Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast repeatedly creates popup warnings of malicious URLs


  • This topic is locked This topic is locked
15 replies to this topic

#1 OccamsShaver

OccamsShaver

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 12 January 2014 - 11:19 AM

Hello,
I'm brand new here. I am having a problem similar to what Yerer posted http://www.bleepingcomputer.com/forums/t/519406/avast-malicious-urls-continually-being-blocked/
 
I am running Windows 8 on a new laptop. Avast is frequently giving me warnings related to Spotifywebhelp.exe and some other files. I have run Anti-Malware (running it again right now) and have removed some identified problems (not sure what they were). The URLs that Avast warns me about are all cryptic. I don't know if these are false positives, or if I need to rectify some other issue on my computer. I am pasting and attaching as per the guide. Thank you in advance for any input!
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Bob at 11:01:36 on 2014-01-12
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8081.4746 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\valWBFPolicyService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Jeremy\AppData\Roaming\Across Lite 2.0\acrossl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - 
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Spotify Web Helper] "C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [UPmedia] regsvr32.exe C:\Users\Jeremy\AppData\Local\UPmedia\OdbcCrtARM.dll
mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
StartupFolder: C:\Users\Jeremy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe
StartupFolder: C:\Users\Jeremy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{728F29F9-974C-43DF-9FD8-0D759B400387} : DHCPNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-12-25 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-12-25 207904]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-4-5 653808]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-12-25 1034464]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-12-25 422216]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2012-12-5 98888]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-12-25 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-25 50344]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2013-3-1 43320]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-10 15344]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-10-20 2468496]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 ISCTAgent;Intel® Smart Connect Technology Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2013-2-13 180200]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-10-20 165336]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-10-20 366040]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2013-3-19 28160]
R3 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-25 79672]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-10-20 169752]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2013-2-13 21048]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2013-2-13 21048]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-3-20 442368]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2013-2-13 46568]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-10-20 760032]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\Drivers\rtwlane.sys [2013-10-20 1516104]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-4-24 33008]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-10-20 34752]
R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-5-24 23552]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-12-23 266240]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-10-20 288328]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-4-24 29424]
S3 ysusb64;Yamaha Steinberg USB Audio;C:\Windows\System32\Drivers\ysusb64.sys [2013-9-20 120104]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
 
2014-01-12 03:44:53 -------- d-----w- C:\Users\Bob\AppData\Local\CrashDumps
2014-01-12 03:44:17 -------- d-----w- C:\Users\Bob\AppData\Local\UPmedia
2014-01-12 03:44:02 103979 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp47E0.exe
2014-01-12 03:28:59 319488 ----a-w- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe
2014-01-11 04:29:10 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-09 00:01:34 -------- d-----r- C:\Program Files (x86)\Skype
2014-01-05 22:39:05 -------- d-----w- C:\Users\Bob\AppData\Roaming\Malwarebytes
2014-01-05 22:38:58 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-05 22:38:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-05 22:38:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 16:54:05 -------- d-----r- C:\Users\Bob\AppData\Roaming\Brother
2014-01-04 16:02:11 -------- d-----w- C:\Users\Bob\AppData\Roaming\OpenOffice
2014-01-03 14:37:23 -------- d-----w- C:\Program Files (x86)\OpenOffice 4
2014-01-01 18:34:57 -------- d-----w- C:\Users\Bob\AppData\Roaming\ICAClient
2014-01-01 18:34:49 -------- d-----w- C:\ProgramData\Citrix
2014-01-01 18:34:25 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
2014-01-01 18:34:24 -------- d-----w- C:\Users\Bob\AppData\Local\Citrix
2014-01-01 18:34:21 -------- d-----w- C:\Program Files (x86)\Citrix
2014-01-01 02:12:23 2179072 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2014-01-01 01:52:55 -------- d-----w- C:\Users\Bob\AppData\Local\SkinSoft
2014-01-01 01:46:03 -------- d-----w- C:\Users\Bob\AppData\Roaming\convertaudiofree
2014-01-01 00:29:36 -------- d-----w- C:\Users\Bob\AppData\Roaming\uTorrent
2013-12-29 16:04:09 -------- d-----w- C:\Users\Bob\AppData\Local\CyberLink
2013-12-28 01:50:35 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin
2013-12-28 01:31:45 -------- d-----w- C:\Users\Bob\AppData\Local\KeePass
2013-12-26 02:50:46 -------- d-----w- C:\Users\Bob\AppData\Local\Diagnostics
2013-12-25 21:34:46 -------- d-sh--w- C:\Recovery
2013-12-25 18:07:55 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-25 18:07:54 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-25 17:07:02 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2
2013-12-25 14:51:46 -------- d-----w- C:\Windows\System32\MRT
2013-12-25 14:47:54 60648 ----a-w- C:\Program Files\Windows Defender\MpUXSrv.exe
2013-12-25 14:43:23 427520 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2013-12-25 14:42:59 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-12-25 14:41:17 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-12-25 14:41:17 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-12-25 14:41:16 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-12-25 14:41:16 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-12-25 14:39:46 2382336 ----a-w- C:\Windows\SysWow64\esent.dll
2013-12-25 14:39:45 2851840 ----a-w- C:\Windows\System32\esent.dll
2013-12-25 14:39:44 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-25 14:39:43 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-12-25 14:39:42 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-25 14:39:42 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-25 14:39:42 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-12-25 14:39:42 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-12-25 14:02:08 10116608 ----a-w- C:\Windows\System32\twinui.dll
2013-12-25 14:02:07 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-12-25 14:02:06 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2013-12-25 14:02:06 2146304 ----a-w- C:\Windows\System32\actxprxy.dll
2013-12-25 14:02:05 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-12-25 14:02:05 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-12-25 14:02:04 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-12-25 14:01:59 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-25 14:01:58 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-25 05:47:25 -------- d-----w- C:\Program Files\Common Files\Steinberg
2013-12-25 05:47:25 -------- d-----w- C:\Program Files (x86)\Yamaha
2013-12-25 05:47:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg
2013-12-25 05:46:46 -------- d-----w- C:\Users\Bob\AppData\Local\Downloaded Installations
2013-12-25 05:26:05 -------- d-----w- C:\Users\Bob\AppData\Roaming\AVAST Software
2013-12-25 05:09:34 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-25 05:09:33 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-25 05:09:33 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-25 05:09:33 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-25 05:09:33 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-25 05:09:33 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-25 05:09:15 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-25 05:08:48 -------- d-----w- C:\Program Files\AVAST Software
2013-12-25 04:55:03 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-25 04:49:40 -------- d-----w- C:\Users\Bob\AppData\Roaming\IDT
2013-12-25 03:55:10 -------- d-----w- C:\Users\Bob\AppData\Local\Spotify
2013-12-25 03:54:40 -------- d-----w- C:\Users\Bob\AppData\Roaming\Spotify
2013-12-25 03:15:17 -------- d-----w- C:\Users\Bob\AppData\Local\Intel_Corporation
2013-12-25 03:14:27 -------- d-----w- C:\Users\Bob\AppData\Local\HP Quick Start
2013-12-25 02:53:52 -------- d-----w- C:\Users\Bob\AppData\Local\HP
2013-12-25 02:34:41 -------- d-----w- C:\Users\Bob\AppData\Local\Paint.NET
2013-12-25 02:34:41 -------- d-----w- C:\Program Files\Paint.NET
2013-12-25 02:04:06 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2013-12-25 02:04:06 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2013-12-25 02:04:06 1184256 ----a-w- C:\Windows\System32\Display.dll
2013-12-25 02:04:06 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2013-12-24 04:41:44 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-24 04:41:44 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-24 04:12:49 -------- d-----w- C:\Program Files (x86)\Decrap my Computer
2013-12-24 04:04:52 -------- d-----w- C:\ProgramData\ClassicShell
2013-12-24 04:04:51 -------- d-----w- C:\Users\Bob\AppData\Roaming\ClassicShell
2013-12-24 04:04:23 -------- d-----w- C:\Program Files\Classic Shell
2013-12-24 02:49:09 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-12-24 02:49:09 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-12-24 02:49:09 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-12-24 02:49:09 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-12-24 02:49:08 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-12-24 02:49:08 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-12-24 02:36:59 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-12-24 02:35:56 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-12-24 02:29:52 -------- d-----w- C:\Users\Bob\AppData\Roaming\hpqlog
2013-12-24 02:24:35 -------- d-----w- C:\Users\Bob\AppData\Roaming\ControlCenter4
2013-12-23 14:45:59 77824 ----a-w- C:\Windows\SysWow64\BRLMW03A.DLL
2013-12-23 14:45:59 25299 ----a-w- C:\Windows\SysWow64\BRLM03A.DLL
2013-12-23 14:45:59 180224 ----a-w- C:\Windows\SysWow64\BROSNMP.DLL
2013-12-23 14:45:59 103736 ----a-w- C:\Windows\SysWow64\BRRBTOOL.EXE
2013-12-23 14:45:58 73728 ----a-w- C:\Windows\SysWow64\BrDctF2.dll
2013-12-23 14:45:58 5120 ----a-w- C:\Windows\SysWow64\BrDctF2S.dll
2013-12-23 14:45:58 5120 ----a-w- C:\Windows\SysWow64\BrDctF2L.dll
2013-12-23 14:45:58 245760 ----a-w- C:\Windows\SysWow64\NSSearch.dll
2013-12-23 14:45:58 -------- d-----w- C:\Program Files (x86)\Brother
2013-12-23 14:43:23 -------- d-----w- C:\ProgramData\Brother
2013-12-23 14:38:13 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-12-23 14:38:08 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-12-23 04:21:58 -------- d-----w- C:\Users\Bob\AppData\Roaming\KeePass
2013-12-23 03:04:50 -------- d-----w- C:\Users\Bob\AppData\Roaming\Launchy
2013-12-23 03:04:44 -------- d-----w- C:\Program Files (x86)\Launchy
2013-12-23 03:01:54 -------- d-----w- C:\Users\Bob\AppData\Local\Programs
2013-12-23 02:59:18 29184 ----a-r- C:\Users\Bob\AppData\Roaming\Microsoft\Installer\{975EA987-5D79-4A1C-AD71-D27B28347B48}\Icon975EA9871.exe
2013-12-23 02:59:18 28160 ----a-r- C:\Users\Bob\AppData\Roaming\Microsoft\Installer\{975EA987-5D79-4A1C-AD71-D27B28347B48}\Icon975EA987.exe
2013-12-23 02:59:17 -------- d-----w- C:\Users\Bob\AppData\Roaming\Across Lite 2.0
2013-12-23 02:58:10 -------- d-----r- C:\Users\Bob\Dropbox
2013-12-23 02:56:38 -------- d-----w- C:\Users\Bob\AppData\Roaming\Dropbox
2013-12-23 02:33:13 -------- d-----w- C:\Users\Bob\AppData\Local\Google
2013-12-23 02:32:51 -------- d-----w- C:\Users\Bob\AppData\Local\Deployment
2013-12-23 02:32:51 -------- d-----w- C:\Users\Bob\AppData\Local\Apps
2013-12-23 01:28:59 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-12-23 00:59:26 -------- d-----w- C:\Users\Bob\AppData\Local\Hewlett-Packard
2013-12-23 00:58:55 -------- d-----r- C:\Users\Bob\Searches
2013-12-23 00:58:54 -------- d-----r- C:\Users\Bob\Contacts
2013-12-23 00:58:26 -------- d-----w- C:\Users\Bob\AppData\Roaming\Synaptics
2013-12-23 00:58:14 -------- d-----w- C:\Users\Bob\AppData\Local\AuthenTec
.
==================== Find3M  ====================
.
2014-01-11 04:29:11 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-21 02:03:13 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-21 02:03:13 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-10-21 02:03:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-21 02:03:13 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-21 02:02:08 443392 ----a-w- C:\Windows\System32\ReAgent.dll
2013-10-21 02:02:08 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-10-21 02:02:08 1011200 ----a-w- C:\Windows\System32\reseteng.dll
2013-10-20 22:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll
2013-10-20 22:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll
2013-10-19 05:45:45 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 04:04:07 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 11:02:50.97 ===============
 
