1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't boot laptop! TVALZ_O.sys corrupt.

Discussion in 'Virus & Other Malware Removal' started by Wimalaya, Feb 15, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Wimalaya

    Wimalaya Thread Starter

    Joined:
    Dec 22, 2011
    Messages:
    199
    Hi,

    Made a little mistake yesterday, i was tired and i propably deleted a driver file called TVALZ_O.sys with Adwcleaner.

    How it happend:
    There was an update for FileMenuTools, made the update and accidentaly installed some bloatware called "SeachProtect".
    Noticed it just too late and immediatly i ran Adwcleaner, during the scan Norton360 noticed the file, i hit "fix" and Norton freezed.
    Adwcleaner continued the scan, checked the list but i guess i overlooked the driver file and cleaned it.
    On reboot it didn't want to boot anymore.

    Startup Repair started automatically on reboot ,saying: Root cause found: Boot critical file D:\windows\system32\DRIVERS\TVALZ_O.sys is corrupt.
    Safe Mode doesn't work. Startup Repair doesn't work. Or anything else...
    When trying System Recovery Options it says, "The user name or password is incorrect."

    Some help/advice is very appreciated!

    concerned laptop:

    Toshiba Satellite, Win7 Ultimate
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Do you have access to another Windows 7 Computer?
     
  3. Wimalaya

    Wimalaya Thread Starter

    Joined:
    Dec 22, 2011
    Messages:
    199
    Yes, currently using a friends HP Pavillion g7 with an almost broken fan, i hope lasts till mine is fixed,
    Windows 7 Home Premium 64-bit SP1 is installed on this one
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Create a Windows 7 System Repair Disc

    Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

    • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    • Allow the UAC(User Account Control) prompt via selecting Yes.
    • You should now see a menu like the below:-
    [​IMG]

    • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
    • Note: If a AutoPlay window pops up, just close it.
    • When the SRD has been created you will see the below:-
    [​IMG]

    • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
    • You now have a Windows 7 System Repair Disc.

    Boot the ailing computer with this CD and see if you can reach the Command Prompt.
     
  5. Wimalaya

    Wimalaya Thread Starter

    Joined:
    Dec 22, 2011
    Messages:
    199
    i don't have a CD to burn it, how do i put it on USB, i guess thats possible right..

    thanks for your assistance btw
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    The program wont create a bootable USB drive. For that you will need an .iso file. Forums rules also wont permit us to use something you do not own.

    Do you have the Windows 7 installation CD?
     
  7. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    We can also wait until you are able to buy a CD.
     
  8. Wimalaya

    Wimalaya Thread Starter

    Joined:
    Dec 22, 2011
    Messages:
    199
    will i loose my data on the C drive from using the repair option on the installation CD?
     
  9. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    No. Only if a full recovery is selected.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    • On the System Recovery Options menu you will get the following options:
      • Startup Repair
      • System Restore
      • Windows Complete PC Restore
      • Windows Memory Diagnostic Tool
      • Command Prompt
    • Select Command Prompt
     
  10. Wimalaya

    Wimalaya Thread Starter

    Joined:
    Dec 22, 2011
    Messages:
    199
    this step was not there:
    • Select your user account and click Next.

    but there it is, the Command Prompt, saying "X:\sources>"

    what to type?
     
  11. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Now that we can reach the command prompt, follow these steps:

    Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case should be FRST64 as it is 64 bits

    Plug the flash drive into the infected PC.

    Bring the computer to a command prompt.

    Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  12. Wimalaya

    Wimalaya Thread Starter

    Joined:
    Dec 22, 2011
    Messages:
    199
    i cant find ":" on the keyboard... its reversed to querty instead of azerty

    chaged language and working..
     
