Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8 Dell Desktop folder are not mine


  • This topic is locked This topic is locked
21 replies to this topic

#1 Poweroo

Poweroo

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:07:10 PM

Posted 19 July 2013 - 06:10 PM

I go to the advanced option in the "Security" Tab of properties and I cannot take permission or Full Control of my folders.  There are folders and files that I did not add.  When I go look at the user list and group list, there are about 13 users or groups that I have no idea where they came from. I open the command prompt in Administrator mode and try to /grant HazeBo Nilla:F and I am told "Access denied"

I see all types of remote devices and also cannot access my Ethernet adapter so I can wire my computer to the internet.  MY machine is 4 months old.

 

Please help.

 

I ran the dds scan and attached are the attach.txt, dds.txt and the ark.txt files:

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 PM

Posted 24 July 2013 - 06:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/501618 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:07:10 PM

Posted 24 July 2013 - 06:55 PM

Hello, 

 

Thank you and no worries.  I understand about the amount of people you must help.

 

I have Dell Desktop Inspiron 660 that I bought in March and tag states it was manufactured in Jan 17, 2013.  I am running Windows 8 Pro.  I have a Windows 8 Pro live DVD that Dell sent me on request because I have been having so much trouble since purchasing it.

 

Installed Kaspersky AV before leaving the store with it. That didn't help and actually it never really downloaded.  Just some bogus green line that I found digging around some files that didn't mean anything. So "uninstalled" Kaspersky.

 

Bought ZonaAlarm, Same thing, Some days it looked like it was actually working, and others I would open the dashboard and many of the options were grayed out.  

 

I ran dds from my other request for help for my laptop and the download was not the one that was sent to the laptop so I deleted it.

 

I have tried to take ownership of my folders, but when I start doing that, my machine either just stops working like I can't open any programs or apps.  I also switch users and there is nothing on the desktop and nothing in the Start menu where there should be tiles.  

I try opening folders and I cannot even open mine.  So I have had to reset and re install the whole OS about 15 times.(no exaggeration).

 

I install Microsoft Office 2010 from a live DVD and when I go look for the actual executable files I cannot find them and I also receive error messages that I cannot perform certain tasks because I am running 32-bit of almost every program.  

iTunes is horrible.  I cannot take control of my music library on so many levels.  I have also uninstalled and re-installed iTunes 64-bit it says it right on the icon, but when I look in my Programs and Features everything is 32-bit application.

 

I am about to run a current dds for you and I will follow the instructions.

 

thank you,

~h



#4 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:07:10 PM

Posted 24 July 2013 - 07:02 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16384
Run by Administrator at 18:55:43 on 2013-07-24
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3968.2496 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "H:\Acrobat\Acrotray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BA3F2F6D-41B2-4E2D-8CDC-2BF4C05E7A11} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\Drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\Drivers\LHidEqd.sys [2013-1-3 15752]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
.
=============== Created Last 30 ================
.
2013-07-24 23:30:11 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2013-07-24 23:17:49 252080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-24 23:06:26 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-24 23:06:24 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-24 01:26:53 -------- d-----w- C:\Windows\Panther
2013-07-24 01:03:25 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-07-24 01:03:20 -------- d-----w- C:\Users\Administrator\AppData\Local\Adobe
2013-07-24 00:39:55 -------- d-----w- C:\Windows\PCHEALTH
2013-07-24 00:38:27 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-24 00:38:00 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-07-24 00:37:53 -------- d-----w- C:\Users\Administrator\AppData\Local\Microsoft Help
2013-07-24 00:31:27 -------- d-----w- C:\ProgramData\PRICache
2013-07-24 00:29:37 -------- d-sh--w- C:\Recovery
2013-07-23 23:40:43 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-07-23 23:36:06 -------- d-----w- C:\Program Files\Common Files\Intel
2013-07-23 23:36:05 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-07-23 23:36:02 56832 ----a-w- C:\Windows\System32\OpenCL.DLL
2013-07-23 23:36:02 56320 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2013-07-23 23:36:02 -------- d-----w- C:\Intel
.
==================== Find3M  ====================
.
2013-05-02 17:32:04 2274480 ----a-w- C:\Windows\System32\coin94.dll
.
============= FINISH: 18:56:03.47 ===============
 

 

Attached Files



#5 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:04:10 PM

Posted 26 July 2013 - 08:03 PM

Hello Poweroo,

:welcome: to Bleeping Computer!

My name is whoabuddy and I will be assisting you today. Before we get started, please keep the following in mind while I am helping you to make things go easier and faster for both of us.


Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please do not attach logs or use code boxes, just copy and paste the text.

Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Also watch for items italicized or in green[/i], these entries are notes to help explain the process or common occurrences.

Please provide feedback about your experience as we go.

A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of headaches as we go along. For more information about backing up your system, please review the links in the first item of the Malware Removal Preparation Guide.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Please respond and acknowledge that you have read my introduction and I will begin reviewing your logs so we can get started!

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#6 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:07:10 PM

Posted 27 July 2013 - 07:06 PM

I have read and understand your instructions.  All files backed up either on Cloud, Acrobat.com, or external drive.

 

Please proceed,

 

Respectfully,

 

PowerOfOne



#7 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:04:10 PM

Posted 28 July 2013 - 11:07 AM

Hi PowerOfOne,

Looking over your posts, it sounds like you are having multiple issues that we need to address separately, so let me start by reviewing what I see so far and asking for some more information. Once we have everything all together we can being dissecting the issues one by one.

I go to the advanced option in the "Security" Tab of properties and I cannot take permission or Full Control of my folders. There are folders and files that I did not add. When I go look at the user list and group list, there are about 13 users or groups that I have no idea where they came from.

When you say "my folders" what folder(s) are you referring to exactly? In what folder do you see the folders and files that you did not add? If you can let me know the full path, i.e. C:\Users\MyUser\FolderName, I can help you research this further.

I open the command prompt in Administrator mode and try to /grant HazeBo Nilla:F and I am told "Access denied"

The way Windows is designed you should not need to take ownership of any files, but I understand your frustrations due to the earlier issues you described. For now let's focus on the command itself, how did you run the "/grant" portion? What was the entire command?

I see all types of remote devices and also cannot access my Ethernet adapter so I can wire my computer to the internet. MY machine is 4 months old.

When you say remote devices, what do you mean? Other machines? Are you able to connect to a network at all (wired or wireless)?

I have a Windows 8 Pro live DVD that Dell sent me on request because I have been having so much trouble since purchasing it.

That is an excellent resource to have, even if we do not use it throughout this process make sure you save it!

Installed Kaspersky AV before leaving the store with it. That didn't help and actually it never really downloaded. Just some bogus green line that I found digging around some files that didn't mean anything. So "uninstalled" Kaspersky.

What steps did you take to uninstall Kaspersky?

Bought ZonaAlarm, Same thing, Some days it looked like it was actually working, and others I would open the dashboard and many of the options were grayed out.

I am not familiar with ZoneAlarm in particular, but the information from these other issues may help us figure this one out.

I have tried to take ownership of my folders, but when I start doing that, my machine either just stops working like I can't open any programs or apps. I also switch users and there is nothing on the desktop and nothing in the Start menu where there should be tiles.

What folder(s) are you taking ownership of? By design there are folders that you as a user, or you as an administrator, can not access by default without changing the permissions. This is by design but we can analyze further once we know which folders.

I try opening folders and I cannot even open mine. So I have had to reset and re install the whole OS about 15 times.(no exaggeration).

What steps did you take to reinstall the OS?

I install Microsoft Office 2010 from a live DVD and when I go look for the actual executable files I cannot find them and I also receive error messages that I cannot perform certain tasks because I am running 32-bit of almost every program. ... iTunes is horrible. I cannot take control of my music library on so many levels. I have also uninstalled and re-installed iTunes 64-bit it says it right on the icon, but when I look in my Programs and Features everything is 32-bit application.

A 64-bit version of Windows is designed to run both 32- and 64-bit applications, and has a few ways of implementing this as well, possibly leading to your issue finding the executables. For example, a 64-bit version of Windows will have the folders C:\Program Files and C:\Program Files (x86) - both of which contain applications you have installed depending on their type. There are other specifics as well, but we would have to look at each error message with each program individually to address it.

To start, let's get some fresh logs from your PC, along with answers to the questions I have provided above.

We need to run a scan with aswMBR:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply
We need to run a scan with Farbar's Recovery Scan Tool:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (x64). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
In your next post I need the following:
  • answers to my questions above
  • aswMBR.log from aswMBR scan
  • FRST.txt and Addition.txt from FRST scan
  • status update - is there anything else you would like to add at this time?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#8 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:07:10 PM

Posted 28 July 2013 - 02:50 PM


When you say "my folders" what folder(s) are you referring to exactly? In what folder do you see the folders and files that you did not add? If you can let me know the full path, i.e. C:\Users\MyUser\FolderName, I can help you research this further.

 

Disregard.  I have since reset and reinstalled.

 

 


The way Windows is designed you should not need to take ownership of any files, but I understand your frustrations due to the earlier issues you described. For now let's focus on the command itself, how did you run the "/grant" portion? What was the entire command?

 

I went into the Command Prompt and entered.  <net user Administrator /active: yes>.  I have not done it this go-round so it makes a wee bit of a difference in behavior.  I thought using my Microsoft account as my regular account and just leaving the Administrator account there.  It seemed to have cause many problems having that account visible.

 


When you say remote devices, what do you mean? Other machines? Are you able to connect to a network at all (wired or wireless)?