Attached File  Attach.txt   4.15KB   0 downloads
 

Here is another URL that it just blocked:
Infection Blocked
URL: hxxttp://skmymmeiaoooigke.org/
Infection: URL:Mal

Edited by nasdaq, 18 January 2014 - 10:02 AM.


BC AdBot (Login to Remove)

 


#2 OccamsShaver

OccamsShaver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 16 January 2014 - 08:59 PM

Bump. Anyone?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 17 January 2014 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#4 OccamsShaver

OccamsShaver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 17 January 2014 - 11:19 AM

Hi Nasdaq,

Thank you very much for helping. I followed all of the steps you listed. I am still getting Avast popups warning me of malicious URLs being blocked. All of the logs follow.

 

 

# AdwCleaner v3.017 - Report created 17/01/2014 at 10:47:26
# Updated 12/01/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Jeremy - HPENVY
# Running from : C:\Users\Jeremy\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [844 octets] - [17/01/2014 10:47:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [903 octets] ##########
 
 
RogueKiller V8.8.2 _x64_ [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Jeremy [Admin rights]
Mode : Scan -- Date : 01/17/2014 10:53:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll [x] -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll [x] -> UNLOADED
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\Jeremy\AppData\Local\UPmedia\OdbcCrtARM.dll [-] -> regsvr32.exe KILLED [TermProc]
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\Jeremy\AppData\Local\UPmedia\OdbcCrtARM.dll [-] -> regsvr32.exe KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : UPmedia (regsvr32.exe C:\Users\Jeremy\AppData\Local\UPmedia\OdbcCrtARM.dll [x][-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2991530655-532002791-1320437403-1001\[...]\Run : UPmedia (regsvr32.exe C:\Users\Jeremy\AppData\Local\UPmedia\OdbcCrtARM.dll [x][-]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS541075A9E680 +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_01172014_105312.txt >>
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 02
Ran by Jeremy (administrator) on HPENVY on 17-01-2014 10:56:15
Running from C:\Users\Jeremy\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Dropbox, Inc.) C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-25] (AVAST Software)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-24] (Spotify Ltd)
Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe ()
Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {93A6ACBA-50B3-4E13-9003-7AB2111304C8} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-01-17]
CHR Extension: (Google Docs) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-22]
CHR Extension: (Google Drive) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-22]
CHR Extension: (Splendid) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2014-01-17]
CHR Extension: (YouTube) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-22]
CHR Extension: (Google Cast) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-17]
CHR Extension: (Ebates Cash Back) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2014-01-17]
CHR Extension: (Google Search) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-22]
CHR Extension: (avast! Online Security) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-25]
CHR Extension: (InvisibleHand) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (chromeIPass) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2014-01-17]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-01-17]
CHR Extension: (Evernote Web Clipper) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-01-17]
CHR Extension: (Gmail) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-25]
 
