming\.Lenovo
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 22:02 - 2014-09-02 22:02 - 00019817 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-09-02 22:02 - 2014-09-02 22:00 - 00000000 ____D () C:\FRST
2014-09-02 22:00 - 2014-09-02 22:00 - 02104832 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-09-02 21:58 - 2014-09-02 21:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THINKCENTRE-Microsoft-Windows-7-Professional-(64-bit).dat
2014-09-02 21:58 - 2014-09-02 21:58 - 00000000 ____D () C:\RegBackup
2014-09-02 21:55 - 2014-09-02 21:55 - 04057608 _____ () C:\Users\Robin\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-02 21:55 - 2014-09-02 21:55 - 00002250 _____ () C:\Users\Robin\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-02 21:54 - 2009-07-13 22:51 - 00066146 _____ () C:\Windows\setupact.log
2014-09-02 21:51 - 2009-07-13 22:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 21:51 - 2009-07-13 22:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 21:48 - 2014-07-15 22:57 - 01365695 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 21:48 - 2009-07-13 23:13 - 00783114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-02 21:46 - 2014-08-03 12:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job
2014-09-02 21:44 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Local\Eye-Fi
2014-09-02 21:44 - 2014-08-02 18:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-02 21:44 - 2014-08-02 17:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 21:44 - 2010-11-20 21:47 - 00358336 _____ () C:\Windows\PFRO.log
2014-09-02 21:44 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 21:44 - 2009-07-13 22:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 21:39 - 2014-09-02 21:39 - 00028603 _____ () C:\ComboFix.txt
2014-09-02 21:39 - 2014-09-02 21:29 - 00000000 ____D () C:\Windows\erdnt
2014-09-02 21:39 - 2014-09-02 21:29 - 00000000 ____D () C:\Qoobox
2014-09-02 21:38 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 21:33 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-02 21:33 - 2014-09-02 21:14 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-02 21:20 - 2014-07-15 23:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-02 21:19 - 2014-08-02 17:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 21:16 - 2014-09-02 21:16 - 00000000 _____ () C:\autoexec.bat
2014-09-02 21:14 - 2014-09-02 21:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-02 21:12 - 2014-09-02 21:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
2014-09-02 20:50 - 2014-09-02 20:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Robin\Downloads\HijackThis.exe
2014-09-02 20:50 - 2014-09-02 20:50 - 00012319 _____ () C:\Users\Robin\Downloads\hijackthis.log
2014-09-02 20:41 - 2014-09-02 20:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-02 20:37 - 2014-09-02 20:35 - 11193392 _____ (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro_x64.exe
2014-09-02 16:42 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley
2014-09-02 16:42 - 2014-08-02 18:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-02 16:34 - 2014-09-02 16:34 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iTunes
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iPod
2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-02 16:26 - 2014-09-02 16:26 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-09-02 16:26 - 2014-09-02 16:26 - 00003164 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-09-02 16:26 - 2014-09-02 16:26 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-09-02 16:26 - 2014-09-02 14:56 - 00000000 ____D () C:\Program Files\pia_manager
2014-09-02 16:25 - 2014-09-02 16:25 - 25723644 _____ () C:\Users\Robin\Downloads\installer_win.exe
2014-09-02 16:24 - 2014-09-02 16:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-02 16:23 - 2014-09-02 16:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 16:22 - 2014-09-02 16:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 16:22 - 2014-09-02 16:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 16:22 - 2014-09-02 16:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 16:22 - 2014-09-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 16:21 - 2014-09-02 16:21 - 04862664 _____ (AVAST Software) C:\Users\Robin\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 16:15 - 2014-08-02 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-09-02 16:15 - 2014-08-02 17:59 - 00000000 ____D () C:\Program Files\PeerBlock
2014-09-02 16:15 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\BitTorrent
2014-09-02 16:15 - 2014-08-02 16:44 - 00000000 ____D () C:\Users\Robin
2014-09-02 16:15 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Lenovo
2014-09-02 16:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-09-02 16:00 - 2014-07-15 23:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-02 15:48 - 2014-09-02 15:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 15:36 - 2014-08-04 19:32 - 00000000 ____D () C:\Users\Robin\Downloads\Shareit
2014-09-02 14:34 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Eye-Fi