  13. Wimalaya

    Wimalaya Thread Starter

    Joined:
    Dec 22, 2011
    Messages:
    199
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
    Ran by SYSTEM on MININT-TST49BF on 15-02-2015 22:16:33
    Running from I:\
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
    HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2014-11-19] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-02] (Realtek Semiconductor)
    HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
    HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391200 2015-02-03] (Mister Group)
    HKLM\...\Policies\Explorer\Run: [BootRacer] => C:\Program Files (x86)\BootRacer\Bootrace.exe [3843344 2014-04-23] ( (Greatis Software))
    HKU\Flaptop\...\Policies\system: [LogonHoursAction] 2
    HKU\Flaptop\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Toshiba\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275768 2015-01-25] (New Softwares.net)
    HKU\Toshiba\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-12-17] (Siber Systems)
    HKU\Toshiba\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.exe [330040 2015-01-25] ( New Softwares.net)
    HKU\Toshiba\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2015-01-13] (Tonec Inc.)
    HKU\Toshiba\...\Run: [f.lux] => C:\Users\Toshiba\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\Toshiba\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S7].txt [6036 2015-02-14] ()
    HKU\Toshiba\...\Policies\system: [LogonHoursAction] 2
    HKU\Toshiba\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Toshiba\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
    Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
    ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
    GroupPolicyUsers\S-1-5-21-4129005498-1034515319-3164933128-1001\User: Group Policy restriction detected <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [65296 2014-04-30] (Greatis Software, LLC)
    S2 FLService; C:\Windows\SysWow64\WinFLService.exe [92984 2015-01-25] (New Softwares.net)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
    S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
    S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
    S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
    S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-14] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
    S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-17] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-17] (Symantec Corporation)
    S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-03] (Symantec Corporation)
    S3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20150213.019\ENG64.SYS [129752 2015-02-03] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20150213.019\EX64.SYS [2137304 2015-02-03] (Symantec Corporation)
    S2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2014-08-15] ()
    S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-21] (Corel Corporation)
    S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane_vista.sys [3048152 2014-04-01] (Realtek Semiconductor Corporation )
    S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [178176 2014-12-19] (Sandboxie Holdings, LLC)
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-11] (Duplex Secure Ltd.)
    S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    S0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
    S0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-17] (Symantec Corporation)
    S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-08-06] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
    S3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-27] ()
    S1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [36472 2015-01-25] ()
    S2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2014-08-15] (NewSoftwares.net, Inc.)
    S3 SIVDriver; \??\C:\Windows\system32\Drivers\SIVX64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-15 22:16 - 2015-02-15 22:16 - 00000000 ____D () C:\FRST
    2015-02-14 14:55 - 2015-02-14 14:55 - 00003508 _____ () C:\Windows\System32\Tasks\avaxvyxvyhc
    2015-02-14 14:54 - 2015-02-14 14:55 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\avaxvyxvyhc
    2015-02-14 14:44 - 2015-02-14 14:44 - 00003506 _____ () C:\Windows\System32\Tasks\avaxvyxvyha
    2015-02-14 14:43 - 2015-02-14 14:43 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\avaxvyxvyha
    2015-02-14 14:41 - 2015-02-14 15:24 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\SearchProtect
    2015-02-14 13:45 - 2015-02-14 13:45 - 00023465 _____ () C:\Users\Toshiba\Downloads\Skarazula - Litha - 2011 (WEB - FLAC - Lossless).torrent
    2015-02-14 13:45 - 2015-02-14 13:45 - 00023150 _____ () C:\Users\Toshiba\Downloads\Skarazula - Ostara - 2011 (WEB - FLAC - Lossless).torrent
    2015-02-14 13:11 - 2015-02-14 13:11 - 00013437 _____ () C:\Users\Toshiba\Downloads\Hair Loss Protocol - Rebuild Hair Program.torrent
    2015-02-14 12:32 - 2015-02-14 12:32 - 00060016 _____ () C:\Users\Toshiba\Documents\ClipMate7_DB_My Clips_2015-02-14_2132.ZIP
    2015-02-11 21:10 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
    2015-02-11 21:10 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2015-02-11 21:10 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-11 21:10 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-11 03:19 - 2015-02-03 19:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
    2015-02-11 03:19 - 2015-02-03 19:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
    2015-02-11 03:19 - 2015-02-03 19:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
    2015-02-11 03:19 - 2015-02-03 19:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
    2015-02-11 03:19 - 2015-02-03 19:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
    2015-02-11 03:19 - 2015-02-03 19:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
    2015-02-11 03:19 - 2015-02-03 19:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
    2015-02-11 03:19 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
    2015-02-11 03:19 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2015-02-11 03:19 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-11 03:19 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2015-02-11 03:19 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
    2015-02-11 03:19 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2015-02-11 03:19 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2015-02-11 03:19 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
    2015-02-11 03:19 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2015-02-11 03:19 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