==================== Services (Whitelisted) =================
 
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-25] (AVAST Software)
U2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
U3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
U2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
U2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] ()
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-25] (AVAST Software)
U1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-25] (AVAST Software)
U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-25] ()
U1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-25] (AVAST Software)
U1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-25] (AVAST Software)
U3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-25] (AVAST Software)
U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-25] ()
U3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
U3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
U3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
U3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1516104 2013-02-08] (Realtek Semiconductor Corporation                           )
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
U3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-17] ()
U3 ysusb64; C:\Windows\system32\drivers\ysusb64.sys [120104 2013-09-20] (Yamaha Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-17 10:56 - 2014-01-17 10:56 - 00020195 _____ C:\Users\Jeremy\Downloads\FRST.txt
2014-01-17 10:56 - 2014-01-17 10:56 - 00000000 ____D C:\FRST
2014-01-17 10:55 - 2014-01-17 10:55 - 02075648 _____ (Farbar) C:\Users\Jeremy\Downloads\FRST64.exe
2014-01-17 10:54 - 2014-01-17 10:54 - 00002329 _____ C:\Users\Jeremy\Downloads\RKreport[0]_D_01172014_105325.txt
2014-01-17 10:53 - 2014-01-17 10:53 - 00002329 _____ C:\Users\Jeremy\Desktop\RKreport[0]_D_01172014_105325.txt
2014-01-17 10:53 - 2014-01-17 10:53 - 00002234 _____ C:\Users\Jeremy\Desktop\RKreport[0]_S_01172014_105312.txt
2014-01-17 10:50 - 2014-01-17 10:54 - 00000000 ____D C:\Users\Jeremy\Desktop\RK_Quarantine
2014-01-17 10:50 - 2014-01-17 10:50 - 04406784 _____ C:\Users\Jeremy\Downloads\RogueKillerX64.exe
2014-01-17 10:48 - 2014-01-17 10:48 - 00000986 _____ C:\Users\Jeremy\Downloads\adwreport.txt
2014-01-17 10:47 - 2014-01-17 10:47 - 00000000 ____D C:\AdwCleaner
2014-01-17 10:45 - 2014-01-17 10:45 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-17 10:44 - 2014-01-17 10:54 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 10:44 - 2014-01-17 10:54 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 10:44 - 2014-01-17 10:49 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-17 10:44 - 2014-01-17 10:49 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-17 10:42 - 2014-01-17 10:42 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-17 09:51 - 2014-01-17 09:51 - 04101441 _____ C:\Users\Jeremy\Downloads\tdsskiller.zip
2014-01-17 09:45 - 2013-11-18 00:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Jeremy\Downloads\iexplore.exe.exe
2014-01-17 09:39 - 2014-01-17 09:40 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Jeremy\Downloads\spybot-2.2.exe
2014-01-17 09:38 - 2014-01-17 09:38 - 29465768 _____ (SUPERAntiSpyware) C:\Users\Jeremy\Downloads\SUPERAntiSpyware.exe
2014-01-15 18:57 - 2013-12-07 01:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 18:57 - 2013-12-07 01:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:57 - 2013-12-07 00:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 18:57 - 2013-12-07 00:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 07:59 - 2013-10-31 00:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 07:59 - 2013-10-31 00:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 07:59 - 2013-10-30 23:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 07:59 - 2013-10-30 22:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 07:59 - 2013-10-28 00:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 07:59 - 2013-10-27 23:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 07:59 - 2013-10-13 15:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 07:59 - 2013-08-27 00:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 07:59 - 2013-08-27 00:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 07:59 - 2013-08-26 17:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 07:59 - 2013-08-26 17:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-12 12:50 - 2014-01-12 12:52 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\QuickScan
2014-01-12 11:05 - 2014-01-12 11:05 - 00028394 _____ C:\Users\Jeremy\Downloads\DDS.txt
2014-01-12 11:05 - 2014-01-12 11:05 - 00004250 _____ C:\Users\Jeremy\Downloads\Attach.txt
2014-01-12 11:00 - 2014-01-12 11:00 - 00688992 ____R (Swearware) C:\Users\Jeremy\Downloads\dds.com
2014-01-11 22:44 - 2014-01-17 10:50 - 00000000 ____D C:\Users\Jeremy\AppData\Local\CrashDumps
2014-01-11 22:44 - 2014-01-11 22:44 - 00000000 ____D C:\Users\Jeremy\AppData\Local\UPmedia
2014-01-08 19:01 - 2014-01-15 19:57 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Skype
2014-01-08 19:01 - 2014-01-08 19:01 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 ____D C:\ProgramData\Skype
2014-01-05 17:39 - 2014-01-05 17:39 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Malwarebytes
2014-01-05 17:38 - 2014-01-05 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-05 17:38 - 2014-01-05 17:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-05 17:38 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-04 11:54 - 2014-01-04 11:54 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Brother
2014-01-04 11:38 - 2014-01-04 11:38 - 00001502 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk
2014-01-04 11:02 - 2014-01-04 11:02 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\OpenOffice
2014-01-03 09:37 - 2014-01-03 09:37 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2014-01-02 18:06 - 2014-01-02 18:06 - 00000000 ____D C:\Users\Jeremy\Downloads\prodikeys_vista_drv
2014-01-01 13:34 - 2014-01-01 13:52 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\ICAClient
2014-01-01 13:34 - 2014-01-01 13:35 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Citrix
2014-01-01 13:34 - 2014-01-01 13:35 - 00000000 ____D C:\ProgramData\Citrix
2014-01-01 13:34 - 2014-01-01 13:35 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-12-31 21:22 - 2014-01-06 23:06 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\vlc
2013-12-31 21:17 - 2013-12-31 21:18 - 00000000 ____D C:\Users\Jeremy\Downloads\vlc-2.1.2
2013-12-31 20:52 - 2013-12-31 20:52 - 00000097 _____ C:\Users\Jeremy\AppData\Roaming\settings.xml
2013-12-31 20:52 - 2013-12-31 20:52 - 00000000 ____D C:\Users\Jeremy\AppData\Local\SkinSoft
2013-12-31 20:46 - 2013-12-31 20:46 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\convertaudiofree
2013-12-31 19:29 - 2014-01-05 20:52 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\uTorrent
2013-12-29 14:09 - 2013-12-29 14:09 - 00000000 _____ C:\Users\Jeremy\Sti_Trace.log
2013-12-29 11:04 - 2014-01-08 18:55 - 00000000 ____D C:\Users\Jeremy\Documents\Youcam
2013-12-29 11:04 - 2013-12-29 11:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\CyberLink
2013-12-29 11:04 - 2013-12-29 11:04 - 00000000 ____D C:\Users\Jeremy\AppData\Local\CyberLink
2013-12-29 11:03 - 2014-01-12 10:56 - 00000000 ____D C:\Users\Jeremy\Downloads\Crosswords
2013-12-27 21:02 - 2013-12-27 23:21 - 00000426 ____H C:\Windows\system32\Rebecca.dat
2013-12-27 20:56 - 2013-12-27 20:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-27 20:56 - 2013-12-27 20:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-27 20:31 - 2013-12-27 20:31 - 00000000 ____D C:\Users\Jeremy\AppData\Local\KeePass
2013-12-25 16:34 - 2013-12-25 23:43 - 00000000 __SHD C:\Recovery
2013-12-25 16:31 - 2013-12-25 16:31 - 00262144 _____ C:\Windows\system32\config\userdiff
2013-12-25 13:17 - 2013-12-25 21:00 - 00019766 _____ C:\Windows\comsetup.log
2013-12-25 13:15 - 2013-12-25 20:26 - 00062868 _____ C:\Windows\diagwrn.xml
2013-12-25 13:15 - 2013-12-25 20:26 - 00062868 _____ C:\Windows\diagerr.xml
2013-12-25 12:07 - 2013-12-25 12:09 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-12-25 10:42 - 2014-01-05 18:22 - 00318416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 09:51 - 2014-01-16 10:14 - 00000000 ____D C:\Windows\system32\MRT
2013-12-25 09:51 - 2014-01-16 10:13 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-25 09:48 - 2013-08-16 00:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-12-25 09:48 - 2013-08-16 00:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-12-25 09:48 - 2013-08-16 00:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-12-25 09:48 - 2013-08-16 00:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-12-25 09:48 - 2013-08-16 00:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-12-25 09:48 - 2013-08-16 00:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-12-25 09:48 - 2013-08-16 00:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-12-25 09:48 - 2013-08-16 00:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-12-25 09:48 - 2013-08-16 00:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-12-25 09:48 - 2013-08-16 00:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-12-25 09:48 - 2013-08-16 00:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-12-25 09:48 - 2013-08-16 00:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-12-25 09:48 - 2013-08-15 17:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-12-25 09:48 - 2013-08-15 17:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-12-25 09:48 - 2013-08-15 17:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-12-25 09:48 - 2013-08-15 17:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-12-25 09:48 - 2013-08-15 17:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-12-25 09:48 - 2013-08-15 17:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-12-25 09:48 - 2013-03-02 05:57 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-12-25 09:48 - 2013-03-02 05:57 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2013-12-25 09:48 - 2013-03-02 05:39 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-12-25 09:48 - 2013-03-02 03:23 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-25 09:48 - 2013-03-02 03:23 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-12-25 09:48 - 2013-03-02 03:23 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-12-25 09:48 - 2013-03-02 03:23 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-12-25 09:48 - 2013-03-02 03:22 - 05091840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-12-25 09:48 - 2013-03-02 03:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-12-25 09:48 - 2013-03-02 03:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-12-25 09:48 - 2013-03-02 03:21 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-12-25 09:48 - 2013-03-02 03:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-12-25 09:48 - 2013-03-01 21:45 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSDPrintProxy.DLL
2013-12-25 09:48 - 2013-03-01 21:44 - 05978624 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-25 09:48 - 2013-03-01 21:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-12-25 09:48 - 2013-03-01 21:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-12-25 09:48 - 2013-03-01 21:44 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2013-12-25 09:48 - 2013-03-01 21:44 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\NdisImPlatform.dll
2013-12-25 09:48 - 2013-03-01 21:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2013-12-25 09:48 - 2013-03-01 21:43 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-12-25 09:48 - 2013-03-01 21:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2013-12-25 09:48 - 2013-02-28 23:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2013-12-25 09:47 - 2013-07-01 19:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-12-25 09:47 - 2013-07-01 17:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-12-25 09:43 - 2013-05-30 18:24 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-25 09:43 - 2013-05-30 18:08 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-12-25 09:43 - 2013-05-04 02:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2013-12-25 09:43 - 2013-05-04 01:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-12-25 09:43 - 2013-05-04 01:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2013-12-25 09:43 - 2013-05-04 01:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-12-25 09:43 - 2013-05-04 01:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2013-12-25 09:43 - 2013-05-04 01:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-12-25 09:43 - 2013-05-04 01:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-12-25 09:43 - 2013-05-04 01:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2013-12-25 09:43 - 2013-05-04 01:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2013-12-25 09:43 - 2013-05-04 01:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2013-12-25 09:43 - 2013-05-04 01:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2013-12-25 09:43 - 2013-05-04 01:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2013-12-25 09:43 - 2013-05-04 01:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2013-12-25 09:43 - 2013-05-04 01:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2013-12-25 09:43 - 2013-05-04 01:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2013-12-25 09:43 - 2013-05-04 01:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2013-12-25 09:43 - 2013-05-04 01:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2013-12-25 09:43 - 2013-05-04 01:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-12-25 09:43 - 2013-05-03 23:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-12-25 09:43 - 2013-05-03 23:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-12-25 09:43 - 2013-05-03 23:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-12-25 09:43 - 2013-05-03 23:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-12-25 09:43 - 2013-05-03 23:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-12-25 09:43 - 2013-05-03 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-12-25 09:43 - 2013-05-03 23:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-12-25 09:43 - 2013-05-03 23:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-12-25 09:43 - 2013-05-03 23:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-12-25 09:43 - 2013-05-03 23:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-12-25 09:43 - 2013-05-03 23:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-12-25 09:43 - 2013-05-03 23:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2013-12-25 09:43 - 2013-05-03 23:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-12-25 09:43 - 2013-05-03 23:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-12-25 09:43 - 2013-02-05 17:29 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-12-25 09:43 - 2013-02-05 17:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-12-25 09:43 - 2013-02-02 05:54 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-25 09:43 - 2013-02-02 03:40 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-12-25 09:43 - 2013-02-02 03:40 - 00370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-12-25 09:43 - 2013-02-02 03:40 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-12-25 09:43 - 2013-02-02 03:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-12-25 09:43 - 2013-02-02 03:40 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-12-25 09:43 - 2013-02-02 03:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-12-25 09:43 - 2013-02-02 03:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-12-25 09:43 - 2013-02-02 03:39 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-12-25 09:43 - 2013-02-02 03:38 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-12-25 09:43 - 2013-02-02 03:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2013-12-25 09:43 - 2013-02-02 03:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2013-12-25 09:43 - 2013-02-02 03:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-12-25 09:43 - 2013-02-02 03:23 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\wlroamextension.dll