 

I saw them in the device manager window.  I was having a difficult time connecting to my Wired network.  I wanted to disable my wireless and I could not locate the Network adapter anywhere.  When I was digging around, I found all kinds of strange happenings.  Like other user with names like Applications something and Trusted INstaller...or is that a default.  I see the Default user.  I finally had to reset again and install and I was able to hard wire the machine to the network. I went into the IP address of the AT&T modem and disabled the wireless capabilities. 

 


What steps did you take to uninstall Kaspersky?

 

 

I went to Programs and Features and uninstalled it. 

 


 

What folder(s) are you taking ownership of? By design there are folders that you as a user, or you as an administrator, can not access by default without changing the permissions. This is by design but we can analyze further once we know which folders.

 

I have attached a snip of the users that come up when I go into a folder and properties and the security tab.  Who are all those?  Are they supposed to be there?

 


 

What steps did you take to reinstall the OS?

 

I went to PC Settings and did an Advanced reset.  It sets everything back to factory settings and then installed from the disk.  I wen to advanced and there like 4 disks and partitions and I deleted most. One stayed and the C: drive.  I created another disk (I am not skilled at this part).  I added 30GB to it and I was going to use it as a Recovery disk until I get an external. There is also a screen shot of when I go into Disk Management and I see the 30GB and it says "unallocated".  So I need to get control of that and perhaps you can assist in creating that 30GB recovery disk so I can stop deleting my files if I have to reset. I wan to create an image also.

 

So there is my dilemma.  The behavior is just very odd and inconsistent.  So far I haven't tried to open any folders that are mine yet.  As I mentioned, I also did not bring out the Administrator.  

So below is the information from the directions and attached are; the one file you asked to attach and the snips of what I see.

 

Respectfully 

PowerOfOne

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-28 13:36:50
-----------------------------
13:36:50.508    OS Version: Windows x64 6.2.9200 
13:36:50.508    Number of processors: 2 586 0x3A09
13:36:50.509    ComputerName: POWEROFONE  UserName: Daisy
13:36:50.555    Initialze error 1 
13:49:06.513    AVAST engine defs: 13072800
14:01:54.938    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:01:54.940    Disk 0 Vendor: WDC_WD5000AAKX-75U6AA0 19.01H19 Size: 476940MB BusType: 3
14:01:54.943    Disk 0 MBR read successfully
14:01:54.945    Disk 0 MBR scan
14:01:54.964    Disk 0 unknown MBR code
14:01:54.966    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:01:55.003    Disk 0 scanning C:\Windows\system32\drivers
14:01:55.006    Service scanning
14:01:55.578    Modules scanning
14:01:55.582    Disk 0 trace - called modules:
14:01:55.589    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys 
14:01:55.593    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004883060]
14:01:55.596    3 CLASSPNP.SYS[fffff880015acfea] -> nt!IofCallDriver -> [0xfffffa8004724250]
14:01:55.601    5 ACPI.sys[fffff88001183a91] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800471f600]
14:01:55.604    AVAST engine scan C:\Windows
14:01:55.608    AVAST engine scan C:\Windows\system32
14:01:55.613    AVAST engine scan C:\Windows\system32\drivers
14:01:55.617    AVAST engine scan C:\Users\Daisy
14:01:55.620    AVAST engine scan C:\ProgramData
14:01:55.624    Scan finished successfully
14:02:29.551    Disk 0 MBR has been saved successfully to "C:\Users\Daisy\Desktop\MBR.dat"
14:02:29.554    The log file has been saved successfully to "C:\Users\Daisy\Desktop\aswMBR.txt"
 
=========================================================================================================================
 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Daisy (administrator) on 28-07-2013 14:03:50
Running from C:\Users\Daisy\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Adobe Systems Incorporated) C:\Users\Daisy\AppData\Local\Temp\Creative Cloud Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Windows\system32\OpenWith.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [51712 2012-07-25] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Startup: C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://ecampus.phoenix.edu/
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/webhp?source=search_app
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Extension: (Google Docs) - C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Logitech SetPoint) - C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Gmail) - C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
 
