Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows 8 Laptop determined to stay powered on [Closed]

Started by Spencer4134 , Dec 11 2014 04:04 PM

This topic is locked

#1
Spencer4134

Posted 11 December 2014 - 04:04 PM

Member

Member
57 posts

Hello, I haven't been on these forums for a little while, but seeing as I have been able to do absolutely NOTHING to fix this computer, I now come to you.

My Windows 8 Toshiba laptop will not shut down. Correction, it will shut down/hibernate/sleep, and 3 seconds later it turns right back on again. I get no error messages.

Help is greatly appreciated!

#2
Naathim

Posted 12 December 2014 - 01:03 AM

GeekU Minion

Expert
4,568 posts

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.

Limit your internet access to posting here, some infections just wait to steal typed-in passwords.

Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.

Paste the logs in your posts, attachments make my work harder and more complicated.

Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.

Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

I need to take a general look what's going on there, so please do this for me:

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

#3
Spencer4134

Posted 12 December 2014 - 11:49 AM

Member

Topic Starter
Member
57 posts

Also, I ran an SFC scan yesterday. It was the first time on this laptop it came back with problems. Let me know if you need that log too, as it is very long.

OK here they are:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by Bowplus (administrator) on CBSTOSH on 12-12-2014 10:40:22
Running from C:\Users\Bowplus\Desktop
Loaded Profile: Bowplus (Available profiles: Bowplus)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Electronics for Imaging, Inc.) C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Electronics for Imaging, Inc.) C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
(Electronics for Imaging, Inc) C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe
(Electronics For Imaging) C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSMailboxSyncService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\EFI\OFASQ\ofaApp.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC) C:\Program Files (x86)\EFI\EFILM\lmgrd.exe
(Flexera Software LLC) C:\Program Files (x86)\EFI\EFILM\lmgrd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(EFI Inc.) C:\Program Files (x86)\EFI\EFILM\EFI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Fiery\Applications3\HotFolder\hotfolder.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Bowplus\AppData\Local\Temp\RarSFX14\FSM\Fiery Software Manager.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1626752 2014-11-24] (Bitdefender)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [FRSSysTrayIcon] => C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe [57344 2014-09-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790344 2014-11-24] (Bitdefender)
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Run: [GoogleChromeAutoLaunch_531895E92825E8F79FA0C82707A227E6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-24] (Google Inc.)
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\RunOnce: [Adobe Speed Launcher] => 1418400417
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hotfolder.exe - Shortcut.lnk
ShortcutTarget: hotfolder.exe - Shortcut.lnk -> C:\Program Files (x86)\Fiery\Applications3\HotFolder\hotfolder.exe ()
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-696741958-2862974563-846841340-1001 -> {2F436636-E538-4692-912F-207099FB0E90} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Bowplus\AppData\Roaming\Mozilla\Firefox\Profiles\far87mnr.default-1407361548559
FF DefaultSearchEngine: Google
FF Homepage: https://www.memotoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-15]
CHR Extension: (Google Docs) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-15]
CHR Extension: (Google Drive) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-15]
CHR Extension: (Google Search) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-15]
CHR Extension: (Google Sheets) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15]
CHR Extension: (Gmail) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15]
CHR HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-27] (Adobe Systems) [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-11-12] (Bitdefender)
R2 EFI ES1000; C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [11776 2009-10-19] (Electronics for Imaging, Inc.) [File not signed]
R2 EFI License Manager; C:\Program Files (x86)\EFI\EFILM\lmgrd.exe [1448752 2014-09-24] (Flexera Software LLC)
R2 Fiery Data Collector; C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe [503808 2014-09-25] (Electronics for Imaging, Inc) [File not signed]
R2 Fiery Mailbox Synchronization; C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSMailboxSyncService.exe [11264 2014-09-11] (Electronics For Imaging) [File not signed]
S3 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ofaApp; C:\Program Files (x86)\EFI\OFASQ\ofaApp.exe [2417856 2014-12-03] ()
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1527360 2014-11-24] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-11-12] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-11-12] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-11-19] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-12] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 10:40 - 2014-12-12 10:40 - 00028396 _____ () C:\Users\Bowplus\Desktop\FRST.txt
2014-12-12 10:40 - 2014-12-12 10:40 - 00000000 ____D () C:\FRST
2014-12-12 10:39 - 2014-12-12 10:39 - 02119680 _____ (Farbar) C:\Users\Bowplus\Desktop\FRST64.exe
2014-12-11 16:31 - 2014-12-12 10:28 - 00006040 _____ () C:\Users\Bowplus\Desktop\Agent list for 4441nBedford.txt
2014-12-11 15:16 - 2014-12-11 15:16 - 00027648 _____ () C:\Windows\system32\umstartup.etl
2014-12-11 13:41 - 2014-12-11 13:53 - 00000434 _____ () C:\Users\Bowplus\Desktop\Buyer Agents Over $500k Names.txt
2014-12-10 17:39 - 2014-12-10 17:39 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-12-10 05:53 - 2014-11-09 19:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 05:53 - 2014-11-09 18:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 05:53 - 2014-10-30 16:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 05:53 - 2014-10-30 16:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 05:38 - 2014-11-06 21:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:38 - 2014-11-06 20:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:38 - 2014-10-31 16:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 05:38 - 2014-10-31 16:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 05:37 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 05:37 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 05:37 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 05:37 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 05:37 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 05:37 - 2014-10-12 19:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 05:37 - 2014-10-12 19:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 05:37 - 2014-10-12 19:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 05:37 - 2014-10-12 19:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 05:36 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 05:36 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 05:36 - 2014-11-21 19:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 05:36 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 05:36 - 2014-11-21 19:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 05:36 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 05:36 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 05:36 - 2014-11-21 19:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 05:36 - 2014-11-21 19:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 05:36 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 05:36 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 05:36 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 05:36 - 2014-11-21 18:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 05:36 - 2014-11-21 18:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 05:36 - 2014-11-21 18:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 05:36 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 05:36 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 05:36 - 2014-11-21 18:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 05:36 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 05:36 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 05:36 - 2014-11-21 18:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 05:36 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 05:36 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 05:36 - 2014-11-21 18:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 05:36 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 05:36 - 2014-11-21 18:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 05:36 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 05:36 - 2014-11-21 18:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 05:36 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 05:36 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 05:36 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 05:36 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 05:36 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 05:36 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 15:44 - 2014-12-09 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 15:25 - 2014-12-09 15:25 - 01037026 _____ () C:\Users\Bowplus\Downloads\RE-BuyerAgentsOver$500k.avery
2014-12-09 15:19 - 2014-12-09 15:19 - 00988028 _____ () C:\Users\Bowplus\Desktop\RE-BuyerAgentsOver$500k.avery
2014-12-09 15:04 - 2014-12-09 15:04 - 00010986 _____ () C:\Users\Bowplus\Downloads\google(1).csv
2014-12-09 15:00 - 2014-12-09 15:00 - 00010986 _____ () C:\Users\Bowplus\Downloads\google.csv
2014-12-09 14:53 - 2014-12-09 14:53 - 00011160 _____ () C:\Users\Bowplus\Downloads\contacts.csv
2014-12-09 14:38 - 2014-12-09 14:38 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\DesktopDPO-d00b9882479ed9b4899926f5c7e44f49