2013-12-25 09:43 - 2013-02-02 03:23 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2013-12-25 09:43 - 2013-02-02 03:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2013-12-25 09:43 - 2013-02-02 03:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-12-25 09:43 - 2013-02-02 03:21 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-12-25 09:43 - 2013-02-02 03:20 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2013-12-25 09:43 - 2013-02-02 03:20 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\hotspotauth.dll
2013-12-25 09:43 - 2013-02-02 02:25 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-12-25 09:42 - 2013-04-09 00:20 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2013-12-25 09:42 - 2013-04-09 00:20 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2013-12-25 09:42 - 2013-04-09 00:18 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2013-12-25 09:42 - 2013-04-09 00:17 - 01829408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-25 09:42 - 2013-04-08 23:52 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-12-25 09:42 - 2013-04-08 23:52 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2013-12-25 09:42 - 2013-04-08 23:52 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-12-25 09:42 - 2013-04-08 23:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-12-25 09:42 - 2013-04-08 23:52 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2013-12-25 09:42 - 2013-04-08 23:51 - 14267904 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-25 09:42 - 2013-04-08 23:51 - 03552768 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-12-25 09:42 - 2013-04-08 23:51 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2013-12-25 09:42 - 2013-04-08 23:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2013-12-25 09:42 - 2013-04-08 23:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-12-25 09:42 - 2013-04-08 23:51 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2013-12-25 09:42 - 2013-04-08 23:50 - 02107904 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-12-25 09:42 - 2013-04-08 23:50 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-12-25 09:42 - 2013-04-08 23:50 - 00745984 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-12-25 09:42 - 2013-04-08 23:50 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-12-25 09:42 - 2013-04-08 23:50 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2013-12-25 09:42 - 2013-04-08 23:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-12-25 09:42 - 2013-04-08 23:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-12-25 09:42 - 2013-04-08 23:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-12-25 09:42 - 2013-04-08 23:49 - 01444864 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2013-12-25 09:42 - 2013-04-08 23:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2013-12-25 09:42 - 2013-04-08 23:49 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-12-25 09:42 - 2013-04-08 23:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2013-12-25 09:42 - 2013-04-08 23:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2013-12-25 09:42 - 2013-04-08 23:49 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2013-12-25 09:42 - 2013-04-08 23:49 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-12-25 09:42 - 2013-04-08 23:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2013-12-25 09:42 - 2013-04-08 21:34 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2013-12-25 09:42 - 2013-04-08 21:33 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-12-25 09:42 - 2013-04-08 21:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2013-12-25 09:42 - 2013-04-08 21:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2013-12-25 09:42 - 2013-04-08 21:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-12-25 09:42 - 2013-04-08 21:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-12-25 09:42 - 2013-04-08 18:44 - 00123880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-12-25 09:42 - 2013-04-08 18:39 - 01408896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-25 09:42 - 2013-04-08 16:52 - 11878912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-25 09:42 - 2013-04-08 16:52 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-12-25 09:42 - 2013-04-08 16:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-12-25 09:42 - 2013-04-08 16:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-12-25 09:42 - 2013-04-08 16:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-12-25 09:42 - 2013-04-08 16:51 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00659456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-12-25 09:42 - 2013-04-08 16:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-12-25 09:42 - 2013-04-04 18:30 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-12-25 09:42 - 2013-03-15 17:05 - 00298456 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2013-12-25 09:42 - 2013-03-15 17:05 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-12-25 09:42 - 2013-03-06 02:10 - 00112872 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-12-25 09:42 - 2013-03-06 01:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-12-25 09:42 - 2013-02-02 03:40 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-12-25 09:42 - 2013-02-02 03:23 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-12-25 09:42 - 2013-02-02 00:41 - 01437184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-12-25 09:42 - 2013-02-02 00:31 - 01690624 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-12-25 09:42 - 2012-10-23 22:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2013-12-25 09:42 - 2012-10-23 21:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-12-25 09:41 - 2013-05-14 21:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-12-25 09:41 - 2013-05-14 21:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-12-25 09:41 - 2013-05-14 21:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-12-25 09:41 - 2013-05-14 21:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-12-25 09:39 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-25 09:39 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-25 09:39 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-25 09:39 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-25 09:39 - 2013-04-02 18:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-25 09:39 - 2013-04-02 18:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-25 09:39 - 2013-03-21 22:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-12-25 09:39 - 2013-03-21 17:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-12-25 09:02 - 2013-10-01 18:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-25 09:02 - 2013-10-01 18:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-25 09:02 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-12-25 09:02 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-12-25 09:02 - 2013-03-02 05:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2013-12-25 09:02 - 2013-03-01 21:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-12-25 09:02 - 2013-02-06 20:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-12-25 09:01 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-25 09:01 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-25 00:47 - 2013-12-25 00:47 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2013-12-25 00:47 - 2013-12-25 00:47 - 00000000 ____D C:\Program Files (x86)\Yamaha
2013-12-25 00:46 - 2013-12-25 00:46 - 00000000 ____D C:\Users\Jeremy\Downloads\YSUSB_V183_Win64
2013-12-25 00:46 - 2013-12-25 00:46 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Downloaded Installations
2013-12-25 00:26 - 2013-12-25 00:26 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\AVAST Software
2013-12-25 00:10 - 2013-12-25 00:10 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-25 00:09 - 2013-12-25 09:29 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-25 00:09 - 2013-12-25 00:10 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-25 00:09 - 2013-12-25 00:09 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-25 00:08 - 2013-12-25 00:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-24 23:55 - 2013-12-24 23:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-24 23:49 - 2013-12-24 23:49 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\IDT
2013-12-24 23:39 - 2013-12-24 23:39 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-12-24 22:55 - 2013-12-24 22:55 - 00001816 _____ C:\Users\Jeremy\Desktop\Spotify.lnk
2013-12-24 22:55 - 2013-12-24 22:55 - 00001802 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-12-24 22:55 - 2013-12-24 22:55 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Spotify
2013-12-24 22:54 - 2014-01-10 21:09 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Spotify
2013-12-24 22:15 - 2013-12-24 22:15 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Intel_Corporation
2013-12-24 22:14 - 2013-12-24 22:14 - 00000000 ____D C:\Users\Jeremy\AppData\Local\HP Quick Start
2013-12-24 21:53 - 2013-12-24 21:53 - 00000000 ____D C:\Users\Jeremy\AppData\Local\HP
2013-12-24 21:40 - 2013-12-24 22:16 - 00043008 ___SH C:\Users\Jeremy\Downloads\Thumbs.db
2013-12-24 21:35 - 2013-12-24 21:35 - 00001183 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-12-24 21:34 - 2014-01-01 21:20 - 00000000 ____D C:\Program Files\Paint.NET
2013-12-24 21:34 - 2013-12-30 09:11 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Paint.NET
2013-12-24 21:04 - 2012-11-20 00:24 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-12-24 21:04 - 2012-11-20 00:17 - 01184256 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2013-12-24 21:04 - 2012-11-20 00:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDKURD.DLL
2013-12-24 21:04 - 2012-11-19 23:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDKURD.DLL
2013-12-24 21:03 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-24 21:03 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-24 21:03 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-24 21:03 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-24 21:03 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-24 21:03 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-24 21:03 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-24 21:03 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-24 21:03 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-24 21:03 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-24 21:03 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-24 21:03 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-24 21:03 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-24 21:03 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-24 21:03 - 2013-10-03 17:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-24 21:03 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-24 21:03 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-24 21:03 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-24 21:03 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-24 21:03 - 2013-09-13 17:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-12-24 21:03 - 2013-09-13 17:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-12-24 21:03 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-12-24 21:03 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-12-24 21:03 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-24 21:03 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-24 21:03 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-12-24 21:03 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-24 21:03 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-24 21:03 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-24 21:03 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-12-24 21:03 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-12-24 21:03 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-12-24 21:03 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-12-24 21:03 - 2013-08-10 00:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-24 21:03 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-12-24 21:03 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-12-24 21:03 - 2013-08-09 22:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-12-24 21:03 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-12-24 21:03 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-12-24 21:03 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-12-24 21:03 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-12-24 21:03 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-12-24 21:03 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-12-24 21:03 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-12-24 21:03 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-24 21:03 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-12-24 21:03 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-12-24 21:03 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-12-24 21:03 - 2013-08-01 05:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-24 21:03 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-12-24 21:03 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-12-24 21:03 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-12-24 21:03 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-12-24 21:03 - 2013-07-11 20:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-12-24 21:03 - 2013-07-11 20:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-12-24 21:03 - 2013-07-09 03:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-12-24 21:03 - 2013-07-09 01:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-12-24 21:03 - 2013-07-08 23:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-12-24 21:03 - 2013-07-08 22:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-12-24 21:03 - 2013-07-08 17:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-12-24 21:03 - 2013-07-08 17:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-12-24 21:03 - 2013-07-08 17:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-12-24 21:03 - 2013-07-08 17:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-12-24 21:03 - 2013-07-05 19:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-24 21:03 - 2013-07-02 19:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-12-24 21:03 - 2013-07-02 19:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-12-24 21:03 - 2013-07-02 19:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-12-24 21:03 - 2013-07-02 19:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-12-24 21:03 - 2013-06-30 17:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-12-24 21:03 - 2013-06-30 17:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-12-24 21:03 - 2013-06-29 01:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-12-24 21:03 - 2013-06-29 01:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-12-24 21:03 - 2013-06-29 00:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-12-24 21:03 - 2013-06-25 22:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-12-24 21:03 - 2013-06-25 21:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-12-24 21:03 - 2013-06-24 17:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-24 21:03 - 2013-06-24 17:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-12-24 21:03 - 2013-06-24 17:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-12-24 21:03 - 2013-06-19 00:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-12-24 21:03 - 2013-06-19 00:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-12-24 21:03 - 2013-06-18 17:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-12-24 21:03 - 2013-06-18 17:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-12-24 21:03 - 2013-06-11 18:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-12-24 21:03 - 2013-06-11 18:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-12-24 21:03 - 2013-06-06 03:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-12-24 21:03 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-12-24 21:03 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-12-24 21:03 - 2013-03-02 03:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-12-24 21:03 - 2013-03-01 21:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-12-24 21:03 - 2013-03-01 21:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2013-12-23 23:44 - 2013-12-23 23:04 - 00002165 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2013-12-23 23:41 - 2014-01-09 03:02 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-23 23:41 - 2014-01-09 03:02 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-23 23:04 - 2014-01-17 10:55 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\ClassicShell