==================== Services (Whitelisted) =================
 
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U3 aswMBR; \??\C:\Users\Daisy\AppData\Local\Temp\aswMBR.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-28 14:03 - 2013-07-28 14:03 - 01780547 _____ (Farbar) C:\Users\Daisy\Desktop\FRST64.exe
2013-07-28 14:03 - 2013-07-28 14:03 - 00000000 ____D C:\FRST
2013-07-28 14:02 - 2013-07-28 14:02 - 00001836 _____ C:\Users\Daisy\Desktop\aswMBR.txt
2013-07-28 14:02 - 2013-07-28 14:02 - 00000512 _____ C:\Users\Daisy\Desktop\MBR.dat
2013-07-28 11:13 - 2013-07-28 11:45 - 04745728 _____ (AVAST Software) C:\Users\Daisy\Desktop\aswMBR.exe
2013-07-28 10:46 - 2013-07-28 10:52 - 2160940399 _____ C:\Users\Daisy\Desktop\Music.zip
2013-07-27 12:25 - 2013-07-27 12:25 - 00000000 ____D C:\ProgramData\RIBS
2013-07-27 12:24 - 2013-07-27 12:24 - 00002043 _____ C:\Users\Public\Desktop\Lightroom 5 64-bit.lnk
2013-07-27 12:24 - 2013-07-27 12:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-27 12:23 - 2013-07-27 12:23 - 00000000 ____D C:\Program Files\Adobe
2013-07-27 11:24 - 2013-07-27 15:02 - 00000000 ____D C:\Users\Daisy\Desktop\UOPHX
2013-07-27 10:53 - 2013-07-27 10:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-07-27 10:53 - 2013-07-27 10:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-07-27 09:57 - 2013-07-27 09:57 - 00000000 ____D C:\Users\Daisy\Desktop\CC
2013-07-27 09:55 - 2013-07-27 09:55 - 00003506 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-PowerOfOne-Daisy
2013-07-27 09:55 - 2013-07-27 09:55 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-07-27 09:51 - 2013-07-27 09:51 - 03867512 _____ (Adobe Systems Incorporated) C:\Users\Daisy\Downloads\CreativeCloudSet-Up.exe
2013-07-27 09:48 - 2013-07-28 13:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 09:48 - 2013-07-27 09:48 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-27 09:45 - 2013-07-27 09:45 - 01069032 _____ (Solid State Networks) C:\Users\Daisy\Downloads\68AD.tmp
2013-07-26 20:42 - 2013-06-24 00:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-26 20:39 - 2013-01-09 20:53 - 00028904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys
2013-07-26 20:39 - 2013-01-09 20:29 - 00785504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-26 20:39 - 2013-01-09 20:29 - 00091880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-07-26 20:39 - 2013-01-09 18:26 - 01752064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2013-07-26 20:39 - 2013-01-09 18:26 - 01611776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2013-07-26 20:39 - 2013-01-09 18:26 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-07-26 20:39 - 2013-01-09 18:26 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2013-07-26 20:39 - 2013-01-09 18:26 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2013-07-26 20:39 - 2013-01-09 18:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
2013-07-26 20:39 - 2013-01-09 18:26 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-26 20:39 - 2013-01-09 18:23 - 02094592 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2013-07-26 20:39 - 2013-01-09 18:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2013-07-26 20:39 - 2013-01-09 18:23 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2013-07-26 20:39 - 2013-01-09 18:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-26 20:39 - 2013-01-09 18:23 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2013-07-26 20:39 - 2013-01-09 18:23 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2013-07-26 20:39 - 2013-01-09 18:23 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe
2013-07-26 20:39 - 2013-01-09 18:22 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-07-26 20:39 - 2013-01-09 18:22 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-26 20:39 - 2013-01-09 18:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2013-07-26 20:39 - 2013-01-09 18:22 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2013-07-26 20:39 - 2013-01-09 18:22 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2013-07-26 20:39 - 2013-01-08 22:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-07-26 20:39 - 2012-11-02 00:19 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2013-07-26 20:39 - 2012-11-02 00:18 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2013-07-26 20:39 - 2012-11-02 00:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2013-07-26 20:39 - 2012-11-02 00:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\adhapi.dll
2013-07-26 20:39 - 2012-11-02 00:18 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2013-07-26 20:39 - 2012-11-02 00:18 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2013-07-26 20:37 - 2012-08-30 19:53 - 00017888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2013-07-26 20:37 - 2012-08-30 19:52 - 00017888 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2013-07-26 20:35 - 2013-03-02 05:57 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-07-26 20:35 - 2013-03-02 05:57 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2013-07-26 20:35 - 2013-03-02 05:45 - 00194792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-26 20:35 - 2013-03-02 05:45 - 00148712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-07-26 20:35 - 2013-03-02 05:45 - 00125160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-26 20:35 - 2013-03-02 05:39 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-07-26 20:35 - 2013-03-02 05:39 - 00327912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-07-26 20:35 - 2013-03-02 03:23 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-26 20:35 - 2013-03-02 03:23 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-07-26 20:35 - 2013-03-02 03:23 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-07-26 20:35 - 2013-03-02 03:23 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-07-26 20:35 - 2013-03-02 03:23 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-07-26 20:35 - 2013-03-02 03:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-07-26 20:35 - 2013-03-02 03:22 - 05091840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-26 20:35 - 2013-03-02 03:22 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-26 20:35 - 2013-03-02 03:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-07-26 20:35 - 2013-03-02 03:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-07-26 20:35 - 2013-03-02 03:21 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-07-26 20:35 - 2013-03-02 03:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-07-26 20:35 - 2013-03-01 21:45 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSDPrintProxy.DLL
2013-07-26 20:35 - 2013-03-01 21:44 - 05978624 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-26 20:35 - 2013-03-01 21:44 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-26 20:35 - 2013-03-01 21:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-07-26 20:35 - 2013-03-01 21:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-07-26 20:35 - 2013-03-01 21:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-07-26 20:35 - 2013-03-01 21:44 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2013-07-26 20:35 - 2013-03-01 21:44 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-07-26 20:35 - 2013-03-01 21:44 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\NdisImPlatform.dll
2013-07-26 20:35 - 2013-03-01 21:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2013-07-26 20:35 - 2013-03-01 21:43 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-07-26 20:35 - 2013-03-01 21:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2013-07-26 20:35 - 2013-02-28 23:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2013-07-26 20:34 - 2013-05-30 18:24 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-26 20:34 - 2013-05-30 18:08 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-26 20:34 - 2013-05-23 18:01 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-07-26 20:34 - 2013-05-23 17:27 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-07-26 20:34 - 2013-05-14 21:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-07-26 20:34 - 2013-05-14 21:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-07-26 20:34 - 2013-05-14 21:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-07-26 20:34 - 2013-05-14 21:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-07-26 20:34 - 2013-05-04 02:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2013-07-26 20:34 - 2013-05-04 02:34 - 00446720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-07-26 20:34 - 2013-05-04 02:34 - 00284416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-07-26 20:34 - 2013-05-04 02:34 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-26 20:34 - 2013-05-04 01:59 - 13644288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-07-26 20:34 - 2013-05-04 01:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-07-26 20:34 - 2013-05-04 01:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2013-07-26 20:34 - 2013-05-04 01:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-07-26 20:34 - 2013-05-04 01:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-07-26 20:34 - 2013-05-04 01:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2013-07-26 20:34 - 2013-05-04 01:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-07-26 20:34 - 2013-05-04 01:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-07-26 20:34 - 2013-05-04 01:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2013-07-26 20:34 - 2013-05-04 01:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 02305024 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2013-07-26 20:34 - 2013-05-04 01:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2013-07-26 20:34 - 2013-05-04 01:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-07-26 20:34 - 2013-05-03 23:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-07-26 20:34 - 2013-05-03 23:57 - 10788864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-07-26 20:34 - 2013-05-03 23:57 - 08857088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-07-26 20:34 - 2013-05-03 23:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-07-26 20:34 - 2013-05-03 23:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-07-26 20:34 - 2013-05-03 23:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-07-26 20:34 - 2013-05-03 23:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-07-26 20:34 - 2013-05-03 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-07-26 20:34 - 2013-05-03 23:56 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-26 20:34 - 2013-05-03 23:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-07-26 20:34 - 2013-05-03 23:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-07-26 20:34 - 2013-05-03 23:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-07-26 20:34 - 2013-05-03 23:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-07-26 20:34 - 2013-05-03 23:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-07-26 20:34 - 2013-05-03 23:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2013-07-26 20:34 - 2013-05-03 23:48 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-07-26 20:34 - 2013-05-03 23:48 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-07-26 20:34 - 2013-05-03 23:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-07-26 20:34 - 2013-05-03 23:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-07-26 20:34 - 2013-05-02 17:04 - 00386646 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-26 20:34 - 2013-03-02 05:57 - 00337128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-26 20:32 - 2013-04-09 00:33 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2013-07-26 20:32 - 2013-04-09 00:33 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-07-26 20:32 - 2013-04-09 00:33 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-07-26 20:32 - 2013-04-09 00:20 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2013-07-26 20:32 - 2013-04-09 00:20 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2013-07-26 20:32 - 2013-04-09 00:18 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2013-07-26 20:32 - 2013-04-09 00:17 - 01829408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-07-26 20:32 - 2013-04-08 23:52 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-07-26 20:32 - 2013-04-08 23:52 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2013-07-26 20:32 - 2013-04-08 23:52 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-07-26 20:32 - 2013-04-08 23:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-07-26 20:32 - 2013-04-08 23:52 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2013-07-26 20:32 - 2013-04-08 23:51 - 14267904 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-07-26 20:32 - 2013-04-08 23:51 - 03552768 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-07-26 20:32 - 2013-04-08 23:51 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2013-07-26 20:32 - 2013-04-08 23:51 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-26 20:32 - 2013-04-08 23:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2013-07-26 20:32 - 2013-04-08 23:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-07-26 20:32 - 2013-04-08 23:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-07-26 20:32 - 2013-04-08 23:51 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 02107904 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 00745984 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-07-26 20:32 - 2013-04-08 23:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 01444864 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-07-26 20:32 - 2013-04-08 23:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2013-07-26 20:32 - 2013-04-08 23:48 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-26 20:32 - 2013-04-08 23:48 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2013-07-26 20:32 - 2013-04-08 21:34 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2013-07-26 20:32 - 2013-04-08 21:33 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-07-26 20:32 - 2013-04-08 21:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2013-07-26 20:32 - 2013-04-08 21:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2013-07-26 20:32 - 2013-04-08 21:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-07-26 20:32 - 2013-04-08 21:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-07-26 20:32 - 2013-04-08 18:44 - 00123880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-07-26 20:32 - 2013-04-08 18:39 - 01408896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-07-26 20:32 - 2013-04-08 18:37 - 00426024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-07-26 20:32 - 2013-04-08 18:37 - 00324368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-07-26 20:32 - 2013-04-08 16:52 - 11878912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-07-26 20:32 - 2013-04-08 16:52 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-07-26 20:32 - 2013-04-08 16:52 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-26 20:32 - 2013-04-08 16:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-07-26 20:32 - 2013-04-08 16:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-07-26 20:32 - 2013-04-08 16:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-07-26 20:32 - 2013-04-08 16:51 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00659456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-07-26 20:32 - 2013-04-08 16:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-07-26 20:32 - 2013-04-04 18:30 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-07-26 20:32 - 2013-03-30 13:16 - 01403784 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-26 20:32 - 2013-03-30 13:16 - 01267424 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-26 20:32 - 2013-03-28 17:09 - 01217328 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-26 20:32 - 2013-03-28 17:09 - 01093880 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-26 20:32 - 2013-03-15 17:05 - 00298456 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2013-07-26 20:32 - 2013-03-15 17:05 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-07-26 20:32 - 2013-03-02 05:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2013-07-26 20:32 - 2013-03-01 21:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-07-26 20:32 - 2013-02-06 20:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-07-26 20:32 - 2012-12-12 23:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-26 20:32 - 2012-12-12 22:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-26 20:32 - 2012-11-06 02:33 - 00522640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2013-07-26 20:32 - 2012-11-06 00:00 - 00463768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2013-07-26 20:32 - 2012-11-05 23:18 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2013-07-26 20:32 - 2012-10-11 00:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-07-26 20:32 - 2012-10-11 00:44 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2013-07-26 20:32 - 2012-10-11 00:06 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2013-07-26 20:32 - 2012-10-11 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-07-26 20:32 - 2012-09-20 01:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\fhmanagew.exe