2014-12-09 14:37 - 2014-12-09 14:37 - 00001914 _____ () C:\Users\Public\Desktop\Design&Print.lnk
2014-12-09 14:37 - 2014-12-09 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Products
2014-12-09 14:34 - 2014-12-09 14:37 - 00000000 ____D () C:\Program Files (x86)\Design&Print
2014-12-05 15:59 - 2014-12-05 15:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-05 15:59 - 2014-12-05 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-05 15:59 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-05 15:59 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-05 15:59 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-05 15:59 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-05 15:58 - 2014-12-05 15:59 - 00006753 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-05 15:55 - 2014-12-05 15:55 - 00000000 ____D () C:\Users\Bowplus\Downloads\Documents\Impose
2014-12-04 16:36 - 2014-12-04 16:36 - 00000000 ____D () C:\Users\Bowplus\Downloads\Attachments_2014124(1)
2014-12-04 16:36 - 2014-12-04 16:36 - 00000000 ____D () C:\Users\Bowplus\Downloads\Attachments_2014124
2014-12-04 16:33 - 2014-12-04 16:33 - 00137337 _____ () C:\Users\Bowplus\Downloads\Attachments_2014124(1).zip
2014-12-04 16:32 - 2014-12-04 16:32 - 00184695 _____ () C:\Users\Bowplus\Downloads\Attachments_2014124.zip
2014-12-03 17:38 - 2014-12-04 13:02 - 00004891 _____ () C:\Users\Bowplus\Desktop\Foreclosures 14-12-3.txt
2014-12-03 15:37 - 2013-12-04 22:50 - 00000253 _____ () C:\Windows\UnInsDBP30.iss
2014-12-03 15:35 - 2014-12-12 09:19 - 00006345 _____ () C:\Users\Bowplus\Desktop\Buyer Agents.txt
2014-12-03 15:35 - 2014-12-03 15:35 - 00002180 _____ () C:\Users\Public\Desktop\Fiery Hot Folders.lnk
2014-12-03 15:35 - 2014-12-03 15:35 - 00000000 _____ () C:\Windows\hf_install.done
2014-12-03 15:35 - 2014-05-08 12:33 - 00000261 _____ () C:\Windows\UnInsHF30.iss
2014-12-03 15:34 - 2014-12-05 15:39 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\hotfolder
2014-12-03 15:34 - 2014-12-03 15:34 - 00002539 _____ () C:\Users\Public\Desktop\Fiery Command WorkStation 5.lnk
2014-12-03 15:34 - 2014-12-03 15:34 - 00000000 ____D () C:\ProgramData\Fiery Remote Scan
2014-12-03 15:34 - 2014-12-03 15:34 - 00000000 _____ () C:\Windows\cws_install.done
2014-12-03 15:34 - 2014-05-08 13:03 - 00000261 _____ () C:\Windows\UnIFRS56.ISS
2014-12-03 15:34 - 2013-09-26 10:37 - 00000263 _____ () C:\Windows\UnInCWS50.ISS
2014-12-03 15:32 - 2014-12-03 15:32 - 00274432 _____ (IBPhoenix Inc.) C:\Windows\SysWOW64\IscDbc.dll
2014-12-03 15:32 - 2014-12-03 15:32 - 00262144 _____ (IBPhoenix Inc) C:\Windows\SysWOW64\OdbcJdbcMT.dll
2014-12-03 15:32 - 2014-12-03 15:32 - 00253952 _____ (IBPhoenix Inc) C:\Windows\SysWOW64\OdbcJdbc.dll
2014-12-03 15:32 - 2014-12-03 15:32 - 00155648 _____ (IBPhoenix Inc.) C:\Windows\SysWOW64\OdbcJdbcSetup.dll
2014-12-03 15:32 - 2014-12-03 15:32 - 00000000 ____D () C:\ProgramData\Image Enhance Visual Editor
2014-12-03 15:32 - 2013-05-03 16:44 - 00000385 _____ () C:\Windows\UnInsIV30.iss
2014-12-03 15:32 - 2013-05-02 10:46 - 00000271 _____ () C:\Windows\UnInIEVE.iss
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-12-03 15:30 - 2009-12-08 15:58 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1io2_x64.sys
2014-12-03 15:30 - 2009-12-08 15:58 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1_x64.sys
2014-12-03 15:30 - 2009-12-08 15:58 - 00007808 _____ (GretagMacbeth LLC) C:\Windows\system32\Drivers\i1display_x64.sys
2014-12-03 15:30 - 2007-03-29 18:36 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1iSis_x64.sys
2014-12-03 15:29 - 2013-05-01 22:37 - 00000255 _____ () C:\Windows\UnInsHar30_CXP.ISS
2014-12-03 15:28 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe
2014-12-03 15:28 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe
2014-12-03 15:28 - 2013-08-01 15:11 - 00331328 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys
2014-12-03 15:28 - 2013-08-01 15:11 - 00198088 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2014-12-03 15:28 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys
2014-12-03 15:28 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys
2014-12-03 15:27 - 2013-05-01 22:37 - 00001065 ____N () C:\Windows\del_har.bat
2014-12-03 15:26 - 2014-12-03 15:26 - 00000469 _____ () C:\Windows\del_hf_dll.bat
2014-12-03 15:25 - 2014-12-03 15:27 - 00000176 _____ () C:\Windows\setup.log
2014-12-03 15:23 - 2014-12-03 15:37 - 00001622 _____ () C:\Windows\efiswupdater.log
2014-11-19 10:16 - 2014-11-09 16:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:16 - 2014-11-09 16:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:16 - 2014-11-09 16:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:16 - 2014-11-09 16:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-12 06:36 - 2014-11-12 06:36 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-11-12 06:36 - 2014-11-12 06:36 - 00263032 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-11-12 05:51 - 2014-09-27 00:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 05:51 - 2014-09-26 22:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 05:51 - 2014-09-26 20:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 05:51 - 2014-09-26 20:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 05:51 - 2014-09-26 20:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 05:50 - 2014-10-09 18:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 05:50 - 2014-10-09 18:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 05:50 - 2014-10-09 18:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 05:50 - 2014-10-08 00:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 05:50 - 2014-10-08 00:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 05:50 - 2014-10-08 00:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 05:50 - 2014-10-08 00:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 05:50 - 2014-10-07 23:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 05:50 - 2014-10-07 23:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 05:50 - 2014-10-07 23:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 05:50 - 2014-10-07 23:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 05:50 - 2014-10-07 23:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 05:50 - 2014-10-07 22:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 05:49 - 2014-10-18 02:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 05:49 - 2014-10-18 01:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 05:49 - 2014-10-18 01:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 05:49 - 2014-10-18 00:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 05:49 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 05:49 - 2014-10-17 23:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 05:49 - 2014-10-17 23:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 05:49 - 2014-10-17 23:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 05:49 - 2014-10-17 23:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 05:49 - 2014-10-17 23:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 05:49 - 2014-10-17 23:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 05:49 - 2014-10-17 23:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 05:49 - 2014-10-17 23:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 05:49 - 2014-10-17 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 05:49 - 2014-10-17 23:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 05:49 - 2014-10-17 23:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 05:49 - 2014-10-17 00:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 05:49 - 2014-10-16 23:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 05:49 - 2014-10-12 19:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 05:49 - 2014-10-10 17:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 05:49 - 2014-10-10 17:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 05:49 - 2014-10-08 00:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 05:49 - 2014-10-08 00:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 05:49 - 2014-10-07 23:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 05:49 - 2014-10-07 22:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 05:49 - 2014-10-07 22:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 05:48 - 2014-09-21 21:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 05:48 - 2014-09-21 20:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 05:48 - 2014-09-21 20:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 05:48 - 2014-09-21 19:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 05:48 - 2014-09-18 17:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 05:48 - 2014-09-02 15:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 05:48 - 2014-09-02 15:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 05:44 - 2014-10-30 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 05:44 - 2014-10-30 22:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 05:44 - 2014-10-30 22:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 05:44 - 2014-10-30 22:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 05:44 - 2014-10-30 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 05:44 - 2014-10-30 22:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 05:44 - 2014-10-30 22:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 05:44 - 2014-10-30 22:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 05:44 - 2014-10-30 21:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 05:44 - 2014-10-30 21:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 05:44 - 2014-10-30 21:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 05:44 - 2014-10-30 21:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 05:44 - 2014-10-30 21:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 05:44 - 2014-10-30 21:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 05:44 - 2014-10-30 21:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 05:44 - 2014-10-30 21:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 05:44 - 2014-10-30 21:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 05:44 - 2014-10-30 21:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 05:44 - 2014-10-30 21:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 05:44 - 2014-10-30 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 05:44 - 2014-10-30 21:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 05:44 - 2014-10-30 21:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 05:44 - 2014-10-30 21:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 05:44 - 2014-10-30 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 05:44 - 2014-10-30 21:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 05:44 - 2014-10-30 20:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 05:44 - 2014-10-30 20:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 05:44 - 2014-10-30 20:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 05:44 - 2014-10-30 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 05:44 - 2014-10-30 20:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 05:44 - 2014-10-30 20:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 05:44 - 2014-10-30 20:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 05:44 - 2014-10-30 20:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 05:44 - 2014-10-30 20:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 05:44 - 2014-10-30 20:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 05:44 - 2014-10-30 20:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 05:44 - 2014-10-30 20:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 05:44 - 2014-10-30 20:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 05:44 - 2014-10-30 20:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 05:44 - 2014-10-30 20:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 05:44 - 2014-10-30 20:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 05:44 - 2014-10-30 20:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 05:44 - 2014-10-30 20:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 05:44 - 2014-10-30 20:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 05:44 - 2014-10-30 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 05:44 - 2014-10-30 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 05:44 - 2014-10-30 19:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 05:44 - 2014-10-30 19:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 05:44 - 2014-10-30 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 05:44 - 2014-10-30 19:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 05:44 - 2014-10-30 19:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 05:44 - 2014-10-30 19:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 05:44 - 2014-10-30 19:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 05:43 - 2014-10-22 22:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 05:43 - 2014-10-22 22:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 05:43 - 2014-10-06 23:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 05:43 - 2014-10-06 23:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 05:43 - 2014-10-06 23:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 05:43 - 2014-10-06 23:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 05:43 - 2014-10-06 23:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 05:43 - 2014-10-06 20:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 05:43 - 2014-10-06 20:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 05:43 - 2014-10-06 20:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 05:43 - 2014-10-06 20:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 05:43 - 2014-10-06 18:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 05:43 - 2014-10-06 18:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 05:43 - 2014-08-30 17:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 05:43 - 2014-08-30 15:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 05:43 - 2014-08-27 19:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 05:43 - 2014-08-22 22:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 05:43 - 2014-08-22 22:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 05:43 - 2014-08-22 22:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 05:43 - 2014-08-22 21:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 05:42 - 2014-09-09 23:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 05:42 - 2014-09-07 20:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 05:42 - 2014-09-07 20:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 05:42 - 2014-09-07 15:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 05:42 - 2014-09-04 15:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 05:42 - 2014-09-04 15:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 05:42 - 2014-09-03 20:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 05:42 - 2014-09-03 19:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 05:42 - 2014-09-03 18:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 05:42 - 2014-09-03 17:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 05:42 - 2014-08-30 17:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 05:42 - 2014-08-30 15:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 05:42 - 2014-08-30 14:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 05:42 - 2014-08-30 14:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 05:42 - 2014-08-30 13:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 05:42 - 2014-08-30 13:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 05:42 - 2014-08-27 17:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 05:42 - 2014-08-27 17:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 05:42 - 2014-08-22 22:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 05:42 - 2014-08-01 17:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 05:42 - 2014-08-01 17:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 10:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-12 10:00 - 2014-07-08 14:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-12 09:56 - 2014-04-18 12:31 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-12 09:34 - 2014-07-08 13:05 - 02074530 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 09:08 - 2014-09-24 15:02 - 00000257 _____ () C:\Users\Bowplus\AppData\Roaming\com.efi.FierySoftwareManager
2014-12-12 09:08 - 2014-09-24 15:02 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\Fiery Software Manager
2014-12-12 09:07 - 2014-09-24 13:57 - 00000000 ___RD () C:\Users\Bowplus\Google Drive
2014-12-12 09:06 - 2014-06-17 08:28 - 00000000 __RDO () C:\Users\Bowplus\OneDrive
2014-12-12 09:06 - 2014-04-18 12:31 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-12 09:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-11 15:32 - 2014-03-25 20:26 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 15:16 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 14:38 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-11 13:28 - 2014-06-13 05:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-696741958-2862974563-846841340-1001
2014-12-11 13:20 - 2014-03-25 21:52 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 02:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:51 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-10 22:46 - 2014-06-17 20:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 22:45 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 22:45 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 22:45 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 17:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\spool
2014-12-10 09:32 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-10 09:30 - 2014-06-21 15:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:27 - 2014-06-21 15:19 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 14:00 - 2014-07-08 14:41 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-05 15:59 - 2014-09-24 17:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-04 09:16 - 2014-06-13 05:29 - 00000000 ____D () C:\Users\Bowplus
2014-12-03 15:56 - 2014-09-25 14:15 - 00003862 _____ () C:\Windows\efi_test.log
2014-12-03 15:38 - 2014-09-24 18:01 - 00026291 _____ () C:\Windows\efiinst.log
2014-12-03 15:38 - 2014-09-24 18:01 - 00000000 ____D () C:\Program Files (x86)\Fiery
2014-12-03 15:38 - 2014-09-24 17:57 - 00013447 _____ () C:\Windows\efimi.log
2014-12-03 15:38 - 2014-09-24 15:03 - 00000000 ___HD () C:\Fiery Software Manager
2014-12-03 15:38 - 2014-03-25 21:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-03 15:37 - 2014-09-24 18:08 - 00000330 _____ () C:\Windows\efifsw.log
2014-12-03 15:35 - 2014-09-24 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiery
2014-12-03 15:34 - 2014-09-25 14:44 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\EFI
2014-12-03 15:32 - 2014-09-24 18:04 - 00000401 _____ () C:\Windows\ODBCINST.INI
2014-12-03 15:30 - 2014-09-24 18:02 - 00000000 ____D () C:\ProgramData\Fiery Command WorkStation
2014-12-03 15:29 - 2014-09-24 18:01 - 00003364 _____ () C:\Windows\System32\Tasks\LINQ_wxWidgets
2014-12-03 15:29 - 2014-09-24 18:01 - 00000000 ____D () C:\ProgramData\efiLINQ
2014-12-03 15:28 - 2014-09-24 17:59 - 00045414 _____ () C:\Windows\aksdrvsetup.log
2014-12-03 15:28 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\setup
2014-12-03 14:59 - 2014-08-06 10:02 - 00022488 _____ () C:\Windows\PFRO.log
2014-12-03 14:04 - 2014-07-16 12:13 - 00000000 ____D () C:\Users\Bowplus\AppData\Temp
2014-12-03 14:02 - 2014-07-15 14:54 - 00000000 ____D () C:\ProgramData\BDLogging
2014-11-26 14:10 - 2013-08-22 08:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 14:10 - 2013-08-22 08:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 03:57 - 2014-09-15 11:35 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-14 07:51 - 2014-04-18 12:31 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 07:51 - 2014-04-18 12:31 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 09:30 - 2013-08-22 07:44 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 00:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-13 00:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-13 00:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-13 00:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-13 00:16 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-13 00:16 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 08:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-12 06:35 - 2014-07-15 14:54 - 01288472 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-11-12 05:50 - 2014-06-17 12:08 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\CrashDumps