2014-08-30 08:42 - 2014-08-30 08:42 - 00026112 _____ () C:\Users\Hayley\Downloads\query_12639_26313.xls
2014-08-30 08:40 - 2014-08-30 08:40 - 00045568 _____ () C:\Users\Hayley\Downloads\tempPh71Oobc.xls
2014-08-30 08:37 - 2014-08-30 08:37 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12639_26295.xls
2014-08-30 08:36 - 2014-08-30 08:36 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26280.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26278.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Desktop\query_12638_26278.xls
2014-08-30 08:35 - 2014-08-30 08:35 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823 (1).xls
2014-08-30 08:25 - 2014-08-30 08:26 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12638_30823.xls
2014-08-30 08:25 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823.xls
2014-08-30 08:24 - 2014-08-30 08:24 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12638_30816.xls
2014-08-27 12:46 - 2014-08-03 12:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job
2014-08-22 20:07 - 2014-09-02 16:20 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:45 - 2014-09-02 16:20 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 18:59 - 2014-09-02 16:20 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12588_16997.xls
2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12588_16997.xls
2014-08-18 21:58 - 2014-08-18 21:58 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12588_16985.xls
2014-08-16 12:55 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-16 03:44 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 03:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 03:02 - 2014-08-02 18:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:01 - 2014-08-02 18:06 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:00 - 2014-08-02 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 15:02 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\Documents\My Garmin
2014-08-15 15:02 - 2014-08-15 15:00 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nitro PDF
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\GARMIN_Corp
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 15:01 - 2014-07-15 22:57 - 00000000 ____D () C:\Program Files\DIFX
2014-08-15 15:00 - 2014-08-15 15:00 - 53312376 _____ () C:\Users\Robin\Downloads\BaseCamp_435.exe
2014-08-15 00:48 - 2014-07-15 23:03 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-08-12 12:57 - 2014-08-12 12:57 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Apple
2014-08-09 13:04 - 2014-08-09 12:58 - 516628867 _____ () C:\Users\Hayley\Downloads\Video.zip
2014-08-09 13:00 - 2014-08-09 12:54 - 582762633 _____ () C:\Users\Hayley\Downloads\Photos.zip
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Nitro
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\FileOpen
2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\ProgramData\FileOpen
2014-08-07 22:38 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-06 20:06 - 2014-08-15 13:02 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 20:01 - 2014-08-15 13:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 19:03 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Local\CloudStation
2014-08-04 15:27 - 2014-08-04 15:27 - 00001162 _____ () C:\Users\Robin\Desktop\Synology Cloud Station.lnk
2014-08-04 15:27 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-08-04 15:20 - 2014-08-04 15:20 - 32031440 _____ () C:\Users\Robin\Downloads\Synology-CloudStation-Setup-3111.exe
2014-08-04 15:03 - 2014-08-02 18:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\Program Files (x86)\Plex
2014-08-04 15:02 - 2014-08-04 15:01 - 62222680 _____ (Plex, Inc.) C:\Users\Robin\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
2014-08-04 14:10 - 2014-08-04 14:10 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Lenovo
2014-08-04 03:00 - 2014-07-15 23:03 - 00775352 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-04 02:22 - 2014-08-04 02:22 - 00000000 ____D () C:\Windows\system32\LSC
2014-08-03 15:20 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Local\Plex Media Server
2014-08-03 15:05 - 2014-08-03 15:05 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Titanium
2014-08-03 14:22 - 2014-08-03 14:22 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\LSC
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieUserList
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieSiteList
2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Intel Corporation
2014-08-03 14:12 - 2014-08-03 14:12 - 00058016 _____ () C:\Users\Hayley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 14:12 - 2014-08-03 14:12 - 00001428 _____ () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-03 14:12 - 2014-08-03 14:12 - 00000020 ___SH () C:\Users\Hayley\ntuser.ini
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Leadertech
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Apple Computer
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\VirtualStore
2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Google