2013-07-26 20:32 - 2012-09-20 01:33 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2013-07-26 20:32 - 2012-09-20 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2013-07-26 20:32 - 2012-09-20 01:32 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2013-07-26 20:32 - 2012-09-20 01:32 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2013-07-26 20:32 - 2012-09-20 01:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2013-07-26 20:32 - 2012-09-20 01:32 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2013-07-26 20:32 - 2012-09-20 01:32 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2013-07-26 20:32 - 2012-09-20 01:32 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2013-07-26 20:32 - 2012-09-20 01:32 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\fhcat.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\fhshl.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\fhsvc.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\fhsrchapi.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fhevents.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\fhsrchph.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\fhlisten.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\fhautoplay.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\fhcleanup.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\fhtask.dll
2013-07-26 20:32 - 2012-09-20 01:31 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\fhsvcctl.dll
2013-07-26 20:32 - 2012-09-20 01:12 - 09374208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-07-26 20:32 - 2012-09-20 01:09 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2013-07-26 20:32 - 2012-09-20 00:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2013-07-26 20:32 - 2012-09-20 00:55 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2013-07-26 20:32 - 2012-09-20 00:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2013-07-26 20:32 - 2012-09-20 00:54 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2013-07-26 20:32 - 2012-09-20 00:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2013-07-26 20:32 - 2012-09-20 00:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2013-07-26 20:32 - 2012-09-20 00:54 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2013-07-26 20:32 - 2012-09-20 00:54 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2013-07-26 20:32 - 2012-09-20 00:54 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2013-07-26 20:32 - 2012-09-20 00:32 - 09374208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-07-26 20:30 - 2013-07-26 20:30 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-26 20:30 - 2013-07-26 20:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-26 20:28 - 2013-05-02 10:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-07-26 20:02 - 2013-04-15 21:34 - 01455368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-26 20:02 - 2013-01-09 20:40 - 00303848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-07-26 20:02 - 2012-11-25 23:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2013-07-26 20:02 - 2012-11-25 23:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2013-07-26 20:02 - 2012-10-10 02:04 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-07-26 20:02 - 2012-10-10 01:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-26 20:01 - 2013-05-30 18:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-26 20:01 - 2013-04-11 17:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-26 20:01 - 2013-04-11 17:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-26 20:01 - 2012-11-09 23:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-07-26 20:01 - 2012-11-09 23:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-07-26 20:01 - 2012-11-09 23:22 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-07-26 20:01 - 2012-11-09 23:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2013-07-26 20:01 - 2012-11-09 23:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2013-07-26 20:01 - 2012-11-09 23:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2013-07-26 20:00 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 20:00 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 20:00 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 20:00 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 20:00 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 20:00 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 20:00 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 20:00 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 20:00 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 20:00 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 20:00 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 20:00 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 20:00 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 20:00 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 20:00 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 20:00 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 20:00 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 20:00 - 2013-06-01 04:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-26 20:00 - 2013-06-01 04:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-26 20:00 - 2013-05-15 17:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-26 20:00 - 2013-05-15 17:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-07-26 20:00 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 20:00 - 2013-05-14 04:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 20:00 - 2013-05-04 02:45 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-26 20:00 - 2013-04-28 17:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-07-26 20:00 - 2013-04-23 18:13 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-26 20:00 - 2013-04-23 18:12 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-26 20:00 - 2013-04-23 18:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-26 20:00 - 2013-04-23 17:56 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-26 20:00 - 2013-04-23 17:55 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-26 20:00 - 2013-04-23 17:55 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-26 20:00 - 2013-04-23 17:55 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-26 20:00 - 2013-03-06 01:31 - 19758592 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-26 20:00 - 2013-03-02 04:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-26 20:00 - 2013-03-02 03:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-07-26 20:00 - 2013-03-01 21:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2013-07-26 20:00 - 2013-02-21 05:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 20:00 - 2013-02-21 05:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 20:00 - 2013-02-21 05:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 20:00 - 2013-02-21 05:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 20:00 - 2013-02-21 05:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 20:00 - 2013-02-21 05:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 20:00 - 2013-02-19 04:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-07-26 20:00 - 2013-02-11 19:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-26 20:00 - 2013-02-05 17:29 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-07-26 20:00 - 2013-02-05 17:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-07-26 20:00 - 2013-02-02 06:19 - 00496872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-07-26 20:00 - 2013-02-02 06:19 - 00061672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-07-26 20:00 - 2013-02-02 05:54 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-26 20:00 - 2013-02-02 05:28 - 00993512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-26 20:00 - 2013-02-02 03:40 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-07-26 20:00 - 2013-02-02 03:40 - 00370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-07-26 20:00 - 2013-02-02 03:40 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-07-26 20:00 - 2013-02-02 03:40 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-07-26 20:00 - 2013-02-02 03:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-07-26 20:00 - 2013-02-02 03:40 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-07-26 20:00 - 2013-02-02 03:39 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-07-26 20:00 - 2013-02-02 03:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-07-26 20:00 - 2013-02-02 03:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-07-26 20:00 - 2013-02-02 03:39 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-07-26 20:00 - 2013-02-02 03:38 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-07-26 20:00 - 2013-02-02 03:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2013-07-26 20:00 - 2013-02-02 03:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2013-07-26 20:00 - 2013-02-02 03:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-07-26 20:00 - 2013-02-02 03:23 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\wlroamextension.dll
2013-07-26 20:00 - 2013-02-02 03:23 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2013-07-26 20:00 - 2013-02-02 03:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2013-07-26 20:00 - 2013-02-02 03:23 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-07-26 20:00 - 2013-02-02 03:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-07-26 20:00 - 2013-02-02 03:21 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-07-26 20:00 - 2013-02-02 03:21 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-07-26 20:00 - 2013-02-02 03:20 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2013-07-26 20:00 - 2013-02-02 03:20 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\hotspotauth.dll
2013-07-26 20:00 - 2013-02-02 02:25 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-07-26 20:00 - 2013-02-02 02:25 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-26 20:00 - 2013-02-02 00:41 - 01437184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-07-26 20:00 - 2013-02-02 00:31 - 01690624 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-07-26 20:00 - 2012-12-14 23:55 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2013-07-26 20:00 - 2012-11-26 22:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2013-07-26 20:00 - 2012-11-26 22:55 - 00029952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthhfHid.sys
2013-07-26 20:00 - 2012-11-19 23:56 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-07-26 20:00 - 2012-11-19 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidi2c.sys
2013-07-26 20:00 - 2012-11-07 23:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 20:00 - 2012-11-07 23:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 20:00 - 2012-11-03 00:26 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\sysreset.exe
2013-07-26 20:00 - 2012-11-03 00:25 - 00945152 _____ (Microsoft Corporation) C:\Windows\system32\resetengmig.dll