2013-12-23 23:04 - 2013-12-23 23:04 - 00000000 ____D C:\ProgramData\ClassicShell
2013-12-23 23:04 - 2013-12-23 23:04 - 00000000 ____D C:\Program Files\Classic Shell
2013-12-23 21:49 - 2013-08-07 00:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-12-23 21:49 - 2012-11-09 23:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-12-23 21:49 - 2012-11-09 23:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-12-23 21:49 - 2012-11-09 23:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2013-12-23 21:49 - 2012-11-09 23:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2013-12-23 21:49 - 2012-11-09 23:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2013-12-23 21:37 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-23 21:37 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-23 21:37 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-23 21:37 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-23 21:37 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-23 21:37 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-23 21:37 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-23 21:37 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-23 21:37 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-23 21:37 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-23 21:37 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-23 21:37 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-23 21:37 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-23 21:37 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-23 21:37 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-23 21:37 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-23 21:37 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-23 21:37 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-23 21:37 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-23 21:37 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-23 21:37 - 2013-10-10 06:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-12-23 21:37 - 2013-10-10 04:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-23 21:37 - 2013-10-10 04:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-12-23 21:37 - 2013-10-02 18:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-23 21:37 - 2013-10-01 17:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-23 21:37 - 2013-09-03 22:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-23 21:37 - 2013-07-05 19:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-23 21:37 - 2013-07-05 17:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-23 21:37 - 2013-07-05 17:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-23 21:37 - 2013-07-03 21:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-12-23 21:37 - 2013-07-01 17:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-12-23 21:37 - 2013-06-28 22:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-23 21:37 - 2013-06-28 22:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-23 21:37 - 2013-06-22 00:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-23 21:37 - 2013-06-22 00:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-23 21:37 - 2013-06-10 14:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-23 21:37 - 2013-06-10 14:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-23 21:37 - 2013-06-10 14:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-23 21:37 - 2013-06-10 14:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-23 21:37 - 2013-05-15 17:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-12-23 21:37 - 2013-05-15 17:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-12-23 21:37 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-23 21:37 - 2013-05-14 04:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-23 21:37 - 2013-05-03 23:48 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-12-23 21:36 - 2013-10-01 18:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-23 21:36 - 2013-10-01 18:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-23 21:36 - 2013-09-23 17:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-23 21:36 - 2013-09-23 17:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-23 21:36 - 2013-07-19 17:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-23 21:36 - 2013-07-19 17:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-23 21:36 - 2013-06-30 20:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-23 21:36 - 2013-06-30 20:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-23 21:36 - 2013-06-30 20:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-23 21:36 - 2013-06-30 20:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-23 21:36 - 2013-06-28 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-23 21:36 - 2013-06-28 22:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-23 21:36 - 2013-06-01 04:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-12-23 21:36 - 2013-06-01 04:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-23 21:36 - 2013-05-26 18:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-12-23 21:36 - 2013-05-26 17:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-23 21:36 - 2013-05-24 22:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-23 21:36 - 2013-05-24 21:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-12-23 21:36 - 2013-05-23 18:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-23 21:36 - 2013-05-23 17:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-12-23 21:36 - 2013-05-04 01:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-23 21:36 - 2013-05-03 23:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-12-23 21:36 - 2013-04-23 18:13 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-12-23 21:36 - 2013-04-23 18:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-12-23 21:36 - 2013-04-23 17:56 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-23 21:36 - 2013-04-23 17:55 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-23 21:36 - 2013-04-11 17:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-23 21:36 - 2013-04-11 17:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-23 21:36 - 2013-02-11 19:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-12-23 21:36 - 2012-11-19 23:56 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-23 21:35 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-23 21:35 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-23 21:35 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-23 21:35 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-23 21:35 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-23 21:35 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-23 21:35 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-23 21:35 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-23 21:35 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-23 21:35 - 2013-07-13 01:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-23 21:35 - 2013-07-13 01:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-23 21:35 - 2013-07-13 01:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-12-23 21:35 - 2013-07-13 01:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-12-23 21:35 - 2013-07-12 23:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-12-23 21:35 - 2013-07-12 23:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-12-23 21:35 - 2013-07-12 23:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-12-23 21:35 - 2013-07-01 20:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-12-23 21:35 - 2013-07-01 20:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-12-23 21:35 - 2013-04-27 00:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-23 21:35 - 2013-03-14 19:17 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-12-23 21:29 - 2013-12-24 22:10 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\hpqlog
2013-12-23 21:24 - 2013-12-29 14:08 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\ControlCenter4
2013-12-23 09:48 - 2013-12-23 09:48 - 00002062 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2013-12-23 09:48 - 2013-12-23 09:48 - 00000259 _____ C:\Windows\Brpfx04a.ini
2013-12-23 09:48 - 2013-12-23 09:48 - 00000065 _____ C:\Windows\brpcfx.ini
2013-12-23 09:46 - 2013-12-23 09:46 - 00000066 _____ C:\Windows\Brfaxrx.ini
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\ProgramData\ControlCenter4
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\Program Files (x86)\Browny02
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\Brother
2013-12-23 09:46 - 2012-07-31 02:39 - 01439744 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi209d.dll
2013-12-23 09:46 - 2012-07-05 06:32 - 00084480 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrNetSti.dll
2013-12-23 09:46 - 2012-03-18 23:09 - 00316928 _____ (brother) C:\Windows\system32\NSSRH64.dll
2013-12-23 09:46 - 2010-09-23 03:14 - 00058880 _____ (Brother Industries,Ltd.) C:\Windows\system32\BrWiaNCp.dll
2013-12-23 09:46 - 2010-09-23 03:13 - 00051712 _____ (Brother Industries,Ltd) C:\Windows\system32\Brnsplg.dll
2013-12-23 09:46 - 2010-04-01 05:27 - 00278528 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
2013-12-23 09:46 - 2009-12-08 16:19 - 00290304 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrfxDA5c.dll
2013-12-23 09:46 - 2005-04-21 23:36 - 00143360 _____ C:\Windows\system32\BrSNMP64.dll
2013-12-23 09:46 - 2005-01-17 02:10 - 00045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
2013-12-23 09:46 - 2003-11-28 18:57 - 00000000 _____ C:\Windows\brdfxspd.dat
2013-12-23 09:45 - 2013-12-23 09:46 - 00000000 ____D C:\Program Files (x86)\Brother
2013-12-23 09:45 - 2012-09-10 16:31 - 00245760 _____ (brother) C:\Windows\SysWOW64\NSSearch.dll
2013-12-23 09:45 - 2012-07-09 17:19 - 00005120 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2013-12-23 09:45 - 2012-06-05 01:59 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2013-12-23 09:45 - 2010-05-10 03:45 - 00103736 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
2013-12-23 09:45 - 2010-03-15 19:45 - 00073728 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2013-12-23 09:45 - 2010-02-04 21:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2013-12-23 09:45 - 2007-12-13 22:16 - 00005120 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2013-12-23 09:45 - 2004-08-09 02:00 - 00000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
2013-12-23 09:45 - 2004-08-09 01:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2013-12-23 09:45 - 1999-10-26 11:00 - 00000050 _____ C:\Windows\system32\BRADM10A.DAT
2013-12-23 09:43 - 2013-12-23 09:43 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\InstallShield
2013-12-23 09:43 - 2013-12-23 09:43 - 00000000 ____D C:\ProgramData\Brother
2013-12-22 23:21 - 2014-01-17 09:38 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\KeePass
2013-12-22 22:04 - 2013-12-26 00:42 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launchy
2013-12-22 22:04 - 2013-12-22 22:14 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Launchy
2013-12-22 22:04 - 2013-12-22 22:04 - 00000000 ____D C:\Program Files (x86)\Launchy
2013-12-22 21:59 - 2013-12-22 21:59 - 00000948 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Across Lite.lnk
2013-12-22 21:59 - 2013-12-22 21:59 - 00000000 ____D C:\Users\Jeremy\Documents\Across Crosswords
2013-12-22 21:59 - 2013-12-22 21:59 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Across Lite 2.0
2013-12-22 21:58 - 2014-01-17 10:43 - 00000000 ___RD C:\Users\Jeremy\Dropbox
2013-12-22 21:58 - 2014-01-10 08:59 - 00001026 _____ C:\Users\Jeremy\Desktop\Dropbox.lnk
2013-12-22 21:57 - 2014-01-10 08:59 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-22 21:56 - 2014-01-17 10:43 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Dropbox
2013-12-22 21:33 - 2014-01-17 10:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-22 21:33 - 2013-12-22 21:35 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Google
2013-12-22 21:32 - 2014-01-17 10:44 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Deployment
2013-12-22 21:32 - 2013-12-22 21:32 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Apps\2.0
2013-12-22 21:30 - 2013-12-22 21:30 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Macromedia
2013-12-22 20:26 - 2013-12-22 21:57 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Hewlett-Packard
2013-12-22 20:26 - 2013-12-22 20:26 - 00004022 _____ C:\Windows\System32\Tasks\HPGenoobeReminder
2013-12-22 20:04 - 2014-01-17 10:47 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2991530655-532002791-1320437403-1001
2013-12-22 19:59 - 2013-12-23 21:29 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Hewlett-Packard
2013-12-22 19:59 - 2013-12-22 19:59 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-22 19:58 - 2014-01-17 10:05 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9545089F-1525-4AB1-AEA5-48742F2B8DDC}
2013-12-22 19:58 - 2014-01-16 09:21 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-22 19:58 - 2014-01-16 09:21 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Adobe
2013-12-22 19:58 - 2013-12-26 00:42 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-22 19:58 - 2013-12-22 19:58 - 00001437 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-22 19:58 - 2013-12-22 19:58 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Synaptics
2013-12-22 19:58 - 2013-12-22 19:58 - 00000000 ____D C:\Users\Jeremy\AppData\Local\AuthenTec
2013-12-22 19:57 - 2014-01-17 10:01 - 01282078 _____ C:\Windows\WindowsUpdate.log
2013-12-22 19:57 - 2013-12-29 14:09 - 00000000 ____D C:\Users\Jeremy
2013-12-22 19:57 - 2013-12-26 00:42 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-22 19:57 - 2013-12-22 19:58 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Packages
2013-12-22 19:57 - 2013-12-22 19:57 - 00000020 ___SH C:\Users\Jeremy\ntuser.ini
2013-12-22 19:57 - 2013-12-22 19:57 - 00000000 ____D C:\Users\Jeremy\AppData\Local\VirtualStore
2013-12-22 19:57 - 2013-05-24 16:38 - 00002096 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-12-22 19:57 - 2013-05-24 16:30 - 00000000 ___HD C:\Users\Jeremy\Documents\hp.system.package.metadata
2013-12-22 19:57 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-22 19:57 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-22 19:57 - 2012-07-26 03:13 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-22 15:47 - 2013-08-04 20:30 - 00016414 _____ C:\Users\Jeremy\Documents\Songs I can play.xls
2013-12-22 15:47 - 2013-07-05 16:14 - 00033138 _____ C:\Users\Jeremy\Documents\PsyBar invoice May 15 2013.ods
2013-12-22 15:47 - 2013-06-05 18:39 - 00037202 _____ C:\Users\Jeremy\Documents\journal.odt
2013-12-22 15:47 - 2012-06-25 21:27 - 157286400 _____ C:\Users\Jeremy\Documents\crypt
2013-12-22 15:47 - 2012-06-06 20:58 - 00012803 _____ C:\Users\Jeremy\Documents\The Positive List.odt
2013-12-22 15:47 - 2011-01-10 14:25 - 00000047 _____ C:\Users\Jeremy\Documents\Taylor 412 serial number.txt
2013-12-22 15:47 - 2010-09-14 21:30 - 00044544 _____ C:\Users\Jeremy\Documents\Song list.xls
2013-12-22 15:47 - 2009-04-02 19:16 - 00000317 _____ C:\Users\Jeremy\Documents\CUSTOM.DIC
2013-12-22 15:47 - 2009-03-06 08:17 - 00000238 _____ C:\Users\Jeremy\Documents\Jeremy-1-user (NetSwitcher).reg
2013-12-22 15:47 - 2004-08-21 20:23 - 00022528 _____ C:\Users\Jeremy\Documents\ebay spreadsheet.xls
2013-12-22 15:47 - 2004-03-16 18:05 - 00016896 _____ C:\Users\Jeremy\Documents\loan consolidation spreadsheet.xls
2013-12-22 15:47 - 2003-12-26 20:31 - 03967480 _____ C:\Users\Jeremy\Documents\birth certificate scan.bmp
2013-12-22 15:47 - 2003-12-25 14:29 - 02163454 _____ C:\Users\Jeremy\Documents\bris certificate part 2.bmp
2013-12-22 15:47 - 2003-12-25 14:26 - 02125418 _____ C:\Users\Jeremy\Documents\bris certificate.bmp
2013-12-22 15:47 - 2001-05-28 21:06 - 00023040 _____ C:\Users\Jeremy\Documents\RUNNING LOG.xls
 
==================== One Month Modified Files and Folders =======
 
2014-01-17 10:56 - 2014-01-17 10:56 - 00020195 _____ C:\Users\Jeremy\Downloads\FRST.txt
2014-01-17 10:56 - 2014-01-17 10:56 - 00000000 ____D C:\FRST
2014-01-17 10:55 - 2014-01-17 10:55 - 02075648 _____ (Farbar) C:\Users\Jeremy\Downloads\FRST64.exe
2014-01-17 10:55 - 2013-12-23 23:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\ClassicShell
2014-01-17 10:54 - 2014-01-17 10:54 - 00002329 _____ C:\Users\Jeremy\Downloads\RKreport[0]_D_01172014_105325.txt
2014-01-17 10:54 - 2014-01-17 10:50 - 00000000 ____D C:\Users\Jeremy\Desktop\RK_Quarantine
2014-01-17 10:54 - 2014-01-17 10:44 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 10:54 - 2014-01-17 10:44 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 10:53 - 2014-01-17 10:53 - 00002329 _____ C:\Users\Jeremy\Desktop\RKreport[0]_D_01172014_105325.txt
2014-01-17 10:53 - 2014-01-17 10:53 - 00002234 _____ C:\Users\Jeremy\Desktop\RKreport[0]_S_01172014_105312.txt
2014-01-17 10:50 - 2014-01-17 10:50 - 04406784 _____ C:\Users\Jeremy\Downloads\RogueKillerX64.exe
2014-01-17 10:50 - 2014-01-11 22:44 - 00000000 ____D C:\Users\Jeremy\AppData\Local\CrashDumps
2014-01-17 10:49 - 2014-01-17 10:44 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-17 10:49 - 2014-01-17 10:44 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-17 10:48 - 2014-01-17 10:48 - 00000986 _____ C:\Users\Jeremy\Downloads\adwreport.txt
2014-01-17 10:47 - 2014-01-17 10:47 - 00000000 ____D C:\AdwCleaner
2014-01-17 10:47 - 2013-12-22 20:04 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2991530655-532002791-1320437403-1001
2014-01-17 10:45 - 2014-01-17 10:45 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-17 10:44 - 2013-12-22 21:33 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-17 10:44 - 2013-12-22 21:32 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Deployment
2014-01-17 10:43 - 2013-12-22 21:58 - 00000000 ___RD C:\Users\Jeremy\Dropbox
2014-01-17 10:43 - 2013-12-22 21:56 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Dropbox
2014-01-17 10:42 - 2014-01-17 10:42 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-17 10:42 - 2013-10-20 20:23 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-01-17 10:42 - 2012-08-03 17:23 - 00654568 _____ C:\Windows\PFRO.log
2014-01-17 10:42 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 10:35 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-17 10:05 - 2013-12-22 19:58 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9545089F-1525-4AB1-AEA5-48742F2B8DDC}
2014-01-17 10:01 - 2013-12-22 19:57 - 01282078 _____ C:\Windows\WindowsUpdate.log
2014-01-17 10:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-17 09:51 - 2014-01-17 09:51 - 04101441 _____ C:\Users\Jeremy\Downloads\tdsskiller.zip
2014-01-17 09:40 - 2014-01-17 09:39 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Jeremy\Downloads\spybot-2.2.exe
2014-01-17 09:38 - 2014-01-17 09:38 - 29465768 _____ (SUPERAntiSpyware) C:\Users\Jeremy\Downloads\SUPERAntiSpyware.exe
2014-01-17 09:38 - 2013-12-22 23:21 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\KeePass
2014-01-16 10:14 - 2013-12-25 09:51 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 10:14 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2014-01-16 10:13 - 2013-12-25 09:51 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 09:21 - 2013-12-22 19:58 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 09:21 - 2013-12-22 19:58 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Adobe
2014-01-15 19:57 - 2014-01-08 19:01 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Skype
2014-01-12 12:52 - 2014-01-12 12:50 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\QuickScan
2014-01-12 11:05 - 2014-01-12 11:05 - 00028394 _____ C:\Users\Jeremy\Downloads\DDS.txt
2014-01-12 11:05 - 2014-01-12 11:05 - 00004250 _____ C:\Users\Jeremy\Downloads\Attach.txt
2014-01-12 11:00 - 2014-01-12 11:00 - 00688992 ____R (Swearware) C:\Users\Jeremy\Downloads\dds.com
2014-01-12 10:56 - 2013-12-29 11:03 - 00000000 ____D C:\Users\Jeremy\Downloads\Crosswords
2014-01-11 22:44 - 2014-01-11 22:44 - 00000000 ____D C:\Users\Jeremy\AppData\Local\UPmedia
2014-01-10 21:09 - 2013-12-24 22:54 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Spotify
2014-01-10 08:59 - 2013-12-22 21:58 - 00001026 _____ C:\Users\Jeremy\Desktop\Dropbox.lnk
2014-01-10 08:59 - 2013-12-22 21:57 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 03:02 - 2013-12-23 23:41 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 03:02 - 2013-12-23 23:41 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-08 19:01 - 2014-01-08 19:01 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 ____D C:\ProgramData\Skype
2014-01-08 18:55 - 2013-12-29 11:04 - 00000000 ____D C:\Users\Jeremy\Documents\Youcam
2014-01-08 18:51 - 2012-07-26 02:28 - 00942930 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-08 18:41 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-06 23:06 - 2013-12-31 21:22 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\vlc
2014-01-05 21:33 - 2012-08-03 19:02 - 00000000 ____D C:\SWSetup
2014-01-05 20:52 - 2013-12-31 19:29 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\uTorrent
2014-01-05 18:22 - 2013-12-25 10:42 - 00318416 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-05 17:39 - 2014-01-05 17:39 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Malwarebytes
2014-01-05 17:38 - 2014-01-05 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-05 17:38 - 2014-01-05 17:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 11:54 - 2014-01-04 11:54 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Brother
2014-01-04 11:38 - 2014-01-04 11:38 - 00001502 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk
2014-01-04 11:02 - 2014-01-04 11:02 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\OpenOffice
2014-01-03 09:37 - 2014-01-03 09:37 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2014-01-02 18:06 - 2014-01-02 18:06 - 00000000 ____D C:\Users\Jeremy\Downloads\prodikeys_vista_drv
2014-01-01 21:20 - 2013-12-24 21:34 - 00000000 ____D C:\Program Files\Paint.NET
2014-01-01 21:19 - 2013-11-01 22:46 - 00000000 ____D C:\Users\Jeremy\Documents\Web site
2014-01-01 21:19 - 2013-11-01 22:46 - 00000000 ____D C:\Users\Jeremy\Documents\Warranties and receipts
2014-01-01 21:19 - 2013-11-01 22:46 - 00000000 ____D C:\Users\Jeremy\Documents\Tax returns
2014-01-01 21:19 - 2013-11-01 22:46 - 00000000 ____D C:\Users\Jeremy\Documents\Rebates
2014-01-01 21:19 - 2013-11-01 22:46 - 00000000 ____D C:\Users\Jeremy\Documents\Psychology
2014-01-01 21:19 - 2013-11-01 22:45 - 00000000 ____D C:\Users\Jeremy\Documents\Manuals
2014-01-01 21:19 - 2013-11-01 22:45 - 00000000 ____D C:\Users\Jeremy\Documents\Guitar
2014-01-01 21:19 - 2012-10-29 22:52 - 00000000 ____D C:\Users\Jeremy\Documents\Tascam projects
2014-01-01 21:19 - 2011-12-24 16:34 - 00000000 ____D C:\LAME 3.99.3
2014-01-01 21:19 - 2011-03-22 07:56 - 00000000 ___RD C:\Users\Jeremy\Documents\Guitar tabs-chords
2014-01-01 21:19 - 2011-03-21 19:50 - 00000000 ____D C:\Users\Jeremy\Documents\DVD - CD ARTWORK TO PRINT
2014-01-01 21:18 - 2011-03-21 17:36 - 00000000 ____D C:\Users\Jeremy\Documents\Cakewalk Projects
2014-01-01 21:16 - 2011-03-21 16:27 - 00000000 ____D C:\Users\Jeremy\Documents\Cakewalk Guitar Tracks 3 files
2014-01-01 13:52 - 2014-01-01 13:34 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\ICAClient
2014-01-01 13:35 - 2014-01-01 13:34 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Citrix
2014-01-01 13:35 - 2014-01-01 13:34 - 00000000 ____D C:\ProgramData\Citrix
2014-01-01 13:35 - 2014-01-01 13:34 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-12-31 21:18 - 2013-12-31 21:17 - 00000000 ____D C:\Users\Jeremy\Downloads\vlc-2.1.2
2013-12-31 21:02 - 2012-07-26 02:21 - 01213841 _____ C:\Windows\setupact.log
2013-12-31 20:52 - 2013-12-31 20:52 - 00000097 _____ C:\Users\Jeremy\AppData\Roaming\settings.xml
2013-12-31 20:52 - 2013-12-31 20:52 - 00000000 ____D C:\Users\Jeremy\AppData\Local\SkinSoft
2013-12-31 20:46 - 2013-12-31 20:46 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\convertaudiofree
2013-12-30 09:11 - 2013-12-24 21:34 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Paint.NET
2013-12-29 15:07 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2013-12-29 14:09 - 2013-12-29 14:09 - 00000000 _____ C:\Users\Jeremy\Sti_Trace.log
2013-12-29 14:09 - 2013-12-22 19:57 - 00000000 ____D C:\Users\Jeremy
2013-12-29 14:08 - 2013-12-23 21:24 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\ControlCenter4
2013-12-29 11:04 - 2013-12-29 11:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\CyberLink
2013-12-29 11:04 - 2013-12-29 11:04 - 00000000 ____D C:\Users\Jeremy\AppData\Local\CyberLink
2013-12-29 11:04 - 2013-10-20 20:30 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-27 23:21 - 2013-12-27 21:02 - 00000426 ____H C:\Windows\system32\Rebecca.dat
2013-12-27 20:56 - 2013-12-27 20:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-27 20:56 - 2013-12-27 20:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-27 20:31 - 2013-12-27 20:31 - 00000000 ____D C:\Users\Jeremy\AppData\Local\KeePass
2013-12-26 22:14 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-26 00:43 - 2013-10-20 20:21 - 00000000 ____D C:\Windows\SysWOW64\sda
2013-12-26 00:43 - 2013-05-24 16:35 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-12-26 00:43 - 2012-07-26 03:12 - 00000000 __RSD C:\Windows\Media
2013-12-26 00:43 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-12-26 00:43 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2013-12-26 00:43 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2013-12-26 00:43 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\spool