    2015-02-11 03:19 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 03:19 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-02-11 03:19 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 03:19 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-02-11 03:19 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-11 03:19 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-11 03:19 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-11 03:19 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2015-02-11 03:19 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 03:19 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 03:19 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-11 03:19 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-11 03:19 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-11 03:19 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2015-02-11 03:19 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2015-02-11 03:19 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2015-02-11 03:19 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 03:19 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-11 03:19 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 03:19 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 03:19 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-11 03:19 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 03:19 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 03:19 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2015-02-11 03:19 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2015-02-11 03:19 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 03:19 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-11 03:19 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\System32\perftrack.dll
    2015-02-11 03:19 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\wdi.dll
    2015-02-11 03:19 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\powertracker.dll
    2015-02-11 03:19 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-11 03:18 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2015-02-11 03:18 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 03:18 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2015-02-11 03:18 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2015-02-11 03:18 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
    2015-02-11 03:18 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2015-02-11 03:18 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2015-02-11 03:18 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2015-02-11 03:18 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2015-02-11 03:18 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 03:18 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2015-02-11 03:18 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2015-02-11 03:18 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2015-02-11 03:18 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2015-02-11 03:18 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-11 03:18 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2015-02-11 03:18 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-11 03:18 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 03:18 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2015-02-11 03:18 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2015-02-11 03:18 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
    2015-02-11 03:18 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2015-02-11 03:18 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
    2015-02-11 03:18 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
    2015-02-11 03:18 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
    2015-02-11 03:18 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-11 03:18 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-11 03:18 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-11 03:18 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-11 03:18 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-11 03:18 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-11 03:18 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-11 03:18 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2015-02-11 03:18 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-11 03:18 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2015-02-11 03:18 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2015-02-11 03:18 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-02-11 03:18 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-02-11 03:17 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2015-02-11 03:17 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2015-02-11 03:17 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2015-02-11 03:17 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2015-02-11 03:17 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2015-02-11 03:17 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2015-02-11 03:17 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2015-02-11 03:17 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
    2015-02-11 03:17 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
    2015-02-11 03:17 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
    2015-02-11 03:17 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
    2015-02-11 03:17 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-11 03:17 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-11 03:17 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-11 03:17 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-11 03:17 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-11 03:17 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-11 03:17 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2015-02-11 03:17 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2015-02-11 03:17 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 03:16 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2015-02-11 03:16 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2015-02-11 03:16 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
    2015-02-11 03:16 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
    2015-02-11 03:16 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-11 03:16 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-11 03:16 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-11 03:16 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
    2015-02-11 03:16 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-11 03:12 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2015-02-10 06:19 - 2015-02-10 06:19 - 00060019 _____ () C:\Users\Toshiba\Documents\ClipMate7_DB_My Clips_2015-02-10_1519.ZIP
    2015-02-08 08:49 - 2015-02-08 08:49 - 00029956 _____ () C:\Users\Toshiba\Documents\ClipMate7_DB_My Clips_2015-02-08_1749.ZIP
    2015-02-04 09:38 - 2015-02-04 09:38 - 00338290 _____ () C:\Users\Toshiba\Downloads\LoonbriefRoomerJanuari2015.jpeg
    2015-02-03 18:10 - 2015-02-03 18:15 - 00000000 ____D () C:\Users\Toshiba\Documents\DPS-Log
    2015-02-03 18:10 - 2015-02-03 18:10 - 00000000 ____D () C:\Users\Toshiba\Documents\DRP-Log
    2015-02-03 18:01 - 2015-02-03 18:01 - 00258880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX
    2015-02-03 18:00 - 2015-02-03 18:00 - 00221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TabCtl32.OCX
    2015-02-03 17:35 - 2015-02-03 17:35 - 00014960 _____ () C:\Users\Toshiba\Documents\ClipMate7_DB_My Clips_2015-02-04_0235.ZIP