2014-08-03 14:03 - 2014-08-02 19:24 - 00000000 ____D () C:\Users\Robin\AppData\Local\Lenovo
2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
2014-08-03 13:41 - 2014-08-03 13:41 - 22619832 _____ (Eye-Fi, Inc.) C:\Users\Robin\Downloads\Setup.exe
2014-08-03 13:31 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Apple Computer
2014-08-03 13:20 - 2014-08-03 13:20 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-03 13:20 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple Computer
2014-08-03 12:41 - 2014-08-03 12:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA
2014-08-03 12:41 - 2014-08-03 12:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core
2014-08-03 12:41 - 2014-08-03 12:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-08-03 12:41 - 2014-08-02 17:14 - 00000000 ____D () C:\Users\Robin\AppData\Local\Google
2014-08-03 12:35 - 2014-08-03 12:35 - 00000000 ___HD () C:\Users\Robin\AppData\Roaming\.Lenovo
2014-08-03 12:31 - 2014-08-02 18:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 00:25
==================== End Of Log ============================
FRST Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by Robin at 2014-09-02 22:02:20
Running from C:\Users\Robin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32692 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.8 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.0.32.7350 - Intel(R) Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.0.0004.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.14.3 - Marvell)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
Nitro Pro 8 (HKLM\...\{35E1FF5F-E8E1-4DE2-B3EC-BBE296B27336}) (Version: 8.5.2.10 - Nitro)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.01.0004 - Lenovo Group Limited)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0230 - REALTEK Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Cloud Station (remove only) (HKCU\...\Synology CloudStation) (Version: - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.42.0 - Lenovo)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
View Management Utility (HKLM\...\View Management Utility_is1) (Version: 3.0.1.20120921 - Lenovo Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Intel (e1dexpress) Net (02/26/2013 12.6.47.0) (HKLM\...\F33A1BB12CD7108455BD796E038CD7B0B4732FBB) (Version: 02/26/2013 12.6.47.0 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display (06/24/2013 9.18.10.3220) (HKLM\...\279F572DD6D797E852EE092875A1D4B6A65C48EF) (Version: 06/24/2013 9.18.10.3220 - Intel Corporation)
Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\0A6166936538BB5B864A5723AF3A45E6D54FC14A) (Version: 02/25/2013 9.4.0.1017 - Intel)
Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\AE21626B45E3873B80BDD584D229A19CD48EF2D0) (Version: 02/25/2013 9.4.0.1017 - Intel)
Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\D0BD2762F58C24C10CB784FDD17B9D98FF2470FF) (Version: 02/25/2013 9.4.0.1017 - Intel)
Windows Driver Package - Intel USB (02/25/2013 9.4.0.1017) (HKLM\...\65AB5CB2D70EB936A3BC424D9E64EF8B676558B4) (Version: 02/25/2013 9.4.0.1017 - Intel)
Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (05/22/2013 6.16.00.3112) (HKLM\...\1CD14F8CAAAFF160D1FB8F12ABC0298A517BB394) (Version: 05/22/2013 6.16.00.3112 - Intel(R) Corporation)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (02/19/2013 6.0.1.6844) (HKLM\...\2EA098366EBDF7112F40FDC23F33AEEB37BD2732) (Version: 02/19/2013 6.0.1.6844 - Realtek Semiconductor Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
24-08-2014 06:00:00 Scheduled Checkpoint
28-08-2014 09:00:10 Windows Update
02-09-2014 20:57:02 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
02-09-2014 21:45:47 avast! antivirus system restore point
02-09-2014 22:15:16 Restore Operation
02-09-2014 22:21:42 avast! antivirus system restore point
02-09-2014 22:26:51 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
03-09-2014 03:14:24 Installed SpyHunter
03-09-2014 03:31:16 Removed SpyHunter
03-09-2014 03:32:51 Removed SpyHunter
03-09-2014 03:41:35 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2014-09-02 21:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {118EC617-2FE3-42B0-920E-60E275630759} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {1F79D11E-3FBA-436C-AAC9-4620BB835DAA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {31E27B04-F765-4AC6-8BC7-02EEA7913BEB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {3A4B1E03-C587-4372-A9CC-39C869CC9AC8} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2013-02-26] (Lenovo Group Limited)
Task: {3AEF64A3-98AE-41BE-AF60-DB7CBC26D238} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-09-02] ()
Task: {4615B8F8-0E24-446A-B72E-F242B7BF7852} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {55C20559-D05F-4828-9221-AD15E0D5A102} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5AE24D1A-E9E3-4B81-AD27-EEF0196AEDED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {5B37534F-AB79-489A-A609-C8D8E0E2048E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-03] (Google Inc.)