2013-07-26 20:00 - 2012-10-23 22:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2013-07-26 20:00 - 2012-10-23 21:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-07-26 20:00 - 2012-10-05 23:53 - 02893824 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-26 20:00 - 2012-10-05 23:15 - 02400256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-26 20:00 - 2012-09-20 02:55 - 00488168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-07-26 20:00 - 2012-09-20 02:55 - 00079080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-07-26 20:00 - 2012-09-20 02:55 - 00021736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-07-26 20:00 - 2012-09-20 01:32 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-07-26 20:00 - 2012-09-20 01:32 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-07-26 20:00 - 2012-09-20 01:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-07-26 19:59 - 2013-05-04 01:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-26 19:59 - 2013-05-03 23:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-26 19:59 - 2013-04-27 00:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-26 19:59 - 2013-04-11 01:40 - 06987528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-26 19:59 - 2013-04-02 18:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-26 19:59 - 2013-04-02 18:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-26 19:59 - 2013-03-21 22:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-07-26 19:59 - 2013-03-21 17:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-07-26 19:59 - 2013-03-14 19:17 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-07-26 19:59 - 2013-03-06 02:10 - 00112872 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-26 19:59 - 2013-03-06 01:31 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-26 19:59 - 2013-03-06 01:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-26 19:59 - 2013-03-06 00:03 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-26 19:59 - 2013-03-06 00:03 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-26 19:59 - 2013-01-28 20:57 - 00035232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-07-26 19:59 - 2013-01-28 18:08 - 00230904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-07-26 19:59 - 2012-12-16 03:28 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-26 19:59 - 2012-12-16 03:20 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-26 19:59 - 2012-12-16 03:08 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-26 19:59 - 2012-12-16 02:57 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-26 19:59 - 2012-11-07 23:24 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-07-26 19:59 - 2012-11-07 23:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-07-26 19:59 - 2012-11-07 23:20 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-07-26 19:59 - 2012-11-07 23:20 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-07-26 19:59 - 2012-11-07 23:02 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-07-26 19:59 - 2012-11-07 23:01 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-07-26 19:59 - 2012-11-03 00:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-07-26 19:59 - 2012-11-03 00:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2013-07-26 19:59 - 2012-11-03 00:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-07-26 19:59 - 2012-11-03 00:24 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-26 19:59 - 2012-11-03 00:24 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2013-07-26 19:59 - 2012-11-03 00:24 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2013-07-26 19:59 - 2012-11-03 00:24 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2013-07-26 19:59 - 2012-11-03 00:24 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2013-07-26 19:59 - 2012-11-03 00:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2013-07-26 19:59 - 2012-11-03 00:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2013-07-26 19:59 - 2012-11-03 00:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2013-07-26 19:59 - 2012-11-03 00:04 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2013-07-26 19:59 - 2012-11-03 00:00 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2013-07-26 19:59 - 2012-11-03 00:00 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-07-26 19:59 - 2012-10-31 23:41 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-26 19:59 - 2012-10-31 23:41 - 01438720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-26 19:59 - 2012-10-31 23:40 - 02361344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-26 19:59 - 2012-10-31 23:40 - 01836032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-07-26 19:59 - 2012-10-31 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2013-07-26 19:59 - 2012-10-31 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-07-26 19:59 - 2012-10-31 23:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2013-07-26 19:59 - 2012-10-31 23:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-07-26 19:59 - 2012-10-23 22:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2013-07-26 19:59 - 2012-10-23 22:24 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2013-07-26 19:59 - 2012-10-23 22:24 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2013-07-26 19:59 - 2012-10-23 22:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2013-07-26 18:38 - 2013-07-27 19:22 - 00225280 ___SH C:\Users\Daisy\Desktop\Thumbs.db
2013-07-26 17:43 - 2013-07-26 20:27 - 00000000 ____D C:\Users\Daisy\Desktop\job
2013-07-26 17:36 - 2013-07-26 17:36 - 00000117 _____ C:\Windows\system32\netcfg-42093093.txt
2013-07-26 17:36 - 2013-07-26 17:36 - 00000117 _____ C:\Windows\system32\netcfg-42088937.txt
2013-07-26 04:59 - 2013-07-26 04:59 - 00000117 _____ C:\Windows\system32\netcfg-29221687.txt
2013-07-26 00:42 - 2013-07-26 00:42 - 00000117 _____ C:\Windows\system32\netcfg-13823046.txt
2013-07-25 22:34 - 2013-07-25 22:40 - 46604616 _____ (Apple Inc.) C:\Users\Daisy\Downloads\iCloudSetup.exe
2013-07-25 22:32 - 2013-07-25 19:37 - 00000000 ____D C:\Windows\Panther
2013-07-25 22:32 - 2012-08-09 21:31 - 00000013 ____R C:\Windows\csup.txt
2013-07-25 22:28 - 2013-07-27 19:27 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Apple Computer
2013-07-25 22:28 - 2013-07-27 19:13 - 00000000 ____D C:\Users\Daisy\AppData\Local\Apple Computer
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\Program Files\iTunes
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\Program Files\iPod
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-25 22:28 - 2012-08-21 15:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-07-25 22:27 - 2013-07-26 05:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Users\Daisy\AppData\Local\Apple
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\ProgramData\Apple
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files\Bonjour
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-25 22:24 - 2013-07-25 22:25 - 90917712 _____ (Apple Inc.) C:\Users\Daisy\iTunes64Setup.exe
2013-07-25 22:20 - 2013-07-25 22:20 - 00000117 _____ C:\Windows\system32\netcfg-5292125.txt
2013-07-25 22:20 - 2013-07-25 22:20 - 00000117 _____ C:\Windows\system32\netcfg-5290984.txt
2013-07-25 21:49 - 2013-07-25 22:21 - 00000000 ____D C:\Users\Daisy\AVS4U
2013-07-25 21:43 - 2013-07-25 21:43 - 00041829 _____ C:\Users\Daisy\Desktop\Axioms of choice
2013-07-25 21:34 - 2013-07-25 21:34 - 00000000 __SHD C:\Recovery
2013-07-25 21:33 - 2013-07-25 21:33 - 00001136 _____ C:\Windows\system32\netcfg-48312.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00001135 _____ C:\Windows\system32\netcfg-44109.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000197 _____ C:\Windows\system32\netcfg-51156.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000185 _____ C:\Windows\system32\netcfg-43125.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000164 _____ C:\Windows\system32\netcfg-37828.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000161 _____ C:\Windows\system32\netcfg-42921.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000160 _____ C:\Windows\system32\netcfg-42453.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000160 _____ C:\Windows\system32\netcfg-42187.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000160 _____ C:\Windows\system32\netcfg-38187.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000159 _____ C:\Windows\system32\netcfg-41796.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000157 _____ C:\Windows\system32\netcfg-42687.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000157 _____ C:\Windows\system32\netcfg-38578.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000150 _____ C:\Windows\system32\netcfg-41546.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000000 ____D C:\ProgramData\HP
2013-07-25 21:32 - 2013-07-26 20:46 - 00015514 _____ C:\Windows\PFRO.log
2013-07-25 20:57 - 2013-07-25 21:39 - 00000509 _____ C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\eCampus Home.website
2013-07-25 20:50 - 2013-07-25 20:50 - 15897088 _____ C:\Users\Daisy\Downloads\Windows8-RT-KB2849636-x64.msu
2013-07-25 20:50 - 2013-07-12 17:43 - 00034496 _____ C:\Windows\system32\PreTask.exe
2013-07-25 20:50 - 2013-07-11 23:06 - 02371736 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-07-25 20:50 - 2013-07-11 23:06 - 00058912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-07-25 20:50 - 2013-07-11 22:01 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-07-25 20:50 - 2013-07-11 21:52 - 00075952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-07-25 20:50 - 2013-07-11 20:38 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-07-25 20:50 - 2013-07-11 20:38 - 03264000 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00662016 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-07-25 20:50 - 2013-07-11 20:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-07-25 20:50 - 2013-07-11 20:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-07-25 20:50 - 2013-07-11 20:30 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-07-25 20:50 - 2013-07-11 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-07-25 20:50 - 2013-07-11 20:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-07-25 20:50 - 2013-07-11 20:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-07-25 20:50 - 2013-07-11 20:30 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-07-25 20:50 - 2013-07-11 20:29 - 00539136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-07-25 20:50 - 2013-07-11 20:29 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-07-25 20:50 - 2013-07-11 20:29 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-07-25 20:50 - 2013-07-11 20:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-07-25 20:50 - 2013-07-11 20:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-07-25 20:50 - 2013-07-11 20:29 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-07-25 20:50 - 2013-07-11 20:29 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-07-25 20:50 - 2013-07-11 20:29 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-07-25 20:50 - 2013-05-04 01:58 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-07-25 20:50 - 2013-05-03 23:57 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-07-25 20:50 - 2013-03-01 21:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-25 20:50 - 2013-03-01 21:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2013-07-25 20:50 - 2012-11-05 23:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2013-07-25 20:50 - 2012-11-05 23:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2013-07-25 20:50 - 2012-09-20 01:33 - 00110592 _____ C:\Windows\system32\OEMLicense.dll
2013-07-25 20:38 - 2013-07-25 20:38 - 00002255 _____ C:\Users\Daisy\Google Chrome.lnk
2013-07-25 20:37 - 2013-07-28 13:48 - 00000000 ____D C:\Users\Daisy\Desktop\MTH221
2013-07-25 20:33 - 2013-07-28 13:38 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 20:33 - 2013-07-27 18:38 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 20:33 - 2013-07-25 20:38 - 00000000 ____D C:\Users\Daisy\AppData\Local\Google
2013-07-25 20:33 - 2013-07-25 20:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-25 20:33 - 2013-07-25 20:33 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-25 20:33 - 2013-07-25 20:33 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-25 20:31 - 2013-07-25 20:31 - 00000000 ____D C:\Users\Daisy\Downloads\Adobe_Acrobat_XI_PDF_Picture_Frames
2013-07-25 20:27 - 2013-07-25 20:28 - 30365300 _____ C:\Users\Daisy\Downloads\Adobe_Acrobat_XI_PDF_Picture_Frames.zip
2013-07-25 20:19 - 2013-07-25 20:19 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Macromedia
2013-07-25 20:18 - 2013-07-25 20:18 - 00001304 _____ C:\Users\Daisy\Desktop\HP29D628 (HP Officejet 6500 E710n-z) - Shortcut.lnk
2013-07-25 20:14 - 2013-07-28 11:01 - 00000000 ____D C:\Users\Daisy\AppData\Local\Adobe
2013-07-25 20:14 - 2013-07-25 20:24 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-25 20:14 - 2013-07-25 20:14 - 00002140 _____ C:\Users\Daisy\Adobe FormsCentral.lnk
2013-07-25 20:14 - 2013-07-25 20:14 - 00002026 _____ C:\Users\Daisy\Adobe Acrobat XI Pro.lnk
2013-07-25 20:11 - 2013-07-27 12:24 - 00000000 ____D C:\ProgramData\Adobe
2013-07-25 20:11 - 2013-07-27 10:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-25 20:06 - 2013-07-25 20:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-07-25 19:52 - 2013-07-25 19:52 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-25 19:52 - 2013-07-25 19:52 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-07-25 19:52 - 2013-07-25 19:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-07-25 19:51 - 2013-07-25 19:51 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-25 19:50 - 2013-07-25 19:50 - 00000000 ____D C:\Users\Daisy\AppData\Local\Microsoft Help
2013-07-25 19:50 - 2013-07-25 19:50 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-25 19:50 - 2013-07-25 19:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-25 19:50 - 2013-07-25 19:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-07-25 19:49 - 2013-07-28 03:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-25 19:49 - 2013-07-25 19:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-25 19:49 - 2013-07-25 19:49 - 00000000 __RHD C:\MSOCache
2013-07-25 19:47 - 2013-07-25 19:47 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-25 19:47 - 2013-07-25 19:47 - 00006550 _____ C:\Windows\LDPINST.LOG
2013-07-25 19:47 - 2013-07-25 19:47 - 00000756 _____ C:\Windows\LkmdfCoInst.log
2013-07-25 19:47 - 2013-07-25 19:47 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2013-07-25 19:47 - 2013-07-25 19:47 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Leadertech
2013-07-25 19:47 - 2013-07-25 19:47 - 00000000 ____D C:\ProgramData\Logitech
2013-07-25 19:46 - 2013-07-25 19:47 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Logitech
2013-07-25 19:46 - 2013-07-25 19:47 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-07-25 19:46 - 2013-07-25 19:46 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Logishrd
2013-07-25 19:46 - 2013-07-25 19:46 - 00000000 ____D C:\ProgramData\Logishrd
2013-07-25 19:46 - 2013-07-25 19:46 - 00000000 ____D C:\Program Files\Logitech
2013-07-25 19:43 - 2013-07-25 21:16 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1184115966-173049346-1184268392-1001
2013-07-25 19:42 - 2013-07-25 19:42 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-07-25 19:42 - 2013-07-25 19:42 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-25 19:42 - 2013-07-25 19:42 - 00000000 ____D C:\Intel
2013-07-25 19:42 - 2012-10-06 02:12 - 00056832 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2013-07-25 19:42 - 2012-10-06 02:12 - 00056320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2013-07-25 19:38 - 2013-07-27 12:24 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Adobe
2013-07-25 19:38 - 2013-07-26 21:09 - 00000000 ___RD C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-25 19:38 - 2013-07-26 21:09 - 00000000 ___RD C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-25 19:38 - 2013-07-25 19:38 - 00001430 _____ C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-25 19:38 - 2013-07-25 19:38 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-25 19:37 - 2013-07-28 13:57 - 01793821 _____ C:\Windows\WindowsUpdate.log
2013-07-25 19:37 - 2013-07-27 09:40 - 00000000 ____D C:\Users\Daisy
2013-07-25 19:37 - 2013-07-25 19:38 - 00000000 ____D C:\Users\Daisy\AppData\Local\Packages
2013-07-25 19:37 - 2013-07-25 19:38 - 00000000 ____D C:\ProgramData\PRICache
2013-07-25 19:37 - 2013-07-25 19:37 - 00000020 ___SH C:\Users\Daisy\ntuser.ini
2013-07-25 19:37 - 2013-07-25 19:37 - 00000000 ____D C:\Users\Daisy\AppData\Local\VirtualStore
2013-07-25 19:37 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-07-25 19:37 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-25 19:37 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-07-25 19:37 - 2012-07-26 03:13 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-07-25 19:36 - 2013-07-25 19:36 - 00001139 _____ C:\Windows\system32\netcfg-132703.txt
2013-07-25 19:36 - 2013-07-25 19:36 - 00000117 _____ C:\Windows\system32\netcfg-133000.txt
2013-07-25 19:36 - 2013-07-25 19:36 - 00000117 _____ C:\Windows\system32\netcfg-130187.txt
2013-07-25 19:36 - 2013-07-25 19:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
 