    2015-02-03 17:20 - 2015-02-03 17:20 - 00000000 ____D () C:\Program Files\AMD
    2015-02-03 17:17 - 2014-08-19 11:00 - 15967232 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2015-02-03 17:17 - 2014-08-19 09:14 - 00557568 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2015-02-03 17:16 - 2014-08-19 10:35 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\mantle64.dll
    2015-02-03 17:16 - 2014-08-19 10:35 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
    2015-02-03 17:16 - 2014-08-19 10:02 - 00366592 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2015-02-03 17:16 - 2014-08-19 10:00 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\mantleaxl64.dll
    2015-02-03 17:16 - 2014-08-19 10:00 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
    2015-02-03 17:15 - 2014-08-19 09:41 - 00190976 _____ (AMD) C:\Windows\System32\atitmm64.dll
    2015-02-03 17:14 - 2014-08-19 10:06 - 23027712 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2015-02-03 17:13 - 2014-08-19 10:28 - 27528704 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2015-02-03 17:12 - 2014-08-19 11:05 - 09023464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2015-02-03 17:12 - 2014-08-19 11:05 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2015-02-03 17:12 - 2014-08-19 11:05 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2015-02-03 17:12 - 2014-08-19 11:05 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2015-02-03 17:12 - 2014-08-19 11:05 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2015-02-03 17:12 - 2014-08-19 09:42 - 00031232 _____ (AMD) C:\Windows\System32\atimuixx.dll
    2015-02-03 17:12 - 2014-08-19 09:15 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2015-02-03 17:12 - 2014-08-19 09:15 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2015-02-03 17:12 - 2014-08-19 09:15 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2015-02-03 17:12 - 2014-08-19 09:14 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2015-02-03 17:12 - 2014-08-19 09:14 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2015-02-03 17:11 - 2014-08-19 10:01 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2015-02-03 17:11 - 2014-08-19 10:01 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2015-02-03 17:11 - 2014-08-19 10:01 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2015-02-03 17:11 - 2014-08-19 09:43 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\atidemgy.dll
    2015-02-03 17:10 - 2014-08-19 10:35 - 05225472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdmantle64.dll
    2015-02-03 17:10 - 2014-08-19 10:18 - 04180992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
    2015-02-03 17:10 - 2014-08-19 10:01 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2015-02-03 17:10 - 2014-08-19 10:01 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2015-02-03 17:10 - 2014-08-19 09:57 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2015-02-03 17:10 - 2014-08-19 09:38 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdmmcl6.dll
    2015-02-03 17:10 - 2014-08-19 09:38 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
    2015-02-03 17:10 - 2014-08-19 09:30 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
    2015-02-03 17:10 - 2014-08-19 09:30 - 00204952 _____ () C:\Windows\System32\ativvsvl.dat
    2015-02-03 17:10 - 2014-08-19 09:15 - 00898560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2015-02-03 17:10 - 2014-08-19 09:09 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2015-02-03 17:10 - 2014-04-22 14:38 - 00715877 _____ () C:\Windows\System32\amdicdxx.dat
    2015-02-03 17:10 - 2014-03-31 13:21 - 00734861 _____ () C:\Windows\System32\atiicdxx.dat
    2015-02-03 17:09 - 2014-08-19 10:46 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2015-02-03 17:09 - 2014-08-19 10:46 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2015-02-03 17:09 - 2014-08-19 10:45 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2015-02-03 17:09 - 2014-08-19 10:45 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2015-02-03 17:09 - 2014-08-19 10:02 - 00598648 _____ () C:\Windows\SysWOW64\atiapfxx.blb
    2015-02-03 17:09 - 2014-08-19 10:02 - 00598648 _____ () C:\Windows\System32\atiapfxx.blb
    2015-02-03 17:09 - 2014-08-19 09:34 - 03437632 _____ () C:\Windows\System32\atiumd6a.cap
    2015-02-03 17:09 - 2014-08-19 09:30 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
    2015-02-03 17:09 - 2014-08-19 09:30 - 00157144 _____ () C:\Windows\System32\ativvsva.dat
    2015-02-03 17:09 - 2014-08-19 09:22 - 00826368 _____ (AMD) C:\Windows\System32\coinst_14.20.dll
    2015-02-03 17:09 - 2014-08-19 09:21 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
    2015-02-03 17:09 - 2014-05-09 03:02 - 00234164 _____ () C:\Windows\System32\ativvaxy_cik.dat
    2015-02-03 17:09 - 2014-05-09 03:00 - 00232624 _____ () C:\Windows\System32\ativvaxy_cik_nd.dat
    2015-02-03 17:09 - 2014-04-29 00:00 - 00158816 _____ () C:\Windows\System32\ativce03.dat
    2015-02-03 17:09 - 2014-04-28 22:22 - 00319668 _____ () C:\Windows\System32\ativvaxy_vi.dat
    2015-02-03 17:09 - 2014-04-28 22:20 - 00318000 _____ () C:\Windows\System32\ativvaxy_vi_nd.dat
    2015-02-03 17:09 - 2014-04-03 21:50 - 00082128 _____ () C:\Windows\System32\ativce02.dat
    2015-02-03 17:09 - 2011-09-12 06:06 - 00003917 _____ () C:\Windows\SysWOW64\atipblag.dat
    2015-02-03 17:09 - 2011-09-12 06:06 - 00003917 _____ () C:\Windows\System32\atipblag.dat
    2015-02-03 17:08 - 2014-08-19 10:40 - 00065024 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
    2015-02-03 17:08 - 2014-08-19 10:39 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2015-02-03 17:07 - 2014-08-19 10:45 - 32877056 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2015-02-03 17:06 - 2014-08-19 10:42 - 27843072 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2015-02-03 17:04 - 2014-08-19 10:46 - 01187342 _____ () C:\Windows\System32\amdocl_as64.exe
    2015-02-03 17:04 - 2014-08-19 10:46 - 01061902 _____ () C:\Windows\System32\amdocl_ld64.exe
    2015-02-03 17:04 - 2014-08-19 10:46 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
    2015-02-03 17:04 - 2014-08-19 10:46 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
    2015-02-03 17:04 - 2014-08-19 10:46 - 00231424 _____ () C:\Windows\System32\clinfo.exe
    2015-02-03 17:00 - 2014-11-03 21:42 - 06242576 _____ (Dolby Laboratories) C:\Windows\System32\DDPP64AF3.dll
    2015-02-03 17:00 - 2014-11-03 21:42 - 01933584 _____ (Dolby Laboratories) C:\Windows\System32\DDPD64AF3.dll
    2015-02-03 17:00 - 2014-11-03 21:42 - 00336144 _____ (Dolby Laboratories) C:\Windows\System32\DDPO64AF3.dll
    2015-02-03 17:00 - 2014-11-03 21:42 - 00284944 _____ (Dolby Laboratories) C:\Windows\System32\DDPA64F3.dll
    2015-02-03 16:59 - 2014-12-03 02:41 - 04290520 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
    2015-02-03 16:59 - 2014-12-03 01:15 - 01485163 _____ () C:\Windows\System32\Drivers\RTAIODAT.DAT
    2015-02-03 16:59 - 2014-11-27 01:06 - 72823296 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
    2015-02-03 16:59 - 2014-08-14 03:16 - 05804772 _____ () C:\Windows\System32\Drivers\rtvienna.dat