2013-12-26 00:43 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\MUI
2013-12-26 00:43 - 2012-07-26 02:51 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-12-26 00:43 - 2012-07-26 02:51 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-12-26 00:43 - 2012-07-26 02:51 - 00000000 ____D C:\Windows\system32\WCN
2013-12-26 00:43 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\SysWOW64\SMI
2013-12-26 00:43 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\Sysprep
2013-12-26 00:42 - 2013-12-22 22:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launchy
2013-12-26 00:42 - 2013-12-22 19:58 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-26 00:42 - 2013-12-22 19:57 - 00000000 ___RD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-26 00:42 - 2013-10-20 20:13 - 00000000 ____D C:\Program Files\Intel
2013-12-26 00:42 - 2013-10-20 20:11 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-26 00:42 - 2013-05-24 16:39 - 00000000 ____D C:\Windows\en
2013-12-26 00:42 - 2012-08-03 17:29 - 00000000 ____D C:\ProgramData\PRICache
2013-12-26 00:42 - 2012-07-26 03:18 - 00000000 ____D C:\Windows\DigitalLocker
2013-12-26 00:42 - 2012-07-26 03:12 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-12-26 00:42 - 2012-07-26 03:12 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-12-26 00:42 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\Recovery
2013-12-26 00:42 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\Help
2013-12-26 00:42 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-25 23:43 - 2013-12-25 16:34 - 00000000 __SHD C:\Recovery
2013-12-25 22:32 - 2012-08-03 18:21 - 00000000 ____D C:\Windows\Panther
2013-12-25 21:48 - 2013-11-14 03:08 - 00000000 ___HD C:\$Windows.~BT
2013-12-25 21:00 - 2013-12-25 13:17 - 00019766 _____ C:\Windows\comsetup.log
2013-12-25 21:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\Registration
2013-12-25 20:26 - 2013-12-25 13:15 - 00062868 _____ C:\Windows\diagwrn.xml
2013-12-25 20:26 - 2013-12-25 13:15 - 00062868 _____ C:\Windows\diagerr.xml
2013-12-25 20:25 - 2012-08-03 17:40 - 00016837 _____ C:\Windows\iis.log
2013-12-25 20:25 - 2012-07-26 03:13 - 00006923 _____ C:\Windows\DtcInstall.log
2013-12-25 16:31 - 2013-12-25 16:31 - 00262144 _____ C:\Windows\system32\config\userdiff
2013-12-25 13:44 - 2013-05-24 16:30 - 00000000 ___HD C:\Users\Default\Documents\hp.system.package.metadata
2013-12-25 13:44 - 2013-05-24 16:30 - 00000000 ___HD C:\Users\Default User\Documents\hp.system.package.metadata
2013-12-25 13:20 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-25 12:09 - 2013-12-25 12:07 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-12-25 10:41 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-25 10:41 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-25 10:41 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-25 10:41 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-25 10:41 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-25 10:40 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-25 10:40 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-25 10:40 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-12-25 10:40 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-12-25 10:40 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-12-25 10:40 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\Dism
2013-12-25 09:29 - 2013-12-25 00:09 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-25 09:26 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2013-12-25 09:26 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-25 09:26 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-25 00:47 - 2013-12-25 00:47 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2013-12-25 00:47 - 2013-12-25 00:47 - 00000000 ____D C:\Program Files (x86)\Yamaha
2013-12-25 00:47 - 2013-05-24 16:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-25 00:46 - 2013-12-25 00:46 - 00000000 ____D C:\Users\Jeremy\Downloads\YSUSB_V183_Win64
2013-12-25 00:46 - 2013-12-25 00:46 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Downloaded Installations
2013-12-25 00:26 - 2013-12-25 00:26 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\AVAST Software
2013-12-25 00:10 - 2013-12-25 00:10 - 00001973 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-25 00:10 - 2013-12-25 00:09 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-25 00:09 - 2013-12-25 00:09 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-25 00:09 - 2013-12-25 00:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-25 00:08 - 2013-12-25 00:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-24 23:55 - 2013-12-24 23:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-24 23:49 - 2013-12-24 23:49 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\IDT
2013-12-24 23:39 - 2013-12-24 23:39 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-12-24 22:55 - 2013-12-24 22:55 - 00001816 _____ C:\Users\Jeremy\Desktop\Spotify.lnk
2013-12-24 22:55 - 2013-12-24 22:55 - 00001802 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-12-24 22:55 - 2013-12-24 22:55 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Spotify
2013-12-24 22:16 - 2013-12-24 21:40 - 00043008 ___SH C:\Users\Jeremy\Downloads\Thumbs.db
2013-12-24 22:15 - 2013-12-24 22:15 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Intel_Corporation
2013-12-24 22:14 - 2013-12-24 22:14 - 00000000 ____D C:\Users\Jeremy\AppData\Local\HP Quick Start
2013-12-24 22:13 - 2013-05-24 16:30 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-24 22:10 - 2013-12-23 21:29 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\hpqlog
2013-12-24 22:10 - 2012-12-20 19:45 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-12-24 21:53 - 2013-12-24 21:53 - 00000000 ____D C:\Users\Jeremy\AppData\Local\HP
2013-12-24 21:35 - 2013-12-24 21:35 - 00001183 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-12-23 23:41 - 2012-07-26 00:37 - 00000000 ____D C:\Windows\servicing
2013-12-23 23:40 - 2012-07-26 03:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-12-23 23:39 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-23 23:32 - 2013-05-24 16:46 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-23 23:32 - 2013-05-24 16:46 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-12-23 23:19 - 2013-10-20 20:31 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-12-23 23:04 - 2013-12-23 23:44 - 00002165 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2013-12-23 23:04 - 2013-12-23 23:04 - 00000000 ____D C:\ProgramData\ClassicShell
2013-12-23 23:04 - 2013-12-23 23:04 - 00000000 ____D C:\Program Files\Classic Shell
2013-12-23 21:29 - 2013-12-22 19:59 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Hewlett-Packard
2013-12-23 09:48 - 2013-12-23 09:48 - 00002062 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2013-12-23 09:48 - 2013-12-23 09:48 - 00000259 _____ C:\Windows\Brpfx04a.ini
2013-12-23 09:48 - 2013-12-23 09:48 - 00000065 _____ C:\Windows\brpcfx.ini
2013-12-23 09:46 - 2013-12-23 09:46 - 00000066 _____ C:\Windows\Brfaxrx.ini
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\ProgramData\ControlCenter4
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\Program Files (x86)\Browny02
2013-12-23 09:46 - 2013-12-23 09:46 - 00000000 ____D C:\Brother
2013-12-23 09:46 - 2013-12-23 09:45 - 00000000 ____D C:\Program Files (x86)\Brother
2013-12-23 09:43 - 2013-12-23 09:43 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\InstallShield
2013-12-23 09:43 - 2013-12-23 09:43 - 00000000 ____D C:\ProgramData\Brother
2013-12-22 22:14 - 2013-12-22 22:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Launchy
2013-12-22 22:04 - 2013-12-22 22:04 - 00000000 ____D C:\Program Files (x86)\Launchy
2013-12-22 21:59 - 2013-12-22 21:59 - 00000948 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Across Lite.lnk
2013-12-22 21:59 - 2013-12-22 21:59 - 00000000 ____D C:\Users\Jeremy\Documents\Across Crosswords
2013-12-22 21:59 - 2013-12-22 21:59 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Across Lite 2.0
2013-12-22 21:58 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\restore
2013-12-22 21:57 - 2013-12-22 20:26 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Hewlett-Packard
2013-12-22 21:35 - 2013-12-22 21:33 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Google
2013-12-22 21:32 - 2013-12-22 21:32 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Apps\2.0
2013-12-22 21:30 - 2013-12-22 21:30 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Macromedia
2013-12-22 20:26 - 2013-12-22 20:26 - 00004022 _____ C:\Windows\System32\Tasks\HPGenoobeReminder
2013-12-22 20:01 - 2013-05-24 16:29 - 00000000 ___HD C:\HP
2013-12-22 19:59 - 2013-12-22 19:59 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-22 19:59 - 2013-10-20 20:44 - 00000000 ____D C:\ProgramData\Norton
2013-12-22 19:58 - 2013-12-22 19:58 - 00001437 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-22 19:58 - 2013-12-22 19:58 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Synaptics
2013-12-22 19:58 - 2013-12-22 19:58 - 00000000 ____D C:\Users\Jeremy\AppData\Local\AuthenTec
2013-12-22 19:58 - 2013-12-22 19:57 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Packages
2013-12-22 19:58 - 2013-10-20 20:28 - 00000000 ___RD C:\Program Files\Online Services
2013-12-22 19:58 - 2013-05-24 16:41 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-12-22 19:58 - 2012-08-03 19:02 - 00000000 ___HD C:\SYSTEM.SAV
2013-12-22 19:57 - 2013-12-22 19:57 - 00000020 ___SH C:\Users\Jeremy\ntuser.ini
2013-12-22 19:57 - 2013-12-22 19:57 - 00000000 ____D C:\Users\Jeremy\AppData\Local\VirtualStore
 
Some content of TEMP:
====================
C:\Users\Jeremy\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Jeremy\AppData\Local\Temp\htmlayout.dll
C:\Users\Jeremy\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-07 19:06
 
==================== End Of Log ============================

 

 

Attached Files


Edited by OccamsShaver, 17 January 2014 - 11:23 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 18 January 2014 - 10:05 AM

If not already done please execute the RogueKiller tool and use the Delete function on all items found.

Restart the computer normally to complete the removal.
===

Spotify is not considered malware. You can disable it at startup by stopping the process.
http://www.systemlookup.com/Startup/24928.html

Not to say that it's status many have changed recently.

Have a look at this article.
http://blog.mitechmate.com/spotifywebhelper-removal-guide-get-rid-of-spotifywebhelper-popup/

If you want to remove it use the Add/Remove programs..

Let me know how it goes.
===

One more scan before we close this topic.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 24 January 2014 - 10:27 AM

Are you still with me?

#7 OccamsShaver

OccamsShaver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 24 January 2014 - 10:36 PM

Nasdaq,

Yes, I'm sorry for the delay in responding, I am still receiving the popups re: malicious URLs. Here are the contents of checkup.txt:

  

 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 25 January 2014 - 10:41 AM

The URLs that Avast warns me about are all cryptic

Could it be a false positive.

Read this topic.
http://sto-forum.perfectworld.com/showthread.php?t=610191

Give me the URL where you get this error message and I will investigate.

When posting your URL Edit the Http or https to hxxttp or hxxttps so none will be able to click on the link and get to the page.

#9 OccamsShaver

OccamsShaver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 25 January 2014 - 12:25 PM

I will post a URL when I get the popup again. The URLs have for the most part been cryptic combinations of letters. Would it make sense for me to switch to Bitdefender free antivirus?

 

Thanks again.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 26 January 2014 - 08:10 AM

May be.


If you do make sure you remove Avast! Completely.
Avast Uninstaller tool.
http://www.avast.com/en-ca/uninstall-utility

#11 OccamsShaver

OccamsShaver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 27 January 2014 - 08:27 AM

May be.


If you do make sure you remove Avast! Completely.
Avast Uninstaller tool.
http://www.avast.com/en-ca/uninstall-utility

 

 

So far, so good. We shall see....



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 27 January 2014 - 10:38 AM



If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
Ignore if this tool was not used.
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#13 OccamsShaver

OccamsShaver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 27 January 2014 - 03:42 PM

Thanks again. When you said "ignore if this tool was not used", were you referring to the Avast removal tool?

And do you consider the firewall in Windows 8 to be adequate?

 

 

 

If all is well:

Time for some housekeeping

  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
Ignore if this tool was not used.
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below. In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products: Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here: A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 28 January 2014 - 08:59 AM

Thanks again. When you said "ignore if this tool was not used", were you referring to the Avast removal tool?

No just ComboFix.

===

As for the Avast removal tool if no longer required delete it.
===

And do you consider the firewall in Windows 8 to be adequate?


Yes, with Windows Defender.

#15 OccamsShaver

OccamsShaver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 30 January 2014 - 09:35 PM

It's been 3 more days and I still haven't had that issue (though I'm not running Avast anymore).

Thank you again for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users