==================== One Month Modified Files and Folders =======
 
2013-07-28 14:03 - 2013-07-28 14:03 - 01780547 _____ (Farbar) C:\Users\Daisy\Desktop\FRST64.exe
2013-07-28 14:03 - 2013-07-28 14:03 - 00000000 ____D C:\FRST
2013-07-28 14:02 - 2013-07-28 14:02 - 00001836 _____ C:\Users\Daisy\Desktop\aswMBR.txt
2013-07-28 14:02 - 2013-07-28 14:02 - 00000512 _____ C:\Users\Daisy\Desktop\MBR.dat
2013-07-28 14:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-28 13:58 - 2013-07-25 19:37 - 01793821 _____ C:\Windows\WindowsUpdate.log
2013-07-28 13:48 - 2013-07-25 20:37 - 00000000 ____D C:\Users\Daisy\Desktop\MTH221
2013-07-28 13:38 - 2013-07-25 20:33 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 13:17 - 2013-07-27 09:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-28 11:45 - 2013-07-28 11:13 - 04745728 _____ (AVAST Software) C:\Users\Daisy\Desktop\aswMBR.exe
2013-07-28 11:01 - 2013-07-25 20:14 - 00000000 ____D C:\Users\Daisy\AppData\Local\Adobe
2013-07-28 10:52 - 2013-07-28 10:46 - 2160940399 _____ C:\Users\Daisy\Desktop\Music.zip
2013-07-28 03:08 - 2013-07-25 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-28 03:05 - 2012-07-26 00:26 - 00000167 _____ C:\Windows\win.ini
2013-07-27 19:27 - 2013-07-25 22:28 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Apple Computer
2013-07-27 19:22 - 2013-07-26 18:38 - 00225280 ___SH C:\Users\Daisy\Desktop\Thumbs.db
2013-07-27 19:13 - 2013-07-25 22:28 - 00000000 ____D C:\Users\Daisy\AppData\Local\Apple Computer
2013-07-27 19:06 - 2012-07-26 02:28 - 00803370 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 19:05 - 2012-07-26 02:21 - 00015070 _____ C:\Windows\setupact.log
2013-07-27 18:38 - 2013-07-25 20:33 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-27 16:51 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2013-07-27 15:02 - 2013-07-27 11:24 - 00000000 ____D C:\Users\Daisy\Desktop\UOPHX
2013-07-27 12:25 - 2013-07-27 12:25 - 00000000 ____D C:\ProgramData\RIBS
2013-07-27 12:24 - 2013-07-27 12:24 - 00002043 _____ C:\Users\Public\Desktop\Lightroom 5 64-bit.lnk
2013-07-27 12:24 - 2013-07-27 12:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-27 12:24 - 2013-07-25 20:11 - 00000000 ____D C:\ProgramData\Adobe
2013-07-27 12:24 - 2013-07-25 19:38 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Adobe
2013-07-27 12:23 - 2013-07-27 12:23 - 00000000 ____D C:\Program Files\Adobe
2013-07-27 10:54 - 2013-07-25 20:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-27 10:53 - 2013-07-27 10:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-07-27 10:53 - 2013-07-27 10:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-07-27 09:57 - 2013-07-27 09:57 - 00000000 ____D C:\Users\Daisy\Desktop\CC
2013-07-27 09:55 - 2013-07-27 09:55 - 00003506 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-PowerOfOne-Daisy
2013-07-27 09:55 - 2013-07-27 09:55 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-07-27 09:51 - 2013-07-27 09:51 - 03867512 _____ (Adobe Systems Incorporated) C:\Users\Daisy\Downloads\CreativeCloudSet-Up.exe
2013-07-27 09:48 - 2013-07-27 09:48 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-27 09:45 - 2013-07-27 09:45 - 01069032 _____ (Solid State Networks) C:\Users\Daisy\Downloads\68AD.tmp
2013-07-27 09:40 - 2013-07-25 19:37 - 00000000 ____D C:\Users\Daisy
2013-07-26 21:21 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-26 21:09 - 2013-07-25 19:38 - 00000000 ___RD C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 21:09 - 2013-07-25 19:38 - 00000000 ___RD C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-26 21:08 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 21:06 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2013-07-26 21:06 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-26 21:06 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-26 21:06 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-26 21:06 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-26 21:06 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\Dism
2013-07-26 20:46 - 2013-07-25 21:32 - 00015514 _____ C:\Windows\PFRO.log
2013-07-26 20:45 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 20:45 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-26 20:45 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-26 20:45 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 20:30 - 2013-07-26 20:30 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-26 20:30 - 2013-07-26 20:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-26 20:27 - 2013-07-26 17:43 - 00000000 ____D C:\Users\Daisy\Desktop\job
2013-07-26 17:36 - 2013-07-26 17:36 - 00000117 _____ C:\Windows\system32\netcfg-42093093.txt
2013-07-26 17:36 - 2013-07-26 17:36 - 00000117 _____ C:\Windows\system32\netcfg-42088937.txt
2013-07-26 05:54 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-07-26 05:53 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-26 04:59 - 2013-07-26 04:59 - 00000117 _____ C:\Windows\system32\netcfg-29221687.txt
2013-07-26 00:42 - 2013-07-26 00:42 - 00000117 _____ C:\Windows\system32\netcfg-13823046.txt
2013-07-25 22:40 - 2013-07-25 22:34 - 46604616 _____ (Apple Inc.) C:\Users\Daisy\Downloads\iCloudSetup.exe
2013-07-25 22:32 - 2012-07-26 03:13 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\Program Files\iTunes
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\Program Files\iPod
2013-07-25 22:28 - 2013-07-25 22:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Users\Daisy\AppData\Local\Apple
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\ProgramData\Apple
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files\Bonjour
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-25 22:25 - 2013-07-25 22:24 - 90917712 _____ (Apple Inc.) C:\Users\Daisy\iTunes64Setup.exe
2013-07-25 22:21 - 2013-07-25 21:49 - 00000000 ____D C:\Users\Daisy\AVS4U
2013-07-25 22:20 - 2013-07-25 22:20 - 00000117 _____ C:\Windows\system32\netcfg-5292125.txt
2013-07-25 22:20 - 2013-07-25 22:20 - 00000117 _____ C:\Windows\system32\netcfg-5290984.txt
2013-07-25 21:43 - 2013-07-25 21:43 - 00041829 _____ C:\Users\Daisy\Desktop\Axioms of choice
2013-07-25 21:39 - 2013-07-25 20:57 - 00000509 _____ C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\eCampus Home.website
2013-07-25 21:34 - 2013-07-25 21:34 - 00000000 __SHD C:\Recovery
2013-07-25 21:34 - 2012-07-26 03:13 - 00001720 _____ C:\Windows\DtcInstall.log
2013-07-25 21:34 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\Recovery
2013-07-25 21:33 - 2013-07-25 21:33 - 00001136 _____ C:\Windows\system32\netcfg-48312.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00001135 _____ C:\Windows\system32\netcfg-44109.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000197 _____ C:\Windows\system32\netcfg-51156.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000185 _____ C:\Windows\system32\netcfg-43125.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000164 _____ C:\Windows\system32\netcfg-37828.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000161 _____ C:\Windows\system32\netcfg-42921.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000160 _____ C:\Windows\system32\netcfg-42453.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000160 _____ C:\Windows\system32\netcfg-42187.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000160 _____ C:\Windows\system32\netcfg-38187.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000159 _____ C:\Windows\system32\netcfg-41796.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000157 _____ C:\Windows\system32\netcfg-42687.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000157 _____ C:\Windows\system32\netcfg-38578.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000150 _____ C:\Windows\system32\netcfg-41546.txt
2013-07-25 21:33 - 2013-07-25 21:33 - 00000000 ____D C:\ProgramData\HP
2013-07-25 21:16 - 2013-07-25 19:43 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1184115966-173049346-1184268392-1001
2013-07-25 20:52 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2013-07-25 20:52 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-25 20:50 - 2013-07-25 20:50 - 15897088 _____ C:\Users\Daisy\Downloads\Windows8-RT-KB2849636-x64.msu
2013-07-25 20:38 - 2013-07-25 20:38 - 00002255 _____ C:\Users\Daisy\Google Chrome.lnk
2013-07-25 20:38 - 2013-07-25 20:33 - 00000000 ____D C:\Users\Daisy\AppData\Local\Google
2013-07-25 20:38 - 2013-07-25 20:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-25 20:33 - 2013-07-25 20:33 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-25 20:33 - 2013-07-25 20:33 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-25 20:31 - 2013-07-25 20:31 - 00000000 ____D C:\Users\Daisy\Downloads\Adobe_Acrobat_XI_PDF_Picture_Frames
2013-07-25 20:28 - 2013-07-25 20:27 - 30365300 _____ C:\Users\Daisy\Downloads\Adobe_Acrobat_XI_PDF_Picture_Frames.zip
2013-07-25 20:24 - 2013-07-25 20:14 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-25 20:19 - 2013-07-25 20:19 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Macromedia
2013-07-25 20:18 - 2013-07-25 20:18 - 00001304 _____ C:\Users\Daisy\Desktop\HP29D628 (HP Officejet 6500 E710n-z) - Shortcut.lnk
2013-07-25 20:14 - 2013-07-25 20:14 - 00002140 _____ C:\Users\Daisy\Adobe FormsCentral.lnk
2013-07-25 20:14 - 2013-07-25 20:14 - 00002026 _____ C:\Users\Daisy\Adobe Acrobat XI Pro.lnk
2013-07-25 20:06 - 2013-07-25 20:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-07-25 19:52 - 2013-07-25 19:52 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-25 19:52 - 2013-07-25 19:52 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-07-25 19:52 - 2013-07-25 19:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-07-25 19:52 - 2013-07-25 19:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-25 19:51 - 2013-07-25 19:51 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-25 19:50 - 2013-07-25 19:50 - 00000000 ____D C:\Users\Daisy\AppData\Local\Microsoft Help
2013-07-25 19:50 - 2013-07-25 19:50 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-25 19:50 - 2013-07-25 19:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-25 19:50 - 2013-07-25 19:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-07-25 19:50 - 2012-07-26 02:52 - 00000000 ____D C:\Windows\ShellNew
2013-07-25 19:49 - 2013-07-25 19:49 - 00000000 __RHD C:\MSOCache
2013-07-25 19:49 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\restore
2013-07-25 19:47 - 2013-07-25 19:47 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-25 19:47 - 2013-07-25 19:47 - 00006550 _____ C:\Windows\LDPINST.LOG
2013-07-25 19:47 - 2013-07-25 19:47 - 00000756 _____ C:\Windows\LkmdfCoInst.log
2013-07-25 19:47 - 2013-07-25 19:47 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2013-07-25 19:47 - 2013-07-25 19:47 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Leadertech
2013-07-25 19:47 - 2013-07-25 19:47 - 00000000 ____D C:\ProgramData\Logitech
2013-07-25 19:47 - 2013-07-25 19:46 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Logitech
2013-07-25 19:47 - 2013-07-25 19:46 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-07-25 19:46 - 2013-07-25 19:46 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Logishrd
2013-07-25 19:46 - 2013-07-25 19:46 - 00000000 ____D C:\ProgramData\Logishrd
2013-07-25 19:46 - 2013-07-25 19:46 - 00000000 ____D C:\Program Files\Logitech
2013-07-25 19:42 - 2013-07-25 19:42 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-07-25 19:42 - 2013-07-25 19:42 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-25 19:42 - 2013-07-25 19:42 - 00000000 ____D C:\Intel
2013-07-25 19:38 - 2013-07-25 19:38 - 00001430 _____ C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-25 19:38 - 2013-07-25 19:38 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-25 19:38 - 2013-07-25 19:37 - 00000000 ____D C:\Users\Daisy\AppData\Local\Packages
2013-07-25 19:38 - 2013-07-25 19:37 - 00000000 ____D C:\ProgramData\PRICache
2013-07-25 19:37 - 2013-07-25 22:32 - 00000000 ____D C:\Windows\Panther
2013-07-25 19:37 - 2013-07-25 19:37 - 00000020 ___SH C:\Users\Daisy\ntuser.ini
2013-07-25 19:37 - 2013-07-25 19:37 - 00000000 ____D C:\Users\Daisy\AppData\Local\VirtualStore
2013-07-25 19:37 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-07-25 19:36 - 2013-07-25 19:36 - 00001139 _____ C:\Windows\system32\netcfg-132703.txt
2013-07-25 19:36 - 2013-07-25 19:36 - 00000117 _____ C:\Windows\system32\netcfg-133000.txt
2013-07-25 19:36 - 2013-07-25 19:36 - 00000117 _____ C:\Windows\system32\netcfg-130187.txt
2013-07-25 19:36 - 2013-07-25 19:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-07-12 17:43 - 2013-07-25 20:50 - 00034496 _____ C:\Windows\system32\PreTask.exe
2013-07-11 23:06 - 2013-07-25 20:50 - 02371736 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-07-11 23:06 - 2013-07-25 20:50 - 00058912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-07-11 22:01 - 2013-07-25 20:50 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-07-11 21:52 - 2013-07-25 20:50 - 00075952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-07-11 20:38 - 2013-07-25 20:50 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-07-11 20:38 - 2013-07-25 20:50 - 03264000 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00662016 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-07-11 20:38 - 2013-07-25 20:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-07-11 20:37 - 2013-07-25 20:50 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-07-11 20:30 - 2013-07-25 20:50 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-07-11 20:30 - 2013-07-25 20:50 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-07-11 20:30 - 2013-07-25 20:50 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-07-11 20:30 - 2013-07-25 20:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-07-11 20:30 - 2013-07-25 20:50 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-07-11 20:29 - 2013-07-25 20:50 - 00539136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-07-11 20:29 - 2013-07-25 20:50 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-07-11 20:29 - 2013-07-25 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-07-11 20:29 - 2013-07-25 20:50 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-07-11 20:29 - 2013-07-25 20:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-07-11 20:29 - 2013-07-25 20:50 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-07-11 20:29 - 2013-07-25 20:50 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-07-11 20:29 - 2013-07-25 20:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
 