    2015-02-03 16:58 - 2014-12-03 04:51 - 00960728 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
    2015-02-03 16:58 - 2014-12-02 02:42 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
    2015-02-03 16:58 - 2014-11-26 23:31 - 02823024 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RltkAPO64.dll
    2015-02-03 16:58 - 2014-11-26 23:31 - 02510192 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
    2015-02-03 16:58 - 2014-11-20 15:33 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\System32\slcnt64.dll
    2015-02-03 16:58 - 2014-11-20 15:33 - 00943784 _____ (DTS, Inc.) C:\Windows\System32\sl3apo64.dll
    2015-02-03 16:58 - 2014-11-20 15:33 - 00734376 _____ (DTS, Inc.) C:\Windows\System32\sltech64.dll
    2015-02-03 16:58 - 2014-11-20 15:33 - 00250536 _____ (TODO: <Company name>) C:\Windows\System32\slprp64.dll
    2015-02-03 16:58 - 2014-11-18 23:42 - 01289944 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
    2015-02-03 16:58 - 2014-11-16 21:14 - 00303776 _____ (ICEpower a/s) C:\Windows\System32\ICEsoundAPO64.dll
    2015-02-03 16:58 - 2014-11-10 21:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtDataProc64.dll
    2015-02-03 16:58 - 2014-11-06 03:57 - 01411096 _____ (Synopsys, Inc.) C:\Windows\System32\SRRPTR64.dll
    2015-02-03 16:58 - 2014-11-06 03:57 - 00451608 _____ (Synopsys, Inc.) C:\Windows\System32\SRAPO64.dll
    2015-02-03 16:58 - 2014-11-06 03:57 - 00366616 _____ (Synopsys, Inc.) C:\Windows\System32\SRCOM64.dll
    2015-02-03 16:58 - 2014-11-06 03:56 - 00326680 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
    2015-02-03 16:58 - 2014-11-06 03:56 - 00326680 _____ (Synopsys, Inc.) C:\Windows\System32\SRCOM.dll
    2015-02-03 16:58 - 2014-10-23 18:12 - 05234952 _____ (Nahimic Inc) C:\Windows\System32\NAHIMICAPOlfx.dll
    2015-02-03 16:58 - 2014-10-23 18:12 - 00995120 _____ (Nahimic Inc) C:\Windows\System32\NahimicAPONSControl.dll
    2015-02-03 16:58 - 2014-10-19 23:49 - 01360640 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO6064.dll
    2015-02-03 16:58 - 2014-08-05 21:43 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
    2015-02-03 16:58 - 2014-07-30 00:12 - 12967680 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxVoiceAPO3064.dll
    2015-02-03 16:58 - 2014-07-02 22:44 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO5064.dll
    2015-02-03 16:58 - 2014-07-02 22:44 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxVoiceAPO2064.dll
    2015-02-03 16:58 - 2014-06-17 03:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
    2015-02-03 16:58 - 2013-07-22 23:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek64.dll
    2015-02-03 16:58 - 2013-07-22 23:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
    2015-02-03 16:57 - 2014-10-21 23:26 - 01550528 _____ (Conexant Systems Inc.) C:\Windows\System32\CX64APO.dll
    2015-02-03 16:57 - 2014-06-08 18:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
    2015-02-03 16:57 - 2014-05-22 00:24 - 00096568 _____ () C:\Windows\System32\audioLibVc.dll
    2015-02-03 16:32 - 2014-04-01 02:25 - 03048152 _____ (Realtek Semiconductor Corporation ) C:\Windows\System32\Drivers\rtwlane_vista.sys
    2015-02-03 16:26 - 2009-07-14 06:28 - 00023512 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TVALZ_O.SYS
    2015-02-03 16:21 - 2014-08-29 05:44 - 00274136 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys
    2015-02-03 16:21 - 2014-07-16 00:05 - 00795352 _____ (Realtek ) C:\Windows\System32\Drivers\Rtlh64.sys
    2015-02-03 16:21 - 2014-07-16 00:05 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
    2015-02-03 16:20 - 2014-01-27 02:39 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
    2015-02-03 03:07 - 2015-02-03 03:07 - 00425660 _____ () C:\Users\Toshiba\Downloads\CMbijdrage2015Wim.jpeg
    2015-02-03 03:07 - 2015-02-03 03:07 - 00292078 _____ () C:\Users\Toshiba\Downloads\CMbijdrage2015WimVerso.jpeg
    2015-02-02 14:49 - 2015-02-11 18:57 - 00000000 ____D () C:\Windows\System32\appraiser
    2015-02-02 14:42 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
    2015-02-02 14:42 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-02-02 14:42 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2015-02-02 14:42 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
    2015-02-02 14:42 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
    2015-02-02 14:42 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
    2015-02-02 14:42 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-02-02 14:42 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-02-02 14:42 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-02-02 14:42 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-02-02 14:39 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
    2015-02-02 14:39 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2015-02-02 14:39 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-02-02 14:39 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\System32\charmap.exe
    2015-02-02 14:39 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2015-02-02 14:39 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
    2015-02-02 14:39 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
    2015-02-02 14:39 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
    2015-02-02 14:39 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
    2015-02-02 14:39 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
    2015-02-02 14:39 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2015-02-02 14:39 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2015-02-02 14:39 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2015-02-02 14:39 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2015-02-02 14:39 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2015-02-02 13:51 - 2013-08-06 21:08 - 00078936 ____R (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys
    2015-02-02 13:20 - 2015-02-02 13:20 - 00016566 _____ () C:\Users\Toshiba\Documents\cc_20150202_222001.reg
    2015-02-02 13:18 - 2015-02-02 13:18 - 00068428 _____ () C:\Users\Toshiba\Documents\cc_20150202_221849.reg
    2015-02-02 12:57 - 2015-02-02 12:57 - 00003552 ____N () C:\bootsqm.dat
    2015-01-25 01:51 - 2015-01-25 01:51 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\FluxSoftware
    2015-01-25 01:18 - 2015-02-08 10:24 - 00003465 ___SH () C:\Windows\SysWOW64\win_stlthdb_sys.dat
    2015-01-24 11:37 - 2015-01-24 11:37 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\Eraser 6
    2015-01-24 05:04 - 2015-01-24 05:04 - 00000000 ____D () C:\Program Files\Eraser
    2015-01-24 02:48 - 2015-02-08 10:24 - 00000700 ___SH () C:\Users\Toshiba\AppData\Local\systemFL7.dat
    2015-01-23 15:37 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2015-01-23 15:37 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
    2015-01-23 15:37 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2015-01-23 15:37 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-23 15:37 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-23 15:33 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-14 15:27 - 2014-08-10 06:47 - 01311967 _____ () C:\Windows\WindowsUpdate.log