Some content of TEMP:
====================
C:\Users\Bowplus\AppData\Local\Temp\eject1.exe
C:\Users\Bowplus\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Bowplus\AppData\Local\Temp\Offercast291_AVR4V7_.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-10 03:55

==================== End Of Log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by Bowplus at 2014-12-12 10:41:25
Running from C:\Users\Bowplus\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.12.0.958 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
EFI Flexera License Manager (remove only) (HKLM-x32\...\EFILM) (Version: 11.11.1.3 - EFI)
Fiery User Software-5.6.0.20 (HKLM-x32\...\{731B8125-5C8F-4422-BC5F-07A8CEE9538E}) (Version: 5.6.0.20 - Electronics For Imaging)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
hp LaserJet-all-in-one (HKLM-x32\...\hp LaserJet-all-in-one) (Version: - hp)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.710 - Oracle)
License Activation (remove only) (HKLM-x32\...\OFASQ) (Version: 1.2.0.9 - EFI)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

25-11-2014 19:42:22 Windows Update
03-12-2014 22:21:52 Installed Fiery User Software
05-12-2014 22:57:53 Installed Java 7 Update 71
10-12-2014 16:24:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-08-13 09:07 - 2014-08-13 09:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DCB0136-761A-487F-9E87-83547AA6E636} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {382F7027-46E3-4089-B04A-120821BDF455} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {4307FE6C-33DB-4725-A7A0-7127C3021633} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {5BD00B8C-019E-4B7F-BB0D-EEBC11EFD9F2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {5DD0D483-11B3-4B5D-AF8F-80ABCA676C6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {67C9D1B7-34FC-43AA-A80B-9DEE7D44C237} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7F3A173A-67F9-4BB4-9109-23F6EF60B47E} - System32\Tasks\Fiery Software Manager => C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe [2014-09-17] ()
Task: {8D631C81-2D37-4C4F-BD62-22CA733B3814} - System32\Tasks\{541AFE6F-1BA0-479B-AF40-F3C170A27D42} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
Task: {A055BEB8-7005-4D10-BA29-5A1E003D71FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4A943C2-3D3C-48E2-BAC8-A4C678A6E09E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {A7E6E291-9082-43AA-8AFB-D212AD9D06AA} - System32\Tasks\LINQ_wxWidgets => C:\ProgramData\efiLINQ\efiLINQ.exe [2014-09-03] (Electronics For Imaging, Inc.)
Task: {B6081EFB-F46A-47BB-ADC1-4C97B6954E53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {CA8A3DDD-F5C0-4086-BE7C-390D69B87919} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-04 12:03 - 2014-09-04 12:03 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-07-15 14:54 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-07-15 14:54 - 2014-07-11 16:30 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-07-15 14:54 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2014-07-25 12:34 - 2014-07-25 12:34 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpbr.mdl
2014-07-25 12:34 - 2014-07-25 12:34 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpdsp.mdl
2014-07-25 12:34 - 2014-07-25 12:34 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpph.mdl
2014-07-25 12:34 - 2014-07-25 12:34 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttprbl.mdl
2014-09-24 18:06 - 2014-12-03 15:36 - 02417856 _____ () C:\Program Files (x86)\EFI\OFASQ\ofaApp.exe
2014-12-03 15:35 - 2014-09-25 00:33 - 01021952 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\HF3MenuExt64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-12-03 15:35 - 2014-09-25 00:33 - 01118208 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\hotfolder.exe
2014-12-03 15:34 - 2014-09-11 20:53 - 00057344 _____ () C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe
2014-12-03 15:38 - 2014-09-17 01:41 - 04908104 _____ () C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe
2014-12-12 09:07 - 2014-09-17 01:37 - 04077344 _____ () C:\Users\Bowplus\AppData\Local\Temp\RarSFX14\FSM\Fiery Software Manager.exe
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-03 15:33 - 2009-02-17 11:19 - 00194048 _____ () C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\curllib.dll
2014-12-03 15:33 - 2003-10-24 00:27 - 00110592 _____ () C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\OpenLDAP.dll
2014-12-03 15:34 - 2014-09-11 20:53 - 00192512 _____ () C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\FolderMapping.dll
2014-09-24 18:06 - 2014-12-03 15:36 - 00663552 _____ () C:\Program Files (x86)\EFI\OFASQ\LIBEXPAT.dll
2014-04-18 11:58 - 2013-12-10 07:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-12 09:06 - 2014-12-12 09:06 - 00098816 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32api.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00110080 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\pywintypes27.dll
2014-12-12 09:06 - 2014-12-12 09:06 - 00364544 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\pythoncom27.dll
2014-12-12 09:06 - 2014-12-12 09:06 - 00045568 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\_socket.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 01160704 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\_ssl.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00320512 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32com.shell.shell.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00713216 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\_hashlib.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 01175040 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\wx._core_.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00805888 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\wx._gdi_.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00811008 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\wx._windows_.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 01062400 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\wx._controls_.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00735232 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\wx._misc_.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00128512 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\_elementtree.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00127488 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\pyexpat.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00557056 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\pysqlite2._sqlite.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00087552 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\_ctypes.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00119808 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32file.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00108544 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32security.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00007168 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\hashobjs_ext.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00167936 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32gui.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00018432 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32event.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00038912 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32inet.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00011264 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32crypt.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00070656 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\wx._html2.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00027136 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\_multiprocessing.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00035840 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32process.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00686080 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\unicodedata.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00122368 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\wx._wizard.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00024064 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32pipe.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00025600 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32pdh.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00525640 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\windows._lib_cacheinvalidation.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00010240 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\select.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00017408 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32profile.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00022528 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\win32ts.pyd
2014-12-12 09:06 - 2014-12-12 09:06 - 00078336 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI27842\wx._animate.pyd
2014-09-24 18:06 - 2014-09-08 11:39 - 00303104 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\1BITTIFF.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00442368 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\libeficsl.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00492544 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\libacsredux.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00305664 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\efi_basics.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00186368 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfwind.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00501248 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfeye.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00017408 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfgale.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00368128 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfblizzard.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00355840 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdftyphoon.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00016384 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfclouds.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00135168 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\LIBEXPAT.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00385024 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\CTLWtoPS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00294912 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\DCS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00483328 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\EPS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00286720 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\ExportPS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00253952 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\JDF.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00483328 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\JPEG.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00417792 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\MSOffice.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00344064 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\PDF.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00286720 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\PDF2GO.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00270336 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\PS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00528384 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\TIFF.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00413696 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\TIFFIT.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00286720 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\VDP.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00307200 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\XRX.fil
2014-11-26 03:57 - 2014-11-24 23:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 03:57 - 2014-11-24 23:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 03:57 - 2014-11-24 23:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 03:57 - 2014-11-24 23:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-12-12 09:07 - 2014-09-17 00:39 - 00413184 _____ () C:\Users\Bowplus\AppData\Local\Temp\RarSFX14\FSM\updater_lib\Win\GradInterface.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Bowplus\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Bowplus\Downloads\Support-LogMeInRescue(1).exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-696741958-2862974563-846841340-500 - Administrator - Disabled)
Bowplus (S-1-5-21-696741958-2862974563-846841340-1001 - Administrator - Enabled) => C:\Users\Bowplus
Guest (S-1-5-21-696741958-2862974563-846841340-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2014 03:02:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 364

Start Time: 01d0158d652750a2

Termination Time: 4294967295

Application Path: C:\Windows\syswow64\wwahost.exe

Report Id: 59437a41-8181-11e4-8287-f8a96316bafd

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/11/2014 01:19:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: CBSTOSH)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (12/10/2014 11:01:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmamain.exe version 1.5.0.41 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b94

Start Time: 01d014a334435bd9

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe

Report Id: 86d1cff3-8096-11e4-8283-f8a96316bafd

Faulting package full name: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp

Faulting package-relative application ID: App

Error: (12/10/2014 11:01:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CBSTOSH)
Description: App SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+App did not launch within its allotted time.

Error: (12/09/2014 02:21:14 PM) (Source: MsiInstaller) (EventID: 1024) (User: CBSTOSH)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2014 03:16:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0xc0000005
Fault offset: 0x000000000000193f
Faulting process id: 0x1084
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (12/04/2014 03:05:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000374
Fault offset: 0x00000000000f0d6c
Faulting process id: 0x81c
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

System errors:
=============
Error: (12/11/2014 02:48:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.

Error: (12/11/2014 02:41:27 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (12/11/2014 02:41:26 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/11/2014 02:40:18 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/11/2014 02:40:10 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/11/2014 02:40:05 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (12/11/2014 02:40:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/11/2014 02:40:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (12/11/2014 02:40:05 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (12/11/2014 02:40:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (12/11/2014 03:02:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703136401d0158d652750a24294967295C:\Windows\syswow64\wwahost.exe59437a41-8181-11e4-8287-f8a96316bafdMicrosoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/11/2014 01:19:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: CBSTOSH)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (12/10/2014 11:01:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mmamain.exe1.5.0.411b9401d014a334435bd94294967295C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe86d1cff3-8096-11e4-8283-f8a96316bafdSymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdpApp

Error: (12/10/2014 11:01:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CBSTOSH)
Description: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+App

Error: (12/09/2014 02:21:14 PM) (Source: MsiInstaller) (EventID: 1024) (User: CBSTOSH)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2014 03:16:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3msvcrt.dll7.0.9600.163845215f944c0000005000000000000193f108401d0100eb5a1b770C:\Windows\system32\svchost.exeC:\Windows\system32\msvcrt.dll23ea7ddb-7c03-11e4-8283-f8a96316bafd

Error: (12/04/2014 03:05:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c81c01d0100e4de4243bC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllb71b3884-7c01-11e4-8283-f8a96316bafd

==================== Memory info ===========================

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 28%
Total physical RAM: 6054.98 MB
Available physical RAM: 4325.61 MB
Total Pagefile: 7014.98 MB
Available Pagefile: 5236.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI10692000E) (Fixed) (Total:687.94 GB) (Free:588.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

#4
Spencer4134

Posted 12 December 2014 - 07:17 PM

Member

Topic Starter
Member
57 posts

I also will not have access to this computer again until Tuesday. So I'll be able to reply again then.

#5
Naathim

Posted 13 December 2014 - 07:44 AM

GeekU Minion

Expert
4,568 posts

No probs, we'll wait till Tuesday

#6
Spencer4134

Posted 16 December 2014 - 10:19 AM

Member

Topic Starter
Member
57 posts

Alright I'm back. So how do the logs look?

#7
Naathim

Posted 16 December 2014 - 10:27 AM

GeekU Minion

Expert
4,568 posts

First of all please post me a fresh set of logs

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

#8
Spencer4134

Posted 16 December 2014 - 10:47 AM

Member

Topic Starter
Member
57 posts

K I think i have an old Fixlist.txt somewhere on my computer, cause it said "New update found, please wait". Will this affect anything when I click scan?

Update: I tried running the old FRST that it created, and the same thing happened. Knowing that it always deletes a fixlist when it updates, I will assume this was an online update and will still run it.

Edited by Spencer4134, 16 December 2014 - 10:55 AM.

#9
Spencer4134

Posted 16 December 2014 - 11:00 AM

Member

Topic Starter
Member
57 posts

Here's the new logs:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Bowplus (administrator) on CBSTOSH on 16-12-2014 09:55:37
Running from C:\Users\Bowplus\Desktop
Loaded Profile: Bowplus (Available profiles: Bowplus)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Electronics for Imaging, Inc.) C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Electronics for Imaging, Inc.) C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
(Electronics for Imaging, Inc) C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe
(Electronics For Imaging) C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSMailboxSyncService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\EFI\OFASQ\ofaApp.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC) C:\Program Files (x86)\EFI\EFILM\lmgrd.exe
(Flexera Software LLC) C:\Program Files (x86)\EFI\EFILM\lmgrd.exe
(EFI Inc.) C:\Program Files (x86)\EFI\EFILM\EFI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
() C:\Program Files (x86)\Fiery\Applications3\HotFolder\hotfolder.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Bowplus\AppData\Local\Temp\RarSFX15\FSM\Fiery Software Manager.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1626752 2014-11-24] (Bitdefender)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [FRSSysTrayIcon] => C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe [57344 2014-09-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790344 2014-11-24] (Bitdefender)
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Run: [GoogleChromeAutoLaunch_531895E92825E8F79FA0C82707A227E6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\RunOnce: [Adobe Speed Launcher] => 1418579689
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Bowplus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hotfolder.exe - Shortcut.lnk
ShortcutTarget: hotfolder.exe - Shortcut.lnk -> C:\Program Files (x86)\Fiery\Applications3\HotFolder\hotfolder.exe ()
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-696741958-2862974563-846841340-1001 -> {2F436636-E538-4692-912F-207099FB0E90} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Bowplus\AppData\Roaming\Mozilla\Firefox\Profiles\far87mnr.default-1407361548559
FF DefaultSearchEngine: Google
FF Homepage: https://www.memotoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-15]
CHR Extension: (Google Docs) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-15]
CHR Extension: (Google Drive) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-15]
CHR Extension: (Google Search) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-15]
CHR Extension: (Google Sheets) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15]
CHR Extension: (Gmail) - C:\Users\Bowplus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15]
CHR HKU\S-1-5-21-696741958-2862974563-846841340-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-27] (Adobe Systems) [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-11-12] (Bitdefender)
R2 EFI ES1000; C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [11776 2009-10-19] (Electronics for Imaging, Inc.) [File not signed]
R2 EFI License Manager; C:\Program Files (x86)\EFI\EFILM\lmgrd.exe [1448752 2014-09-24] (Flexera Software LLC)
R2 Fiery Data Collector; C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe [503808 2014-09-25] (Electronics for Imaging, Inc) [File not signed]
R2 Fiery Mailbox Synchronization; C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSMailboxSyncService.exe [11264 2014-09-11] (Electronics For Imaging) [File not signed]
S3 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ofaApp; C:\Program Files (x86)\EFI\OFASQ\ofaApp.exe [2417856 2014-12-03] ()
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1527360 2014-11-24] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-11-12] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-11-12] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-11-19] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-12] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 09:55 - 2014-12-16 09:56 - 00028396 _____ () C:\Users\Bowplus\Desktop\FRST.txt
2014-12-12 12:19 - 2014-12-12 12:19 - 00000000 __SHD () C:\Users\Bowplus\AppData\Local\EmieBrowserModeList
2014-12-12 10:40 - 2014-12-16 09:55 - 00000000 ____D () C:\FRST
2014-12-12 10:39 - 2014-12-16 09:53 - 02119168 _____ (Farbar) C:\Users\Bowplus\Desktop\FRST64.exe
2014-12-11 16:31 - 2014-12-12 10:28 - 00006040 _____ () C:\Users\Bowplus\Desktop\Agent list for 4441nBedford.txt
2014-12-11 15:16 - 2014-12-12 18:29 - 00039936 _____ () C:\Windows\system32\umstartup.etl
2014-12-11 13:41 - 2014-12-11 13:53 - 00000434 _____ () C:\Users\Bowplus\Desktop\Buyer Agents Over $500k Names.txt
2014-12-10 17:39 - 2014-12-10 17:39 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-12-10 05:53 - 2014-11-09 19:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 05:53 - 2014-11-09 18:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 05:53 - 2014-10-30 16:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 05:53 - 2014-10-30 16:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 05:38 - 2014-11-06 21:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:38 - 2014-11-06 20:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:38 - 2014-10-31 16:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 05:38 - 2014-10-31 16:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 05:37 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 05:37 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 05:37 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 05:37 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 05:37 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 05:37 - 2014-10-12 19:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 05:37 - 2014-10-12 19:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 05:37 - 2014-10-12 19:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 05:37 - 2014-10-12 19:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 05:36 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 05:36 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 05:36 - 2014-11-21 19:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 05:36 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 05:36 - 2014-11-21 19:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 05:36 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 05:36 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 05:36 - 2014-11-21 19:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 05:36 - 2014-11-21 19:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 05:36 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 05:36 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 05:36 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 05:36 - 2014-11-21 18:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 05:36 - 2014-11-21 18:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 05:36 - 2014-11-21 18:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 05:36 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 05:36 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 05:36 - 2014-11-21 18:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 05:36 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 05:36 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 05:36 - 2014-11-21 18:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 05:36 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 05:36 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 05:36 - 2014-11-21 18:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 05:36 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 05:36 - 2014-11-21 18:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 05:36 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 05:36 - 2014-11-21 18:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 05:36 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 05:36 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 05:36 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 05:36 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 05:36 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 05:36 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 15:44 - 2014-12-09 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 15:25 - 2014-12-09 15:25 - 01037026 _____ () C:\Users\Bowplus\Downloads\RE-BuyerAgentsOver$500k.avery
2014-12-09 15:19 - 2014-12-09 15:19 - 00988028 _____ () C:\Users\Bowplus\Desktop\RE-BuyerAgentsOver$500k.avery
2014-12-09 15:04 - 2014-12-09 15:04 - 00010986 _____ () C:\Users\Bowplus\Downloads\google(1).csv
2014-12-09 15:00 - 2014-12-09 15:00 - 00010986 _____ () C:\Users\Bowplus\Downloads\google.csv
2014-12-09 14:53 - 2014-12-09 14:53 - 00011160 _____ () C:\Users\Bowplus\Downloads\contacts.csv
2014-12-09 14:38 - 2014-12-09 14:38 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\DesktopDPO-d00b9882479ed9b4899926f5c7e44f49
2014-12-09 14:37 - 2014-12-09 14:37 - 00001914 _____ () C:\Users\Public\Desktop\Design&Print.lnk
2014-12-09 14:37 - 2014-12-09 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Products
2014-12-09 14:34 - 2014-12-09 14:37 - 00000000 ____D () C:\Program Files (x86)\Design&Print
2014-12-05 15:59 - 2014-12-05 15:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-05 15:59 - 2014-12-05 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-05 15:59 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-05 15:59 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-05 15:59 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-05 15:59 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-05 15:58 - 2014-12-05 15:59 - 00006753 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-05 15:55 - 2014-12-05 15:55 - 00000000 ____D () C:\Users\Bowplus\Downloads\Documents\Impose
2014-12-04 16:36 - 2014-12-04 16:36 - 00000000 ____D () C:\Users\Bowplus\Downloads\Attachments_2014124(1)
2014-12-04 16:36 - 2014-12-04 16:36 - 00000000 ____D () C:\Users\Bowplus\Downloads\Attachments_2014124
2014-12-04 16:33 - 2014-12-04 16:33 - 00137337 _____ () C:\Users\Bowplus\Downloads\Attachments_2014124(1).zip
2014-12-04 16:32 - 2014-12-04 16:32 - 00184695 _____ () C:\Users\Bowplus\Downloads\Attachments_2014124.zip
2014-12-03 17:38 - 2014-12-04 13:02 - 00004891 _____ () C:\Users\Bowplus\Desktop\Foreclosures 14-12-3.txt
2014-12-03 15:37 - 2013-12-04 22:50 - 00000253 _____ () C:\Windows\UnInsDBP30.iss
2014-12-03 15:35 - 2014-12-12 09:19 - 00006345 _____ () C:\Users\Bowplus\Desktop\Buyer Agents.txt
2014-12-03 15:35 - 2014-12-03 15:35 - 00002180 _____ () C:\Users\Public\Desktop\Fiery Hot Folders.lnk
2014-12-03 15:35 - 2014-12-03 15:35 - 00000000 _____ () C:\Windows\hf_install.done
2014-12-03 15:35 - 2014-05-08 12:33 - 00000261 _____ () C:\Windows\UnInsHF30.iss
2014-12-03 15:34 - 2014-12-05 15:39 - 00000000 ____D () C:\Users\Bowplus\AppData\Local\hotfolder
2014-12-03 15:34 - 2014-12-03 15:34 - 00002539 _____ () C:\Users\Public\Desktop\Fiery Command WorkStation 5.lnk
2014-12-03 15:34 - 2014-12-03 15:34 - 00000000 ____D () C:\ProgramData\Fiery Remote Scan
2014-12-03 15:34 - 2014-12-03 15:34 - 00000000 _____ () C:\Windows\cws_install.done
2014-12-03 15:34 - 2014-05-08 13:03 - 00000261 _____ () C:\Windows\UnIFRS56.ISS
2014-12-03 15:34 - 2013-09-26 10:37 - 00000263 _____ () C:\Windows\UnInCWS50.ISS
2014-12-03 15:32 - 2014-12-03 15:32 - 00274432 _____ (IBPhoenix Inc.) C:\Windows\SysWOW64\IscDbc.dll
2014-12-03 15:32 - 2014-12-03 15:32 - 00262144 _____ (IBPhoenix Inc) C:\Windows\SysWOW64\OdbcJdbcMT.dll
2014-12-03 15:32 - 2014-12-03 15:32 - 00253952 _____ (IBPhoenix Inc) C:\Windows\SysWOW64\OdbcJdbc.dll
2014-12-03 15:32 - 2014-12-03 15:32 - 00155648 _____ (IBPhoenix Inc.) C:\Windows\SysWOW64\OdbcJdbcSetup.dll
2014-12-03 15:32 - 2014-12-03 15:32 - 00000000 ____D () C:\ProgramData\Image Enhance Visual Editor
2014-12-03 15:32 - 2013-05-03 16:44 - 00000385 _____ () C:\Windows\UnInsIV30.iss
2014-12-03 15:32 - 2013-05-02 10:46 - 00000271 _____ () C:\Windows\UnInIEVE.iss
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-12-03 15:30 - 2009-12-08 15:58 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1io2_x64.sys
2014-12-03 15:30 - 2009-12-08 15:58 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1_x64.sys
2014-12-03 15:30 - 2009-12-08 15:58 - 00007808 _____ (GretagMacbeth LLC) C:\Windows\system32\Drivers\i1display_x64.sys
2014-12-03 15:30 - 2007-03-29 18:36 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1iSis_x64.sys
2014-12-03 15:29 - 2013-05-01 22:37 - 00000255 _____ () C:\Windows\UnInsHar30_CXP.ISS
2014-12-03 15:28 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe
2014-12-03 15:28 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe
2014-12-03 15:28 - 2013-08-01 15:11 - 00331328 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys
2014-12-03 15:28 - 2013-08-01 15:11 - 00198088 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2014-12-03 15:28 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys
2014-12-03 15:28 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys
2014-12-03 15:27 - 2013-05-01 22:37 - 00001065 ____N () C:\Windows\del_har.bat
2014-12-03 15:26 - 2014-12-03 15:26 - 00000469 _____ () C:\Windows\del_hf_dll.bat
2014-12-03 15:25 - 2014-12-03 15:27 - 00000176 _____ () C:\Windows\setup.log
2014-12-03 15:23 - 2014-12-03 15:37 - 00001622 _____ () C:\Windows\efiswupdater.log
2014-11-19 10:16 - 2014-11-09 16:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:16 - 2014-11-09 16:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:16 - 2014-11-09 16:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:16 - 2014-11-09 16:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 09:56 - 2014-04-18 12:31 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 09:09 - 2014-07-08 13:05 - 01903089 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 09:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-16 09:00 - 2014-07-08 14:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 07:56 - 2014-04-18 12:31 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 13:10 - 2014-06-13 05:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-696741958-2862974563-846841340-1001
2014-12-15 10:55 - 2014-09-24 15:02 - 00000257 _____ () C:\Users\Bowplus\AppData\Roaming\com.efi.FierySoftwareManager
2014-12-15 10:55 - 2014-09-24 15:02 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\Fiery Software Manager
2014-12-15 05:53 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-14 10:55 - 2014-09-24 13:57 - 00000000 ___RD () C:\Users\Bowplus\Google Drive
2014-12-14 10:54 - 2014-06-17 08:28 - 00000000 __RDO () C:\Users\Bowplus\OneDrive
2014-12-14 10:12 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 18:29 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-12 14:56 - 2014-09-15 11:35 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 15:32 - 2014-03-25 20:26 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 13:20 - 2014-03-25 21:52 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 02:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:51 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-10 22:46 - 2014-06-17 20:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 22:45 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 22:45 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 22:45 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 17:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\spool
2014-12-10 09:32 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-10 09:30 - 2014-06-21 15:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:27 - 2014-06-21 15:19 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 14:00 - 2014-07-08 14:41 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-05 15:59 - 2014-09-24 17:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-04 09:16 - 2014-06-13 05:29 - 00000000 ____D () C:\Users\Bowplus
2014-12-03 15:56 - 2014-09-25 14:15 - 00003862 _____ () C:\Windows\efi_test.log
2014-12-03 15:38 - 2014-09-24 18:01 - 00026291 _____ () C:\Windows\efiinst.log
2014-12-03 15:38 - 2014-09-24 18:01 - 00000000 ____D () C:\Program Files (x86)\Fiery
2014-12-03 15:38 - 2014-09-24 17:57 - 00013447 _____ () C:\Windows\efimi.log
2014-12-03 15:38 - 2014-09-24 15:03 - 00000000 ___HD () C:\Fiery Software Manager
2014-12-03 15:38 - 2014-03-25 21:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-03 15:37 - 2014-09-24 18:08 - 00000330 _____ () C:\Windows\efifsw.log
2014-12-03 15:35 - 2014-09-24 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiery
2014-12-03 15:34 - 2014-09-25 14:44 - 00000000 ____D () C:\Users\Bowplus\AppData\Roaming\EFI
2014-12-03 15:32 - 2014-09-24 18:04 - 00000401 _____ () C:\Windows\ODBCINST.INI
2014-12-03 15:30 - 2014-09-24 18:02 - 00000000 ____D () C:\ProgramData\Fiery Command WorkStation
2014-12-03 15:29 - 2014-09-24 18:01 - 00003364 _____ () C:\Windows\System32\Tasks\LINQ_wxWidgets
2014-12-03 15:29 - 2014-09-24 18:01 - 00000000 ____D () C:\ProgramData\efiLINQ
2014-12-03 15:28 - 2014-09-24 17:59 - 00045414 _____ () C:\Windows\aksdrvsetup.log
2014-12-03 15:28 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\setup
2014-12-03 14:59 - 2014-08-06 10:02 - 00022488 _____ () C:\Windows\PFRO.log
2014-12-03 14:04 - 2014-07-16 12:13 - 00000000 ____D () C:\Users\Bowplus\AppData\Temp
2014-12-03 14:02 - 2014-07-15 14:54 - 00000000 ____D () C:\ProgramData\BDLogging
2014-11-26 14:10 - 2013-08-22 08:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 14:10 - 2013-08-22 08:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Bowplus\AppData\Local\Temp\eject1.exe
C:\Users\Bowplus\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Bowplus\AppData\Local\Temp\Offercast291_AVR4V7_.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-10 03:55

==================== End Of Log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Bowplus at 2014-12-16 09:56:35
Running from C:\Users\Bowplus\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.12.0.958 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
EFI Flexera License Manager (remove only) (HKLM-x32\...\EFILM) (Version: 11.11.1.3 - EFI)
Fiery User Software-5.6.0.20 (HKLM-x32\...\{731B8125-5C8F-4422-BC5F-07A8CEE9538E}) (Version: 5.6.0.20 - Electronics For Imaging)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
hp LaserJet-all-in-one (HKLM-x32\...\hp LaserJet-all-in-one) (Version: - hp)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.710 - Oracle)
License Activation (remove only) (HKLM-x32\...\OFASQ) (Version: 1.2.0.9 - EFI)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

25-11-2014 19:42:22 Windows Update
03-12-2014 22:21:52 Installed Fiery User Software
05-12-2014 22:57:53 Installed Java 7 Update 71
10-12-2014 16:24:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-08-13 09:07 - 2014-08-13 09:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DCB0136-761A-487F-9E87-83547AA6E636} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {4307FE6C-33DB-4725-A7A0-7127C3021633} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {48381A3D-F665-4C5C-9DB8-45F6B4F6AF14} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {5BD00B8C-019E-4B7F-BB0D-EEBC11EFD9F2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {5DD0D483-11B3-4B5D-AF8F-80ABCA676C6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {67C9D1B7-34FC-43AA-A80B-9DEE7D44C237} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7F3A173A-67F9-4BB4-9109-23F6EF60B47E} - System32\Tasks\Fiery Software Manager => C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe [2014-09-17] ()
Task: {8D631C81-2D37-4C4F-BD62-22CA733B3814} - System32\Tasks\{541AFE6F-1BA0-479B-AF40-F3C170A27D42} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
Task: {A055BEB8-7005-4D10-BA29-5A1E003D71FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4A943C2-3D3C-48E2-BAC8-A4C678A6E09E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {A7E6E291-9082-43AA-8AFB-D212AD9D06AA} - System32\Tasks\LINQ_wxWidgets => C:\ProgramData\efiLINQ\efiLINQ.exe [2014-09-03] (Electronics For Imaging, Inc.)
Task: {B6081EFB-F46A-47BB-ADC1-4C97B6954E53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {CA8A3DDD-F5C0-4086-BE7C-390D69B87919} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-04 12:03 - 2014-09-04 12:03 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-07-15 14:54 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-07-15 14:54 - 2014-07-11 16:30 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-07-15 14:54 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2014-07-25 12:34 - 2014-07-25 12:34 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpbr.mdl
2014-07-25 12:34 - 2014-07-25 12:34 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpdsp.mdl
2014-07-25 12:34 - 2014-07-25 12:34 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpph.mdl
2014-07-25 12:34 - 2014-07-25 12:34 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttprbl.mdl
2014-09-24 18:06 - 2014-12-03 15:36 - 02417856 _____ () C:\Program Files (x86)\EFI\OFASQ\ofaApp.exe
2014-12-03 15:35 - 2014-09-25 00:33 - 01021952 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\HF3MenuExt64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-12-03 15:35 - 2014-09-25 00:33 - 01118208 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\hotfolder.exe
2014-12-03 15:34 - 2014-09-11 20:53 - 00057344 _____ () C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe
2014-12-03 15:38 - 2014-09-17 01:41 - 04908104 _____ () C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe
2014-12-14 10:55 - 2014-09-17 01:37 - 04077344 _____ () C:\Users\Bowplus\AppData\Local\Temp\RarSFX15\FSM\Fiery Software Manager.exe
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-03 15:33 - 2009-02-17 11:19 - 00194048 _____ () C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\curllib.dll
2014-12-03 15:33 - 2003-10-24 00:27 - 00110592 _____ () C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\OpenLDAP.dll
2014-12-03 15:34 - 2014-09-11 20:53 - 00192512 _____ () C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\FolderMapping.dll
2014-09-24 18:06 - 2014-12-03 15:36 - 00663552 _____ () C:\Program Files (x86)\EFI\OFASQ\LIBEXPAT.dll
2014-04-18 11:58 - 2013-12-10 07:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-14 10:54 - 2014-12-14 10:54 - 00098816 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32api.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00110080 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\pywintypes27.dll
2014-12-14 10:54 - 2014-12-14 10:54 - 00364544 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\pythoncom27.dll
2014-12-14 10:54 - 2014-12-14 10:54 - 00045568 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\_socket.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 01160704 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\_ssl.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00320512 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32com.shell.shell.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00713216 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\_hashlib.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 01175040 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\wx._core_.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00805888 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\wx._gdi_.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00811008 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\wx._windows_.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 01062400 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\wx._controls_.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00735232 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\wx._misc_.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00128512 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\_elementtree.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00127488 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\pyexpat.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00557056 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\pysqlite2._sqlite.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00087552 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\_ctypes.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00119808 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32file.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00108544 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32security.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00007168 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\hashobjs_ext.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00167936 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32gui.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00018432 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32event.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00038912 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32inet.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00011264 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32crypt.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00070656 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\wx._html2.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00027136 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\_multiprocessing.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00035840 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32process.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00686080 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\unicodedata.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00122368 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\wx._wizard.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00024064 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32pipe.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00025600 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32pdh.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00525640 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\windows._lib_cacheinvalidation.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00010240 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\select.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00017408 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32profile.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00022528 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\win32ts.pyd
2014-12-14 10:54 - 2014-12-14 10:54 - 00078336 _____ () C:\Users\Bowplus\AppData\Local\Temp\_MEI44682\wx._animate.pyd
2014-09-24 18:06 - 2014-09-08 11:39 - 00303104 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\1BITTIFF.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00442368 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\libeficsl.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00492544 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\libacsredux.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00305664 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\efi_basics.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00186368 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfwind.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00501248 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfeye.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00017408 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfgale.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00368128 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfblizzard.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00355840 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdftyphoon.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00016384 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\pdfclouds.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00135168 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\LIBEXPAT.dll
2014-09-24 18:06 - 2014-09-08 11:39 - 00385024 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\CTLWtoPS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00294912 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\DCS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00483328 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\EPS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00286720 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\ExportPS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00253952 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\JDF.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00483328 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\JPEG.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00417792 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\MSOffice.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00344064 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\PDF.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00286720 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\PDF2GO.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00270336 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\PS.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00528384 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\TIFF.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00413696 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\TIFFIT.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00286720 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\VDP.fil
2014-09-24 18:06 - 2014-09-08 11:39 - 00307200 _____ () C:\Program Files (x86)\Fiery\Applications3\HotFolder\XRX.fil
2014-12-12 14:56 - 2014-12-05 18:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 14:56 - 2014-12-05 18:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 14:56 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 14:56 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-14 10:55 - 2014-09-17 00:39 - 00413184 _____ () C:\Users\Bowplus\AppData\Local\Temp\RarSFX15\FSM\updater_lib\Win\GradInterface.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Bowplus\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Bowplus\Downloads\Support-LogMeInRescue(1).exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-696741958-2862974563-846841340-500 - Administrator - Disabled)
Bowplus (S-1-5-21-696741958-2862974563-846841340-1001 - Administrator - Enabled) => C:\Users\Bowplus
Guest (S-1-5-21-696741958-2862974563-846841340-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2014 03:02:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 364

Start Time: 01d0158d652750a2

Termination Time: 4294967295

Application Path: C:\Windows\syswow64\wwahost.exe

Report Id: 59437a41-8181-11e4-8287-f8a96316bafd

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/11/2014 01:19:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: CBSTOSH)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (12/10/2014 11:01:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmamain.exe version 1.5.0.41 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b94

Start Time: 01d014a334435bd9

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe

Report Id: 86d1cff3-8096-11e4-8283-f8a96316bafd

Faulting package full name: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp

Faulting package-relative application ID: App

Error: (12/10/2014 11:01:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CBSTOSH)
Description: App SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+App did not launch within its allotted time.

Error: (12/09/2014 02:21:14 PM) (Source: MsiInstaller) (EventID: 1024) (User: CBSTOSH)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2014 03:16:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0xc0000005
Fault offset: 0x000000000000193f
Faulting process id: 0x1084
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (12/04/2014 03:05:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000374
Fault offset: 0x00000000000f0d6c
Faulting process id: 0x81c
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

System errors:
=============
Error: (12/14/2014 10:12:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (12/11/2014 02:48:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.

Error: (12/11/2014 02:41:27 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (12/11/2014 02:41:26 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/11/2014 02:40:18 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/11/2014 02:40:10 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/11/2014 02:40:05 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (12/11/2014 02:40:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/11/2014 02:40:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (12/11/2014 02:40:05 PM) (Source: DCOM) (EventID: 10005) (User: CBSTOSH)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Microsoft Office Sessions:
=========================
Error: (12/11/2014 03:02:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703136401d0158d652750a24294967295C:\Windows\syswow64\wwahost.exe59437a41-8181-11e4-8287-f8a96316bafdMicrosoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/11/2014 01:19:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: CBSTOSH)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (12/10/2014 11:01:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mmamain.exe1.5.0.411b9401d014a334435bd94294967295C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe86d1cff3-8096-11e4-8283-f8a96316bafdSymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdpApp

Error: (12/10/2014 11:01:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CBSTOSH)
Description: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+App

Error: (12/09/2014 02:21:14 PM) (Source: MsiInstaller) (EventID: 1024) (User: CBSTOSH)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (12/05/2014 05:14:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2014 03:16:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3msvcrt.dll7.0.9600.163845215f944c0000005000000000000193f108401d0100eb5a1b770C:\Windows\system32\svchost.exeC:\Windows\system32\msvcrt.dll23ea7ddb-7c03-11e4-8283-f8a96316bafd

Error: (12/04/2014 03:05:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c81c01d0100e4de4243bC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllb71b3884-7c01-11e4-8283-f8a96316bafd

==================== Memory info ===========================

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 42%
Total physical RAM: 6054.98 MB
Available physical RAM: 3490.02 MB
Total Pagefile: 7014.98 MB
Available Pagefile: 5012.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (TI10692000E) (Fixed) (Total:687.94 GB) (Free:588.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

#10
Naathim

Posted 16 December 2014 - 11:58 AM

GeekU Minion

Expert
4,568 posts

There's a number of strange policies here. Is it a corporate computer?

#11
Spencer4134

Posted 16 December 2014 - 01:47 PM

Member

Topic Starter
Member
57 posts

It's my boss's computer, if that's what you mean. He has asked me to fix it.

#12
Naathim

Posted 17 December 2014 - 03:11 AM

GeekU Minion

Expert
4,568 posts

Alright.

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
The program will begin to update the database (if internet connection is operational). Please wait a little bit.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

#13
Spencer4134

Posted 17 December 2014 - 06:51 PM

Member

Topic Starter
Member
57 posts

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Bowplus on Wed 12/17/2014 at 16:18:21.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Bowplus\AppData\Roaming\mozilla\firefox\profiles\far87mnr.default-1407361548559\minidumps [8 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/17/2014 at 16:21:59.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWCleaner:

# AdwCleaner v4.105 - Report created 17/12/2014 at 17:42:45
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Bowplus - CBSTOSH
# Running from : C:\Users\Bowplus\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Bowplus\AppData\Local\CrashRpt

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.95

*************************

AdwCleaner[R0].txt - [1318 octets] - [17/12/2014 16:39:56]
AdwCleaner[S0].txt - [1239 octets] - [17/12/2014 17:42:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1299 octets] ##########

#14
Naathim

Posted 18 December 2014 - 04:50 AM

GeekU Minion

Expert
4,568 posts

OK. Moving on

Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on randomly named icon and select Run as Administrator to start the tool.
It is very important that you do not use your computer while Gmer is running!
Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

Please check in the Quick scan box.
Please uncheck the IAT/EAT and Show All.
Click Scan.
If you see a rootkit warning window click OK.
When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

If you encounter any problems, try running GMER in Safe Mode.

If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

#15
Spencer4134

Posted 18 December 2014 - 06:12 PM

Member

Topic Starter
Member
57 posts

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-12-18 10:28:07
Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\0000002c TOSHIBA_MQ01ABD075 rev.AX0A4M 698.64GB
Running: jjvqgcqk.exe; Driver: C:\Users\Bowplus\AppData\Local\Temp\fwddqpow.sys

---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 960                                                                       fffff8024cdcbf00 4 bytes [40, 01, A8, FF]
.text   C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 965                                                                       fffff8024cdcbf05 87 bytes [C4, 66, 03, C0, 88, B4, 04, ...]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\Explorer.EXE[396] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 714                                               00007ffab7ae154a 4 bytes [AE, B7, FA, 7F]
.text   C:\Windows\Explorer.EXE[396] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 722                                               00007ffab7ae1552 4 bytes [AE, B7, FA, 7F]
.text   C:\Windows\Explorer.EXE[396] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98                                              00007ffab7ae162a 4 bytes [AE, B7, FA, 7F]
.text   C:\Windows\Explorer.EXE[396] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122                                             00007ffab7ae1642 4 bytes [AE, B7, FA, 7F]
.text   C:\Windows\Explorer.EXE[396] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                           00007ffabcc8169a 4 bytes [C8, BC, FA, 7F]
.text   C:\Windows\Explorer.EXE[396] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                           00007ffabcc816a2 4 bytes [C8, BC, FA, 7F]
.text   C:\Windows\Explorer.EXE[396] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                              00007ffabcc8181a 4 bytes [C8, BC, FA, 7F]
.text   C:\Windows\Explorer.EXE[396] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                              00007ffabcc81832 4 bytes [C8, BC, FA, 7F]
.text   C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess               00007ffabdac1930 6 bytes [48, B8, 30, 08, 30, 02]
.text   C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8           00007ffabdac1938 4 bytes [00, 00, 50, C3]
.text   C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007ffabb38d48d 5 bytes [B8, 30, 08, 77, 02]
.text   C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007ffabb38d493 5 bytes [00, 00, 00, 50, C3]
.text   C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506         00007ffabcc8169a 4 bytes [C8, BC, FA, 7F]
.text   C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514         00007ffabcc816a2 4 bytes [C8, BC, FA, 7F]
.text   C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118            00007ffabcc8181a 4 bytes [C8, BC, FA, 7F]
.text   C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142            00007ffabcc81832 4 bytes [C8, BC, FA, 7F]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [484:496]                                                                                       fffff960009a8b90
Thread   [1432:1440]                                                                                                                  00007ffab3d69420
Thread   [1432:1444]                                                                                                                  00007ffabda647e0
Thread   [1432:1452]                                                                                                                  00007ffabc9f0310
Thread   [1432:1464]                                                                                                                  00007ffab75431a0
Thread   [1432:1528]                                                                                                                  00007ffab3776730
Thread   [1432:1532]                                                                                                                  0000000180014020
Thread   [1432:1536]                                                                                                                  0000000180014020
Thread   [1432:1540]                                                                                                                  00000001800139c0
Thread   [1432:1544]                                                                                                                  0000000180010b90
Thread   [1432:1548]                                                                                                                  00007ffab394daf0
Thread   [1432:1552]                                                                                                                  00007ffab394db00
Thread   [1432:1556]                                                                                                                  00007ffab394db00
Thread   [1432:1560]                                                                                                                  00007ffab394db00
Thread   [1432:1564]                                                                                                                  00007ffab394db00
Thread   [1432:1568]                                                                                                                  00007ffab394db40
Thread   [1432:1800]                                                                                                                  00007ffab3571c80
Thread   [1432:1804]                                                                                                                  00007ffabc9f0310
Thread   [1432:1808]                                                                                                                  00007ffab0e18320
Thread   [1432:1356]                                                                                                                  00007ffabda647e0
Thread   [1432:1428]                                                                                                                  00007ffab7554420

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                         unknown MBR code

---- EOF - GMER 2.1 ----