Task: {77F85197-567A-4BC3-A6EC-C787934FAFB2} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {8FA39B68-13FC-4840-B43F-3D76FDD89FA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-03] (Google Inc.)
Task: {944F3E80-91C9-4682-A7A2-48D086B368DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {958C6667-406A-4E0D-AA40-F3E93CB4B99D} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {A2D32512-10A9-4000-9C33-0D736868D9BA} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A4DE0AF3-194E-483B-B220-9BC8DEA3BF97} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-02] (AVAST Software)
Task: {A924256E-B538-46CD-AA41-71E3AD081CD2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {B1FE1F6C-9248-4B8F-A9C3-0CCFF2D868F2} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2013-04-10] (Intel Corporation)
Task: {BC7E75BD-4919-4740-8D35-61111A63FA57} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {BD818FE5-6495-461D-BD9D-22ACD52095A9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {CC0F5B1F-61AB-4B45-91C8-F74EA4875E9C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {DE839F6E-C172-4094-A2DC-A20444CCCF8B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-02-19] (Realtek Semiconductor)
Task: {E28A3512-A010-4CE9-BF3B-059DE8AB7EA0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {E6A41F9B-71B1-45A2-B73C-A9E09D9CF392} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {EB49F532-D415-403A-972C-8DA4B8E0E5F4} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-24 19:28 - 2014-02-24 19:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-06-11 08:08 - 2014-06-11 08:08 - 00909312 _____ () C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\ContextMenu.dll
2014-07-15 23:03 - 2013-02-26 17:31 - 00035656 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2014-09-02 16:22 - 2014-09-02 16:22 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-02 16:22 - 2014-09-02 16:22 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\14090201\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-02 18:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-02 18:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-02 18:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-02 18:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-02 18:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 10683392 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 07741952 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 02248192 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 01681408 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-05-15 15:20 - 2014-05-15 15:20 - 00117248 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 15:20 - 2014-05-15 15:20 - 00231936 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 15:21 - 2014-05-15 15:21 - 00253440 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 15:24 - 2014-05-15 15:24 - 00344064 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 00026624 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 02100360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 01923720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2014-08-01 22:13 - 2014-08-01 22:13 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2014-09-02 16:22 - 2014-09-02 16:22 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00035976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-08-01 22:14 - 2014-08-01 22:14 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-08-01 22:14 - 2014-08-01 22:14 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-08-13 07:22 - 2014-08-06 21:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 07:22 - 2014-08-06 21:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 07:22 - 2014-08-06 21:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 07:22 - 2014-08-06 21:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 07:22 - 2014-08-06 21:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-07-15 22:59 - 2013-03-12 15:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/02/2014 09:44:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 04:16:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 03:45:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1f08
Start Time: 01cfc6f41b46f604
Termination Time: 4
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Report Id: 5fe7124b-32ea-11e4-bf58-0023245d7c9c
Error: (08/28/2014 02:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/28/2014 03:15:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2014 03:19:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19032
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19032
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/10/2014 02:34:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18034
System errors:
=============
Error: (09/02/2014 09:38:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/02/2014 09:38:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (09/02/2014 09:37:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/02/2014 08:37:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Small Business Advantage service terminated unexpectedly. It has done this 1 time(s).