    2015-02-14 15:25 - 2014-08-10 10:39 - 00104013 _____ () C:\Windows\Q-Dir.ini
    2015-02-14 15:24 - 2014-08-10 15:43 - 00000000 ____D () C:\AdwCleaner
    2015-02-14 15:23 - 2014-08-10 12:03 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\uTorrent
    2015-02-14 15:20 - 2014-08-10 08:48 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-14 15:20 - 2014-08-09 13:02 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\foobar2000
    2015-02-14 15:18 - 2014-08-10 15:01 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\JDownloader v2.0
    2015-02-14 15:14 - 2014-08-10 09:50 - 00028513 _____ () C:\Windows\setupact.log
    2015-02-14 15:05 - 2014-08-15 13:18 - 00000000 ____D () C:\Users\Toshiba\Documents\Foobar Backup
    2015-02-14 14:55 - 2014-08-10 10:57 - 00000000 ____D () C:\Users\Toshiba\Downloads\IDM
    2015-02-14 14:55 - 2014-08-09 14:03 - 00000000 ____D () C:\Users\Toshiba\Documents\Virus Check
    2015-02-14 14:47 - 2014-11-09 00:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-14 14:11 - 2014-12-09 09:57 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
    2015-02-14 14:11 - 2014-10-31 07:33 - 00000000 ____D () C:\Program Files (x86)\ClipMate7
    2015-02-14 12:32 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-14 12:32 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-14 12:31 - 2014-10-31 07:33 - 00000000 ____D () C:\ProgramData\TEMP
    2015-02-14 12:28 - 2014-08-13 07:37 - 00000000 ____D () C:\ProgramData\BootRacer
    2015-02-14 12:28 - 2014-08-13 07:33 - 00364544 ____H () C:\Users\Public\Documents\bootracer.his
    2015-02-14 12:28 - 2014-08-13 07:25 - 02919457 ____H () C:\Users\Public\Documents\bootracer.log
    2015-02-14 12:28 - 2014-08-13 07:25 - 00001272 ____H () C:\Users\Public\Documents\bootracer.ini
    2015-02-14 12:27 - 2014-08-11 08:14 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-02-14 12:26 - 2014-08-10 08:48 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-11 19:06 - 2009-07-13 21:13 - 00781298 _____ () C:\Windows\System32\PerfStringBackup.INI
    2015-02-11 19:00 - 2014-08-13 07:25 - 00000000 ____D () C:\Program Files (x86)\BootRacer
    2015-02-11 19:00 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-11 19:00 - 2009-07-13 20:45 - 00426200 _____ () C:\Windows\System32\FNTCACHE.DAT
    2015-02-11 18:57 - 2014-08-10 09:48 - 00000000 ___SD () C:\Windows\System32\CompatTel
    2015-02-11 18:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-11 18:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-11 18:55 - 2014-12-18 17:31 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\DMCache
    2015-02-11 18:38 - 2014-08-11 06:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-11 18:28 - 2009-07-13 18:34 - 00000478 _____ () C:\Windows\win.ini
    2015-02-11 18:26 - 2014-08-10 09:22 - 00000000 ____D () C:\Windows\System32\MRT
    2015-02-11 18:07 - 2014-08-10 09:22 - 116773704 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2015-02-11 07:09 - 2014-12-01 08:35 - 00003842 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417451715
    2015-02-11 07:09 - 2014-12-01 08:34 - 00000000 ____D () C:\Program Files (x86)\Opera
    2015-02-10 06:01 - 2014-12-22 20:35 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\WeatherWatcherLive
    2015-02-10 00:07 - 2014-11-14 20:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2015-02-10 00:07 - 2014-08-10 17:00 - 00000000 ____D () C:\Program Files (x86)\Weather Watcher Live
    2015-02-10 00:07 - 2014-08-10 15:17 - 00000000 ____D () C:\Program Files (x86)\System Explorer
    2015-02-09 13:46 - 2014-11-09 09:57 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\7 Sticky Notes
    2015-02-09 08:13 - 2014-08-10 18:22 - 00000000 ____D () C:\ProgramData\Zoom Player
    2015-02-09 08:12 - 2014-08-11 02:18 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\DAEMON Tools Pro
    2015-02-09 08:00 - 2014-08-11 03:33 - 00000000 ___RD () C:\Users\Toshiba\Downloads\JD
    2015-02-08 15:35 - 2014-10-05 07:34 - 00000000 ____D () C:\Program Files\MPC-HC
    2015-02-08 15:35 - 2014-08-10 11:31 - 00000000 ____D () C:\Users\Toshiba\Documents\Utils
    2015-02-08 12:53 - 2014-08-10 10:50 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\IDM
    2015-02-08 10:24 - 2014-08-15 18:34 - 00002568 ___SH () C:\ProgramData\win_mpwd_sys.dat
    2015-02-08 10:24 - 2014-08-15 18:33 - 00011781 ___SH () C:\Users\Toshiba\AppData\Local\win_flfiles_sys.dat
    2015-02-08 10:24 - 2014-08-15 18:33 - 00003465 ___SH () C:\Users\Toshiba\AppData\Local\win_stlthdb_sys.dat
    2015-02-08 08:40 - 2014-08-10 09:50 - 02449030 _____ () C:\Windows\PFRO.log
    2015-02-08 08:03 - 2014-08-10 09:35 - 00765700 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-03 23:09 - 2014-08-10 08:48 - 00004052 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-03 23:09 - 2014-08-10 08:48 - 00003800 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-03 17:02 - 2014-08-15 12:06 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2015-02-03 05:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
    2015-02-02 14:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-02-02 14:43 - 2014-08-10 10:40 - 00000000 ____D () C:\Program Files\Q-Dir
    2015-02-02 13:17 - 2014-08-30 06:47 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\CrashDumps
    2015-01-25 13:58 - 2014-08-10 12:04 - 00000000 ____D () C:\Program Files (x86)\uTorrent
    2015-01-25 01:18 - 2014-12-18 17:50 - 00000620 ___SH () C:\Users\Toshiba\AppData\Local\settingsFL.dat
    2015-01-25 01:18 - 2014-08-15 18:33 - 00011781 ___SH () C:\Windows\SysWOW64\win_flfiles_sys.dat
    2015-01-25 01:13 - 2014-08-15 18:28 - 00330040 _____ ( New Softwares.net) C:\Windows\SysWOW64\WinFLTrayShred.exe
    2015-01-25 01:13 - 2014-08-15 18:28 - 00330040 _____ ( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
    2015-01-25 01:13 - 2014-08-15 18:28 - 00092984 _____ (New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
    2015-01-25 01:13 - 2014-08-15 18:28 - 00040960 _____ () C:\Windows\SysWOW64\nwsftUninstall.exe
    2015-01-25 01:13 - 2014-08-15 18:28 - 00036472 _____ () C:\Windows\SysWOW64\WinFLAdrv.sys
    2015-01-25 01:13 - 2014-08-15 18:28 - 00014024 _____ () C:\Windows\SysWOW64\WinFLMsgService.exe
    2015-01-25 00:53 - 2014-08-29 06:23 - 00000693 ___SH () C:\Windows\SysWOW64\win_fldb_sys.dat
    2015-01-25 00:53 - 2014-08-29 06:22 - 00001213 ___SH () C:\Users\Toshiba\AppData\Local\win_fldb_sys.dat
    2015-01-24 16:57 - 2014-08-29 06:22 - 00000402 _____ () C:\Users\Toshiba\AppData\Local\HackLogs.dat
    2015-01-24 02:42 - 2014-08-10 17:45 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\Notepad++
    2015-01-24 01:10 - 2014-08-12 01:36 - 00000000 ____D () C:\Program Files (x86)\SoulseekQt
    2015-01-21 11:47 - 2009-07-13 21:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-17 06:42 - 2014-12-09 07:26 - 00000000 ____D () C:\Tor Browser
    2015-01-17 04:59 - 2014-10-31 07:33 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\Clipmate7
    2015-01-16 19:28 - 2014-08-11 02:18 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Pro Advanced