Files to move or delete:
====================
C:\Users\Daisy\iTunes64Setup.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2012-07-25 18:55] - [2012-07-25 22:08] - 0516608 ____A (Microsoft Corporation) 93AB226C07A9789B2EC7B41F73602F76
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-07-25 19:00] - [2012-07-25 22:08] - 0030208 ____A (Microsoft Corporation) 57350BEDE3834915B6145B67C71C7BDA
 
C:\Windows\SysWOW64\svchost.exe
[2012-07-25 19:01] - [2012-07-25 22:20] - 0023040 ____A (Microsoft Corporation) 0A175AF8B65797BD22C11903A8BFEB2D
 
C:\Windows\System32\services.exe
[2012-07-26 00:26] - [2012-07-26 00:26] - 0410624 ____A (Microsoft Corporation) 754A2CC1F32107EA87CBD305ABE3E618
 
C:\Windows\System32\User32.dll
[2012-07-25 19:01] - [2012-07-25 22:07] - 1342464 ____A (Microsoft Corporation) 1D08594400EE1B500B93256795FE30AE
 
C:\Windows\SysWOW64\User32.dll
[2012-07-25 19:02] - [2012-07-25 19:02] - 1126912 ____A (Microsoft Corporation) 8A93F57772FD24959F76A65FF79D282D
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-25 21:32
 
==================== End Of Log ============================

 

 

 

 

Attached Files



#9 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:04:10 PM

Posted 29 July 2013 - 09:41 AM

Hi PowerOfOne,

Thank you for the logs and additional information, please allow me some time to review these and I will get back to you with our next steps.

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#10 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:07:10 PM

Posted 29 July 2013 - 09:59 AM

No worries,

 

I have many things on my plate, so I will just keep checking.

 

Thank you for your help.

 

Respectfully,

 

~PowerOfOne



#11 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:04:10 PM

Posted 30 July 2013 - 08:41 AM

Hi PowerOfOne,

Please read each item below and complete the fix at the end, we are starting to get the information together that we need to answer all of your questions :)

I went into the Command Prompt and entered. <net user Administrator /active: yes>. I have not done it this go-round so it makes a wee bit of a difference in behavior. I thought using my Microsoft account as my regular account and just leaving the Administrator account there. It seemed to have cause many problems having that account visible.

Technically just making it visible should not cause an issue, but unless you have a need to expose it I would leave it hidden per the default setting.

I saw them in the device manager window. I was having a difficult time connecting to my Wired network. I wanted to disable my wireless and I could not locate the Network adapter anywhere. When I was digging around, I found all kinds of strange happenings. Like other user with names like Applications something and Trusted INstaller...or is that a default. I see the Default user. I finally had to reset again and install and I was able to hard wire the machine to the network. I went into the IP address of the AT&T modem and disabled the wireless capabilities.

It sounds like you stumbled on some of the default/hidden components in Windows, and the users/groups you mentioned here and in your screen shot are included by default. If you would like to read more you can see how access control has changed in newer versions of Windows and the default users and groups created based on your OS configuration.

I have attached a snip of the users that come up when I go into a folder and properties and the security tab. Who are all those? Are they supposed to be there?

Yes, these groups are part of a normal Windows installation, and although some of the groups are not used they will be created by default. Please note that the majority of the list represents groups and not users, as indicated by the two-person icon. The only two users on this list are Daisy and HomeGroupUser$, the latter of which is another default account used by Windows for access to the HomeGroup if one is setup.

I went to PC Settings and did an Advanced reset. It sets everything back to factory settings and then installed from the disk. I wen to advanced and there like 4 disks and partitions and I deleted most. One stayed and the C: drive. I created another disk (I am not skilled at this part). I added 30GB to it and I was going to use it as a Recovery disk until I get an external. There is also a screen shot of when I go into Disk Management and I see the 30GB and it says "unallocated". So I need to get control of that and perhaps you can assist in creating that 30GB recovery disk so I can stop deleting my files if I have to reset. I wan to create an image also.


Warning: the changes you are making under disk management can cause loss of data, so please be sure everything is backed up before performing any of these actions. That being said, the partitions were created as part of the installation, and modifying them could cause issues with Windows. I believe you are mixing up the terms disk and partition, which would lead to confusion regarding what to create and delete. Based on the logs and what I see in your scren shot of disk management, here is what I can tell you:

Disk 0 represents your main Western Digital 500gb hard drive, has a GPT partition table and contains 4 partitions:
  • Partition 1 - 300mb Recovery Partition
  • Partition 2 - 100mb System Partition
  • Partition 3 - 31gb Unallocated Partition
  • Partition 4 - 434gb Main Operating System (C:\ drive)
Disk 1 and 2 represent DVD-ROM drives or another type of removable media, both are empty.

Disk 3 represents what appears to be a flash drive, do you recognize the BMW (G:\) drive under Computer? If you cannot access it that may be normal. It contains 1 partition:
  • Partition 1 - 2gb NTFS Partition (G:\ drive)
Disk 4 represents what appears to be a recovery disk, however I am not sure why it is listed as a separate disk, we can look further into this. Do you recognize the RECOVERY (H:\) drive under Computer? If you cannot access it that may be normal. It contains 1 partition:
  • Partition 1 - 16gb FAT32 Partition (H:\ drive)

I went to PC Settings and did an Advanced reset. It sets everything back to factory settings and then installed from the disk. I wen to advanced and there like 4 disks and partitions and I deleted most. One stayed and the C: drive. I created another disk (I am not skilled at this part). I added 30GB to it and I was going to use it as a Recovery disk until I get an external. There is also a screen shot of when I go into Disk Management and I see the 30GB and it says "unallocated". So I need to get control of that and perhaps you can assist in creating that 30GB recovery disk so I can stop deleting my files if I have to reset. I wan to create an image also.


The Advanced Reset feature is designed to restore the factory defaults from a system image, so there should not be a need to delete any drives or partitions. The 30gb partition you added is inaccessible because it has not been formatted, but we can come back to this toward the end. There are a few different ways we can make a backup and I can guide you to what's best for your configuration.

So now that we have covered all of that, please let me know if you have any questions as we go along! On to the fix:

We need to run a fix with Farbar's Recovery Scan Tool:

Please erase any copy of FRST.exe that you have now and download the latest version here and save it to your Desktop

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Click on the Start Orb, in the search box type: notepad
  • Click on Notepad, a blank text document will appear, copy and paste the entire text below into the document:
    HKLM-x32\...\Run: [] -  [x]
    2013-07-27 09:45 - 2013-07-27 09:45 - 01069032 _____ (Solid State Networks) C:\Users\Daisy\Downloads\68AD.tmp
    C:\Users\Daisy\iTunes64Setup.exe
    CMD: type C:\Windows\system32\Drivers\etc\hosts
    CMD: dir g:\
    CMD: dir h:\
  • Click on File then Save As..., navigate to your Desktop
  • For the file name, enter: fixlist.txt and save the file
    Note: It is important that the file is named fixlist.txt so the tool will run, and it's also important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work
  • Run FRST/FRST64 and press the Fix button just once and wait
  • If the tool needs a restart please make sure you let the system to restart normally and let the tool completes its run after restart
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply
Note: If the tool warned you about the outdated version please download and run the updated version.

In your next post I need the following:
  • answers to my questions above
  • fixlog.txt from FRST Fix
  • status update - is there anything else you would like to add at this time?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#12 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:07:10 PM

Posted 30 July 2013 - 10:15 AM

Technically just making it visible should not cause an issue, but unless you have a need to expose it I would leave it hidden per the default setting.

  Okay, I will leave it hidden as per your suggestion.

 

 

Disk 0 represents your main Western Digital 500gb hard drive, has a GPT partition table and contains 4 partitions:
  • Partition 1 - 300mb Recovery Partition
  • Partition 2 - 100mb System Partition
  • Partition 3 - 31gb Unallocated Partition
  • Partition 4 - 434gb Main Operating System (C:\ drive)

 

Partition 3 is what I need help with. I partitioned it at the last installation and I cannot find it.  For awhile there it showed up when I clicked on computer to see all the drives and it was drive G:...But I can't find it anywhere unless I look in Disk Management and then I am lost on how to allocate those 30GBs.  I want to use that as my recovery drive (think I mentioned this in previous post), until I have $$$ to purchase an external drive.  I want to create an image so I felt that 30 GBs was plenty to partition from C:. So yes, your guidance on this would be very helpful.

 

 

Disk 3 represents what appears to be a flash drive, do you recognize the BMW (G:\) drive under Computer? If you cannot access it that may be normal. It contains 1 partition:
  • Partition 1 - 2gb NTFS Partition (G:\ drive)
Disk 4 represents what appears to be a recovery disk, however I am not sure why it is listed as a separate disk, we can look further into this. Do you recognize the RECOVERY (H:\) drive under Computer? If you cannot access it that may be normal. It contains 1 partition:
  • Partition 1 - 16gb FAT32 Partition (H:\ drive)

 

Umm, yeah, BMW gave me that little thing when I bought my car a couple years ago.(Disk 3)

 

Disk 4 is a flash drive that I use as File History location for now. I do have questions.  How did those partitions get created?  They are just little removable flash drives?

 

 

 

  • fixlog.txt from FRST Fix

 

See below.

 

 

=====================================================================================================================

 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Daisy at 2013-07-30 09:38:25 Run:1
Running from C:\Users\Daisy\Desktop
Boot Mode: Normal
==============================================
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\Daisy\Downloads\68AD.tmp => Moved successfully.
C:\Users\Daisy\iTunes64Setup.exe => Moved successfully.
 
=========  type C:\Windows\system32\Drivers\etc\hosts =========
 
# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost
 
========= End of CMD: =========
 
 
=========  dir g:\ =========
 
The system cannot find the path specified.
 
========= End of CMD: =========
 
 
=========  dir h:\ =========
 
 Volume in drive H is RECOVERY
 Volume Serial Number is 1CD4-8C48
 
 Directory of h:\
 
07/25/2013  12:24 PM    <DIR>          efi
07/25/2012  10:44 PM           398,156 bootmgr
07/25/2013  12:24 PM    <DIR>          boot
07/25/2012  11:57 PM         1,350,896 bootmgr.efi
07/25/2013  12:24 PM    <DIR>          sources


#13 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:04:10 PM

Posted 31 July 2013 - 07:58 AM

Hi PowerOfOne,

First off, I am happy to say that your machine looks clean! You can delete any of the tools we have used so far. I do not see any malware and now we will work to answer your additional questions.

Partition 3 is what I need help with. I partitioned it at the last installation and I cannot find it. For awhile there it showed up when I clicked on computer to see all the drives and it was drive G:...But I can't find it anywhere unless I look in Disk Management and then I am lost on how to allocate those 30GBs.

Understood, I will explain more in-depth below, but even though the 30gb of space is set aside it is not ready for use in Windows yet.

Umm, yeah, BMW gave me that little thing when I bought my car a couple years ago.(Disk 3)
...
Disk 4 is a flash drive that I use as File History location for now. I do have questions. How did those partitions get created? They are just little removable flash drives?

Thank you I just wanted to confirm what I saw in the logs, and what you are seeing is normal as far as the partitions go - at least one partition is required to use the disk/drive.

The idea here is that the disk represents the whole device, whether it's a hard drive like the one in your computer or an external flash drive like the one from BMW, and partitions are used to divide up this space as needed for the computer. A disk needs at least one partition to make it usable to Windows - which is why the flash drives all have just the one as well.

For example, Disk 1 is your main hard drive with 500gb, but it is split up into 4 partitions: Recovery (300mb) / System (100mb) / Unallocated (30gb) / Operating System (C:\) (434gb).
note: the recovery partition is made automatically by the manufacturer, the system partition is made automatically by Windows.

If you had not created the additional 30gb partition, Disk 1 would have 3 partitions: Recovery (300mb) / System (100mb) / Operating System (C:\) (464gb)

Disk 3 is the BMW flash drive with 2gb of space, and it has only one partition: BMW (G:\) (2gb)

If you wanted, you could split Disk 3 up into two partitions (although this would not be very practical): BMW1 (G:\) (1gb) / BMW2 (I:\) (1gb)

So with all of that being said, we can make your 30gb partition on Disk 1 operational, but I want to go over some info about the backup as well before we do that.

I want to use that as my recovery drive (think I mentioned this in previous post), until I have $$$ to purchase an external drive. I want to create an image so I felt that 30 GBs was plenty to partition from C:. So yes, your guidance on this would be very helpful.

What program would you use to create the image? My concern is that this will not be enough space, and since both the Operating System (C:\) and the 30gb Partition are on Disk 1 they are both subject to Disk 1 failing. Under what scenario would you expect to use an image to recover? Have you considered a file backup instead? Not trying to be harsh just trying to figure out what's best :)

In your next post I need the following:
  • answers to my questions above
  • status update - is there anything else you would like to add at this time?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#14 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:07:10 PM

Posted 31 July 2013 - 10:36 AM

Hello, thanks for the good news.  I installed MalwareBytes, just FYI. I prefer that one since it found a Trojan and that hostage virus on my laptop.

 

 

 

What program would you use to create the image? My concern is that this will not be enough space, and since both the Operating System (C:\) and the 30gb Partition are on Disk 1 they are both subject to Disk 1 failing. Under what scenario would you expect to use an image to recover? Have you considered a file backup instead? Not trying to be harsh just trying to figure out what's best

 

 

I have not idea what program.  My desire is to have some space for my files to backup into.  I went into Control Panel and there's a backup and Restore files and theres also "create a system image".  I thought that would help me out in the case I have to reset the machine again, I wouldn't have to sit there and download and install all the programs and apps I have installed right now in addition to have storage space or an archive type backup.  That's what I trying to use the (H:) flash drive for, but it's not big enough.  I was using it for File History.  I need to get a larger drive for storage alone.  That's where the thought for external drive came to mind.  I am in school and in a degree program for Web development and I also like photoshop and playing around with photos so I wanted to reserve my C: for working files since photos and movies take up a lot of memory. 

I hope I have clarified what my silly self is trying to do.

So in saying that, my question is now:  How can get that 30GB back on to my (C:) drive?

After that I'm good I suppose. 

One final question:  When I do purchase the external drive is it just a plug and play type thing?  Can I just designate that one as my File History drive?

 

Please advise.

 

Respectfully

 

~PowerOfOne



#15 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:04:10 PM

Posted 01 August 2013 - 09:24 AM

Hi PowerOfOne,

I have received your post and I am reviewing everything, I will post back to you with our next set of instructions when done.

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users