Error: (09/02/2014 08:31:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
Error: (09/02/2014 04:45:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/28/2014 02:30:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:29:37 PM on 8/28/2014 was unexpected.
Error: (08/26/2014 04:58:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Small Business Advantage service terminated unexpectedly. It has done this 1 time(s).
Error: (08/25/2014 08:13:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
Error: (08/20/2014 06:11:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
Microsoft Office Sessions:
=========================
Error: (09/02/2014 09:44:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 04:16:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 03:45:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDScan.exe2.4.40.1811f0801cfc6f41b46f6044C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe5fe7124b-32ea-11e4-bf58-0023245d7c9c
Error: (08/28/2014 02:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/28/2014 03:15:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2014 03:19:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19032
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19032
Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/10/2014 02:34:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18034
CodeIntegrity Errors:
===================================
Date: 2014-09-02 21:38:35.158
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-02 21:38:35.110
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 33%
Total physical RAM: 8082 MB
Available physical RAM: 5398.54 MB
Total Pagefile: 16162.17 MB
Available Pagefile: 13184.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:102.33 GB) (Free:50.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.44 GB) (Free:3.43 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 0B17766B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR log:
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-02 22:03:42
-----------------------------
22:03:42.573 OS Version: Windows x64 6.1.7601 Service Pack 1
22:03:42.573 Number of processors: 4 586 0x3C03
22:03:42.573 ComputerName: THINKCENTRE UserName: Robin
22:03:42.720 Initialize success
22:03:42.720 VM: initialized successfully
22:03:42.721 VM: Intel CPU BiosDisabled
22:03:49.686 VM: disk I/O iaStorA.sys
22:03:52.455 AVAST engine defs: 14090201
22:04:06.860 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
22:04:06.861 Disk 0 Vendor: ATA_____ 205_ Size: 122104MB BusType: 11
22:04:06.865 Disk 0 MBR read successfully
22:04:06.866 Disk 0 MBR scan
22:04:06.868 Disk 0 unknown MBR code
22:04:06.869 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
22:04:06.871 Disk 0 Boot: NTFS code=1
22:04:06.873 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 104790 MB offset 3074048
22:04:06.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15812 MB offset 217683968
22:04:06.880 Disk 0 scanning C:\Windows\system32\drivers
22:04:08.733 Service scanning
22:04:12.438 Modules scanning
22:04:12.440 Disk 0 trace - called modules:
22:04:12.447 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
22:04:12.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c66060]
22:04:12.451 3 CLASSPNP.SYS[fffff880017cf43f] -> nt!IofCallDriver -> [0xfffffa8006b5bc50]
22:04:12.453 5 iaStorF.sys[fffff8800163ba2c] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80069ee480]
22:04:12.581 AVAST engine scan C:\Windows
22:04:12.896 AVAST engine scan C:\Windows\system32
22:04:44.552 AVAST engine scan C:\Windows\system32\drivers
22:04:46.989 AVAST engine scan C:\Users\Robin
22:04:57.063 AVAST engine scan C:\ProgramData
22:05:06.259 Scan finished successfully
22:05:34.650 Disk 0 MBR has been saved successfully to "C:\Users\Robin\Desktop\MBR.dat"
22:05:34.653 The log file has been saved successfully to "C:\Users\Robin\Desktop\aswMBR.txt"