    Files to move or delete:
    ====================
    C:\ProgramData\win_mpwd_sys.dat


    Some content of TEMP:
    ====================
    C:\Users\Toshiba\AppData\Local\Temp\FMT_update.exe
    C:\Users\Toshiba\AppData\Local\Temp\proxy_vole2594765973311500073.dll
    C:\Users\Toshiba\AppData\Local\Temp\Setup.exe
    C:\Users\Toshiba\AppData\Local\Temp\sqlite3.dll


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 22%
    Total physical RAM: 2667.64 MB
    Available physical RAM: 2070.78 MB
    Total Pagefile: 2665.84 MB
    Available Pagefile: 2059.56 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:148.65 GB) (Free:40.36 GB) NTFS
    Drive e: () (Fixed) (Total:0.39 GB) (Free:0.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive g: () (Removable) (Total:28.86 GB) (Free:24.63 GB) NTFS
    Drive i: (STICK) (Removable) (Total:3.78 GB) (Free:3.78 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (Data) (Fixed) (Total:149.04 GB) (Free:6.64 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: CBF0AB2B)
    Partition 1: (Active) - (Size=400 MB) - (Type=27)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 28.9 GB) (Disk ID: 1A885AD6)
    Partition 1: (Active) - (Size=28.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (Size: 3.8 GB) (Disk ID: 04DD5721)
    Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)


    LastRegBack: 2015-01-20 05:05

    ==================== End Of Log ============================
     
  14. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    The drver, TVALZ_O.SYS, seems legit.

    Download the enclosed file. Save it in the same location FRST is saved. Open FRST as you did before, except that this time around click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post its contents in a reply.
     

    Attached Files:

  15. Wimalaya

    Wimalaya Thread Starter

    Joined:
    Dec 22, 2011
    Messages:
    199
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
    Ran by SYSTEM at 2015-02-15 23:04:31 Run:1
    Running from i:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    Start
    C:\Windows\System32\Tasks\avaxvyxvyhc
    C:\Users\Toshiba\AppData\Local\avaxvyxvyhc
    C:\Windows\System32\Tasks\avaxvyxvyha
    C:\Users\Toshiba\AppData\Local\avaxvyxvyha
    C:\Users\Toshiba\AppData\Local\SearchProtect
    HKU\Toshiba\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S7].txt [6036 2015-02-14] ()
    C:\Users\Toshiba\AppData\Local\Temp\FMT_update.exe
    C:\Users\Toshiba\AppData\Local\Temp\proxy_vole2594765973311500073.dll
    C:\Users\Toshiba\AppData\Local\Temp\Setup.exe
    C:\Users\Toshiba\AppData\Local\Temp\sqlite3.dll
    C:\ProgramData\win_mpwd_sys.dat
    CMD: bcdedit /enum all /v
    End
    *****************

    C:\Windows\System32\Tasks\avaxvyxvyhc => Moved successfully.
    C:\Users\Toshiba\AppData\Local\avaxvyxvyhc => Moved successfully.
    C:\Windows\System32\Tasks\avaxvyxvyha => Moved successfully.
    C:\Users\Toshiba\AppData\Local\avaxvyxvyha => Moved successfully.
    C:\Users\Toshiba\AppData\Local\SearchProtect => Moved successfully.
    HKU\Toshiba\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
    C:\Users\Toshiba\AppData\Local\Temp\FMT_update.exe => Moved successfully.
    C:\Users\Toshiba\AppData\Local\Temp\proxy_vole2594765973311500073.dll => Moved successfully.
    C:\Users\Toshiba\AppData\Local\Temp\Setup.exe => Moved successfully.
    C:\Users\Toshiba\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\ProgramData\win_mpwd_sys.dat => Moved successfully.

    ========= bcdedit /enum all /v =========


    Windows Boot Manager
    --------------------
    identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
    device partition=E:
    description Windows Boot Manager
    locale en-US
    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    default {8c50aa3d-20f0-11e4-a3a5-d5c5b37e4ec9}
    resumeobject {8c50aa3c-20f0-11e4-a3a5-d5c5b37e4ec9}
    displayorder {8c50aa3d-20f0-11e4-a3a5-d5c5b37e4ec9}
    toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {8c50aa3d-20f0-11e4-a3a5-d5c5b37e4ec9}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7
    locale en-US
    inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
    recoverysequence {8c50aa3e-20f0-11e4-a3a5-d5c5b37e4ec9}
    recoveryenabled Yes
    testsigning Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {8c50aa3c-20f0-11e4-a3a5-d5c5b37e4ec9}
    nx OptIn
    bootlog No

    Windows Boot Loader
    -------------------
    identifier {8c50aa3e-20f0-11e4-a3a5-d5c5b37e4ec9}
    device ramdisk=[C:]\Recovery\8c50aa3e-20f0-11e4-a3a5-d5c5b37e4ec9\Winre.wim,{8c50aa3f-20f0-11e4-a3a5-d5c5b37e4ec9}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
    osdevice ramdisk=[C:]\Recovery\8c50aa3e-20f0-11e4-a3a5-d5c5b37e4ec9\Winre.wim,{8c50aa3f-20f0-11e4-a3a5-d5c5b37e4ec9}
    systemroot \windows
    nx OptIn
    winpe Yes
    custom:46000010 Yes

    Resume from Hibernate
    ---------------------
    identifier {8c50aa3c-20f0-11e4-a3a5-d5c5b37e4ec9}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
    device partition=E:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {4636856e-540f-4170-a130-a84776f4c654}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

    Global Settings
    ---------------
    identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    inherit {4636856e-540f-4170-a130-a84776f4c654}
    {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
    {5189b25c-5558-4bf2-bca4-289b11bd29e2}

    Boot Loader Settings
    --------------------
    identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
    {7ff607e0-4395-11db-b0de-0800200c9a66}

    Hypervisor Settings
    -------------------
    identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

    Device options
    --------------
    identifier {8c50aa3f-20f0-11e4-a3a5-d5c5b37e4ec9}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\8c50aa3e-20f0-11e4-a3a5-d5c5b37e4ec9\boot.sdi

    ========= End of CMD: =========


    ==== End of Fixlog 23:04:36 ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143094

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice