Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

10 trojan.agent's detected by MBAM pro today


  • This topic is locked This topic is locked
17 replies to this topic

#1 scags

scags

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 18 May 2014 - 05:42 PM

hello,

 

I think i am in need of some help. Normally i run scans once every day or so and nothing is ever found.  However, MBAM found and quarantined ten trojan's today.  I have no clue how i got them and if my OS is truly clean.  My regular AV (Bitdefender) has found nothing except 1 over compressed file it could not scan.  I'm running Win 8.1 64bit OS.  Thanks for any help you can offer

John


Edited by Chris Cosgrove, 18 May 2014 - 06:36 PM.
Moved to Virus, trojan and malware logs


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:12 PM

Posted 18 May 2014 - 05:53 PM

Hi scags

Can you post the report from MBAM, so we can see what was detected.
Are you using the latest version 2 of MBAM?

if so...

(Copy to clipboard for pasting into forum replies)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.

    mbamapplog_zps222887ef.png
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
-------------

If you are using the older version:

Start Malwarebytes AntiMalware.
Click on the logs tab.
The logs are date stamped ... double click on the log that showed the infection items.

mbamlog.png

It'll open in notepad.

Please copy/paste the report in your next reply

Edited by Starbuck, 18 May 2014 - 05:54 PM.

BBPP6nz.png


#3 scags

scags
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 18 May 2014 - 06:01 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/18/2014
Scan Time: 6:52:36 PM
Logfile:
Administrator: No

Version: 2.00.1.1004
Malware Database: v2014.05.18.09
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: scags_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 3768
Time Elapsed: 1 min, 15 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 10
Trojan.Agent, c:\csrss.exe, Quarantined, [8859df73c5b6989e2afad30a3ac8ed13],
Trojan.Agent, c:\ctfmon.exe, Quarantined, [ebf65200bcbf80b60b1a5f7ee12122de],
Trojan.Agent, c:\lsass.exe, Quarantined, [fde462f05e1d62d4b48d86595ea4b54b],
Trojan.Agent, c:\msconfig.exe, Quarantined, [9a477bd7abd0e155edb0924d7b878a76],
Trojan.Agent, c:\services.exe, Quarantined, [c0213c16760541f56f5fad33ec16fa06],
Trojan.Agent, c:\smss.exe, Quarantined, [934e1a38df9c989e58897070ec16b050],
Trojan.Agent, c:\systeminfo.exe, Quarantined, [5b86de7426557fb73ed9578a719138c8],
Trojan.Agent, c:\usp10.dll, Quarantined, [be2321316b1057dfb0d515cc2ad8fb05],
Trojan.Agent, c:\winlogon.exe, Quarantined, [825fb49e027949ed0bcc0bd632d0a65a],
Trojan.Agent, c:\winrs.exe, Quarantined, [e7fa32206c0f74c22f28cfe433cfcb35],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Also, Bitdefender will not update now. maybe due to the aforementioned files being quarantined?  Yes i'm using the latest version 2 of MBAM



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:12 PM

Posted 18 May 2014 - 06:20 PM

Hi scags

The legit location for most of those files is: C:\Windows\System32
By being located at: C:\ .... would normally denote malware.
I think it best if we check this out further.

Please bare with me whilst i get a Moderator to move this thread to the Malware Removal forum.
Once there we can use tools that will give us a better idea of your problem.
I'll reply again once the thread has been moved.

Thanks

BBPP6nz.png


#5 scags

scags
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 18 May 2014 - 06:25 PM

OK thank you



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:12 PM

Posted 19 May 2014 - 01:00 AM

Hi scags

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks

BBPP6nz.png


#7 scags

scags
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 19 May 2014 - 07:50 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by linux (administrator) on TAKE4 on 19-05-2014 08:41:49
Running from C:\Users\scags_000\Desktop
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-25] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EMET 4.1 Update 1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [81416 2014-04-29] (Microsoft Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-19] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-15] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-19] (Bitdefender)
HKU\S-1-5-21-340839276-330637587-1524343909-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-19] (Bitdefender)
HKU\S-1-5-21-340839276-330637587-1524343909-1001\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-15] (Bitdefender)
HKU\S-1-5-21-340839276-330637587-1524343909-1001\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-19] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\linux\AppData\Roaming\Mozilla\Firefox\Profiles\gi6mfj22.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Extension: HTTPS-Everywhere - C:\Users\linux\AppData\Roaming\Mozilla\Firefox\Profiles\gi6mfj22.default\Extensions\https-everywhere@eff.org [2014-05-03]
FF Extension: Ghostery - C:\Users\linux\AppData\Roaming\Mozilla\Firefox\Profiles\gi6mfj22.default\Extensions\firefox@ghostery.com.xpi [2014-05-03]
FF Extension: NoScript - C:\Users\linux\AppData\Roaming\Mozilla\Firefox\Profiles\gi6mfj22.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-03]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-05-03]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-05-03]

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-24] (Bitdefender)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-05-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2014-05-03] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-07-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-18] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2014-05-04] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-03-18] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-18] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-03-18] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-05-04] (Microsoft Corporation)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 08:41 - 2014-05-19 08:41 - 00012836 _____ () C:\Users\scags_000\Desktop\FRST.txt
2014-05-19 08:41 - 2014-05-19 08:41 - 00000000 ____D () C:\FRST
2014-05-19 08:40 - 2014-05-19 08:40 - 02067456 _____ (Farbar) C:\Users\scags_000\Desktop\FRST64.exe
2014-05-18 23:14 - 2014-05-18 23:14 - 00000000 __SHD () C:\Users\scags_000\AppData\Local\EmieUserList
2014-05-18 23:14 - 2014-05-18 23:14 - 00000000 __SHD () C:\Users\scags_000\AppData\Local\EmieSiteList
2014-05-18 19:32 - 2014-05-18 19:31 - 00005551 _____ () C:\Users\scags_000\Desktop\1400454771_1_01.xml
2014-05-18 18:29 - 2014-05-18 18:27 - 00005614 _____ () C:\Users\scags_000\Desktop\1400450676_1_01.xml
2014-05-14 20:13 - 2014-05-14 20:15 - 00000000 ____D () C:\Users\linux\SecurityScans
2014-05-14 20:13 - 2014-05-14 20:13 - 01810432 _____ () C:\Users\linux\Downloads\MBSASetup-x64-EN.msi
2014-05-14 20:13 - 2014-05-14 20:13 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2014-05-14 20:13 - 2014-05-14 20:13 - 00001100 _____ () C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
2014-05-14 20:13 - 2014-05-14 20:13 - 00000000 ____D () C:\Program Files\Microsoft Baseline Security Analyzer 2
2014-05-14 20:06 - 2014-05-14 20:06 - 27769568 _____ (Microsoft Corporation) C:\Users\linux\Downloads\Windows-KB890830-x64-V5.12.exe
2014-05-14 19:33 - 2014-05-14 19:33 - 00000000 ____D () C:\NPE
2014-05-14 19:32 - 2014-05-14 19:50 - 00000000 ____D () C:\Users\linux\AppData\Local\NPE
2014-05-14 19:31 - 2014-05-14 19:31 - 03077584 ____N (Symantec Corporation) C:\Users\linux\Downloads\NPE.exe
2014-05-14 19:12 - 2014-05-14 19:12 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-14 19:08 - 2014-05-14 19:08 - 93327368 _____ (Sophos Limited) C:\Users\linux\Downloads\Sophos Virus Removal Tool.exe
2014-05-14 13:04 - 2014-05-14 13:04 - 00002853 _____ () C:\Users\scags_000\Desktop\Malware responce.txt
2014-05-14 01:14 - 2014-05-14 01:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 23:25 - 2014-05-13 23:25 - 00000000 ____D () C:\Users\linux\AppData\Local\Downloaded Installations
2014-05-13 23:24 - 2014-05-13 23:24 - 00000000 ____D () C:\Users\linux\Documents\TomTom
2014-05-13 23:24 - 2014-05-13 23:24 - 00000000 ____D () C:\Users\linux\AppData\Roaming\TomTom
2014-05-13 23:24 - 2014-05-13 23:24 - 00000000 ____D () C:\Users\linux\AppData\Local\TomTom
2014-05-13 23:24 - 2014-05-13 23:24 - 00000000 ____D () C:\ProgramData\TomTom
2014-05-13 23:23 - 2014-05-13 23:23 - 00000000 ____D () C:\Users\linux\AppData\Local\Macromedia
2014-05-13 23:23 - 2014-05-13 23:23 - 00000000 ____D () C:\Program Files (x86)\TomTom DesktopSuite
2014-05-13 23:12 - 2014-04-18 05:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-13 23:12 - 2014-04-18 04:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-13 23:12 - 2014-04-18 04:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-13 23:12 - 2014-04-18 03:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-13 23:12 - 2014-04-06 12:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-13 23:12 - 2014-04-06 11:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-13 23:12 - 2014-04-06 07:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-13 23:12 - 2014-04-06 07:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-13 23:12 - 2014-04-03 04:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-13 23:12 - 2014-04-02 22:22 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-13 23:12 - 2014-03-30 18:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-13 23:12 - 2014-03-19 20:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-13 23:12 - 2014-03-19 19:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-13 23:12 - 2014-03-19 00:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-13 23:12 - 2014-03-18 01:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-13 23:12 - 2014-03-18 00:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-13 23:11 - 2014-04-18 10:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-13 23:11 - 2014-04-18 10:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-13 23:11 - 2014-04-18 09:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-13 23:11 - 2014-04-18 05:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-13 23:11 - 2014-04-18 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-13 23:11 - 2014-04-18 04:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-13 23:11 - 2014-04-18 03:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-13 23:11 - 2014-04-14 05:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-13 23:11 - 2014-04-14 04:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-13 23:11 - 2014-04-11 00:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-13 23:11 - 2014-04-11 00:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-13 23:11 - 2014-04-10 23:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-13 23:11 - 2014-04-09 07:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-13 23:11 - 2014-04-09 02:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-13 23:11 - 2014-04-09 01:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-13 23:11 - 2014-04-09 00:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-13 23:11 - 2014-04-08 23:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-13 23:11 - 2014-04-07 22:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-13 23:11 - 2014-04-06 12:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-13 23:11 - 2014-04-06 12:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-13 23:11 - 2014-04-06 12:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-13 23:11 - 2014-04-06 12:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-13 23:11 - 2014-04-06 12:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-13 23:11 - 2014-04-06 12:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 01401224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-13 23:11 - 2014-04-06 12:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-13 23:11 - 2014-04-06 12:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-13 23:11 - 2014-04-06 11:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-13 23:11 - 2014-04-06 11:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-13 23:11 - 2014-04-06 11:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-13 23:11 - 2014-04-06 10:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-13 23:11 - 2014-04-06 08:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-13 23:11 - 2014-04-06 08:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-13 23:11 - 2014-04-06 08:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-13 23:11 - 2014-04-06 08:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-13 23:11 - 2014-04-06 08:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-13 23:11 - 2014-04-06 07:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-13 23:11 - 2014-04-06 07:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-13 23:11 - 2014-04-06 07:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-13 23:11 - 2014-04-06 06:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-13 23:11 - 2014-04-06 06:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-13 23:11 - 2014-04-06 06:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-13 23:11 - 2014-04-06 06:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-13 23:11 - 2014-04-06 06:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-13 23:11 - 2014-04-06 05:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-13 23:11 - 2014-04-03 04:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-13 23:11 - 2014-04-03 04:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-13 23:11 - 2014-04-03 00:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-13 23:11 - 2014-04-03 00:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-13 23:11 - 2014-04-02 23:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-13 23:11 - 2014-04-02 22:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-13 23:11 - 2014-04-02 22:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-13 23:11 - 2014-04-02 22:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-13 23:11 - 2014-04-02 22:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-13 23:11 - 2014-04-02 22:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-13 23:11 - 2014-04-02 22:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-13 23:11 - 2014-04-01 02:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-13 23:11 - 2014-03-31 01:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-13 23:11 - 2014-03-31 01:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-13 23:11 - 2014-03-31 01:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-13 23:11 - 2014-03-30 20:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-13 23:11 - 2014-03-30 18:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-13 23:11 - 2014-03-30 18:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-13 23:11 - 2014-03-30 18:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-13 23:11 - 2014-03-30 17:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-13 23:11 - 2014-03-28 11:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-13 23:11 - 2014-03-27 02:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-13 23:11 - 2014-03-27 01:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-13 23:11 - 2014-03-27 00:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-13 23:11 - 2014-03-27 00:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-13 23:11 - 2014-03-27 00:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-13 23:11 - 2014-03-26 23:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-13 23:11 - 2014-03-26 23:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-13 23:11 - 2014-03-26 23:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-13 23:11 - 2014-03-24 18:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-13 23:11 - 2014-03-21 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2014-05-13 23:11 - 2014-03-19 23:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-13 23:11 - 2014-03-19 20:51 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-05-13 23:11 - 2014-03-19 19:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2014-05-13 23:11 - 2014-03-19 04:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-13 23:11 - 2014-03-19 04:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-13 23:11 - 2014-03-19 03:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-13 23:11 - 2014-03-19 03:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-13 23:11 - 2014-03-19 02:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-13 23:11 - 2014-03-19 01:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-13 23:11 - 2014-03-19 01:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-13 23:11 - 2014-03-19 01:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-13 23:11 - 2014-03-19 01:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-13 23:11 - 2014-03-19 01:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-13 23:11 - 2014-03-19 01:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-13 23:11 - 2014-03-19 00:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-13 23:11 - 2014-03-19 00:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-13 23:11 - 2014-03-18 04:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-13 23:11 - 2014-03-17 01:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-13 23:11 - 2014-03-17 00:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-13 23:11 - 2014-03-16 23:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-13 23:11 - 2014-03-16 22:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-13 23:11 - 2014-03-16 22:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-13 23:11 - 2014-03-14 02:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-13 23:11 - 2014-03-14 02:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-13 23:11 - 2014-03-06 08:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-13 23:11 - 2014-01-27 14:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-13 23:07 - 2014-05-13 23:07 - 00988096 _____ (EnTech Taiwan ) C:\Users\linux\Downloads\ddmsetup1450.exe
2014-05-13 23:07 - 2014-05-13 23:07 - 00001142 _____ () C:\Users\Public\Desktop\Dell Display Manager.lnk
2014-05-13 23:07 - 2014-05-13 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager
2014-05-13 23:07 - 2014-05-13 23:07 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-05-13 17:42 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-13 17:42 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-13 17:42 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-13 17:42 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-13 17:42 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-13 17:42 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-13 17:42 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-13 17:42 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-13 17:42 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-13 17:42 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-13 17:42 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-13 17:42 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-13 17:42 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-13 17:42 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-13 17:42 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-13 17:42 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-13 17:42 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-13 17:42 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-13 17:42 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-13 17:42 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-13 17:42 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-13 17:42 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-13 17:42 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-13 17:42 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-13 17:42 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-13 17:42 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-13 17:42 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-13 17:42 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-13 17:42 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-13 17:42 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-13 17:42 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-13 17:42 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-13 17:42 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-13 17:42 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-13 17:42 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-13 17:42 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-13 17:42 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-13 17:42 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-12 17:49 - 2014-05-12 17:49 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Macromedia
2014-05-12 17:49 - 2014-05-12 17:49 - 00000000 ____D () C:\Users\scags_000\AppData\Local\Macromedia
2014-05-12 17:48 - 2014-05-18 22:51 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-12 17:48 - 2014-05-13 17:51 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-12 17:47 - 2014-05-12 17:48 - 00000000 ____D () C:\Users\linux\AppData\Local\Adobe
2014-05-10 11:30 - 2014-05-10 11:30 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\QuickScan
2014-05-07 20:02 - 2014-05-07 20:10 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-06 09:43 - 2014-05-06 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-04 20:13 - 2014-05-16 16:40 - 00003178 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForscags_000
2014-05-04 20:13 - 2014-05-16 16:40 - 00000360 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForscags_000.job
2014-05-04 20:09 - 2014-05-04 20:13 - 00000000 ____D () C:\Users\scags_000\AppData\Local\Hewlett-Packard
2014-05-04 20:09 - 2014-05-04 20:09 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\hpqlog
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Hewlett-Packard
2014-05-04 19:29 - 2014-05-04 19:29 - 00000000 ____D () C:\Users\scags_000\Documents\Virtual Machines
2014-05-04 19:27 - 2014-05-14 14:07 - 00000000 ____D () C:\Users\scags_000\AppData\Local\VMware
2014-05-04 19:27 - 2014-05-14 14:02 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\VMware
2014-05-04 19:25 - 2014-04-14 16:41 - 00931032 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2014-05-04 19:25 - 2014-04-14 16:41 - 00437976 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2014-05-04 19:25 - 2014-04-14 16:41 - 00359128 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2014-05-04 19:25 - 2014-04-14 16:41 - 00064728 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2014-05-04 19:25 - 2014-04-14 16:41 - 00031448 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2014-05-04 19:25 - 2014-04-14 16:40 - 00033496 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMkbd.sys
2014-05-04 19:25 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2014-05-04 19:25 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2014-05-04 19:25 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2014-05-04 19:25 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2014-05-04 19:24 - 2014-05-18 18:53 - 00000000 ____D () C:\ProgramData\VMware
2014-05-04 19:24 - 2014-05-04 19:24 - 00002103 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-05-04 19:24 - 2014-05-04 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-05-04 19:24 - 2014-05-04 19:24 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-05-04 19:24 - 2014-05-04 19:24 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-05-04 19:13 - 2014-05-14 19:31 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-05-04 18:51 - 2014-05-04 18:51 - 00000000 ____D () C:\Users\scags_000\VirtualBox VMs
2014-05-04 18:47 - 2014-03-26 19:01 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2014-05-04 16:46 - 2014-05-04 16:46 - 00083456 _____ () C:\Users\scags_000\Desktop\MD5_and_SHA_Checksum_Utility.exe
2014-05-04 16:44 - 2014-05-18 12:29 - 00000000 ____D () C:\Users\scags_000\Desktop\Opie and Anthony
2014-05-04 15:45 - 2014-05-04 15:45 - 00000412 __RSH () C:\ProgramData\ntuser.pol
2014-05-04 15:39 - 2014-05-04 15:44 - 00000000 ____D () C:\WINDOWS\CSC
2014-05-04 15:39 - 2014-05-04 15:39 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-05-04 15:39 - 2014-05-04 15:39 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-04 15:38 - 2014-05-04 15:38 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 01230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 01165824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbda.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmstormod.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddputils.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationSettings.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmshell.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00147439 _____ () C:\WINDOWS\SysWOW64\gpedit.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00147439 _____ () C:\WINDOWS\system32\gpedit.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00146389 _____ () C:\WINDOWS\system32\printmanagement.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddptrace.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iTVData.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00120458 _____ () C:\WINDOWS\system32\secpol.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizardElev.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizard.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iTVData.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00090464 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeyboardFilterSvc.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmlib.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmtrace.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Mcx2Svc.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddp_ps.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsPbdaCoInst.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00043566 _____ () C:\WINDOWS\SysWOW64\rsop.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00043566 _____ () C:\WINDOWS\system32\rsop.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm_ps.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwinsta.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\qprocess.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\quser.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tskill.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\qappsrv.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgport.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsdiscon.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscon.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00022272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbldfltr.sys
2014-05-04 15:38 - 2014-05-04 15:38 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rwinsta.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoff.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgusr.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\chglogon.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\reset.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\change.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\query.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeSysprep.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysprepMCE.dll
2014-05-04 15:38 - 2014-03-18 06:13 - 00035741 _____ () C:\WINDOWS\ProfessionalWMC.xml
2014-05-04 15:37 - 2014-05-04 15:37 - 02176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00935424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2014-05-04 15:37 - 2014-05-04 15:37 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmstormod.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2014-05-04 15:37 - 2014-05-04 15:37 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmshell.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcsrchPH.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00096088 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedapplauncher.exe
2014-05-04 15:37 - 2014-05-04 15:37 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmtrace.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistHttpTrans.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistAD.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00040288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeyboardFilterCore.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00039264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00034144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KeyboardFilterCore.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm_ps.dll
2014-05-04 15:19 - 2014-05-04 15:19 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Mozilla
2014-05-04 15:19 - 2014-05-04 15:19 - 00000000 ____D () C:\Users\scags_000\AppData\Local\Mozilla
2014-05-04 14:52 - 2014-05-18 23:13 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\vlc
2014-05-04 14:46 - 2014-05-15 19:05 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340839276-330637587-1524343909-1002
2014-05-04 14:42 - 2014-05-19 08:38 - 00000000 __RDO () C:\Users\scags_000\OneDrive
2014-05-04 14:42 - 2014-05-04 14:42 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\ATI
2014-05-04 14:42 - 2014-05-04 14:42 - 00000000 ____D () C:\Users\scags_000\AppData\Local\ATI
2014-05-04 14:41 - 2014-05-04 14:42 - 00000000 ____D () C:\Users\scags_000\AppData\Local\PackageStaging
2014-05-04 14:41 - 2014-05-04 14:41 - 00000385 _____ () C:\Users\scags_000\AppData\Roaminguser_gensett.xml
2014-05-04 14:40 - 2014-05-12 19:20 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Bitdefender
2014-05-04 14:39 - 2014-05-13 23:43 - 00000000 ___RD () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-04 14:39 - 2014-05-13 23:43 - 00000000 ___RD () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-04 14:38 - 2014-05-17 11:16 - 00000000 ____D () C:\Users\scags_000
2014-05-04 14:38 - 2014-05-14 08:02 - 00000000 ____D () C:\Users\scags_000\AppData\Local\Packages
2014-05-04 14:38 - 2014-05-04 14:38 - 00001449 _____ () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-04 14:38 - 2014-05-04 14:38 - 00000020 ___SH () C:\Users\scags_000\ntuser.ini
2014-05-04 14:38 - 2014-05-04 14:38 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Adobe
2014-05-04 14:38 - 2014-05-04 14:38 - 00000000 ____D () C:\Users\scags_000\AppData\Local\VirtualStore
2014-05-04 14:38 - 2014-05-03 20:53 - 00000000 ___RD () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-04 14:38 - 2014-05-03 20:36 - 00000000 ____D () C:\Users\scags_000\Documents\hp.system.package.metadata
2014-05-04 14:38 - 2014-03-18 06:33 - 00000000 ___RD () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-04 14:38 - 2014-03-18 06:13 - 00000369 _____ () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-04 14:38 - 2014-03-18 06:13 - 00000369 _____ () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-04 14:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-04 14:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-04 12:35 - 2014-05-04 12:35 - 00000000 ___RD () C:\Users\linux\SkyDrive
2014-05-04 12:35 - 2014-05-04 12:35 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-05-04 00:51 - 2014-05-04 00:51 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2014-05-04 00:51 - 2014-05-04 00:51 - 00000000 ____D () C:\Users\linux\AppData\Roaming\WinBatch
2014-05-04 00:51 - 2014-05-04 00:51 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-04 00:48 - 2014-05-04 00:48 - 00000000 ____D () C:\ProgramData\AmUStor
2014-05-04 00:48 - 2014-05-04 00:48 - 00000000 ____D () C:\Program Files (x86)\AmUStor
2014-05-04 00:47 - 2014-05-18 23:24 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForlinux.job
2014-05-04 00:47 - 2014-05-13 23:24 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForlinux
2014-05-04 00:37 - 2014-05-17 17:57 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-05-04 00:37 - 2014-05-17 17:57 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-04 00:35 - 2014-05-04 00:35 - 00002200 _____ () C:\Users\linux\Desktop\HP Support Assistant.lnk
2014-05-04 00:33 - 2014-05-04 00:33 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-04 00:31 - 2014-05-04 00:31 - 00000000 ____D () C:\Users\linux\AppData\Roaming\hpqLog
2014-05-04 00:28 - 2014-05-04 00:28 - 00000000 __SHD () C:\Recovery
2014-05-04 00:28 - 2014-05-03 20:45 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-04 00:26 - 2014-05-04 00:26 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-05-04 00:26 - 2014-05-04 00:26 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-05-04 00:26 - 2014-05-04 00:26 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-05-04 00:26 - 2014-05-04 00:26 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-05-04 00:26 - 2014-05-04 00:26 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-05-04 00:26 - 2014-05-04 00:26 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-05-04 00:26 - 2014-05-04 00:26 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-05-04 00:25 - 2014-05-04 00:25 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2014-05-04 00:25 - 2014-05-04 00:25 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2014-05-04 00:24 - 2014-05-04 00:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-04 00:24 - 2014-05-04 00:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-04 00:23 - 2014-05-04 00:23 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-05-04 00:22 - 2014-05-04 00:22 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2014-05-04 00:22 - 2014-05-04 00:22 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2014-05-04 00:22 - 2014-05-04 00:22 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\inetpub
2014-05-04 00:22 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-05-04 00:22 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-04 00:22 - 2013-08-03 00:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-05-04 00:22 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-05-04 00:22 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-05-04 00:22 - 2013-08-03 00:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-05-03 23:25 - 2014-05-04 12:41 - 00000000 ____D () C:\Users\linux\AppData\Roaming\vlc
2014-05-03 23:24 - 2014-05-03 23:24 - 00001049 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-03 23:24 - 2014-05-03 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-03 23:24 - 2014-05-03 23:24 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-03 23:15 - 2014-05-03 23:15 - 00000481 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-05-03 22:58 - 2014-05-03 22:58 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-05-03 22:58 - 2014-05-03 22:58 - 00074512 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin32.dll
2014-05-03 22:55 - 2014-05-03 22:55 - 00532041 _____ () C:\ProgramData\1399171914.bdinstall.bin
2014-05-03 22:54 - 2014-05-03 22:54 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2014-05-03 22:54 - 2014-05-03 22:54 - 00000385 _____ () C:\Users\linux\AppData\Roaminguser_gensett.xml
2014-05-03 22:53 - 2014-05-18 21:43 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Autoscan
2014-05-03 22:53 - 2014-05-03 22:54 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Bitdefender
2014-05-03 22:53 - 2014-05-03 22:53 - 00002213 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-05-03 22:53 - 2014-05-03 22:53 - 00002165 _____ () C:\Users\Public\Desktop\Bitdefender Total Security.lnk
2014-05-03 22:53 - 2014-05-03 22:53 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-05-03 22:53 - 2014-05-03 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2014-05-03 22:53 - 2014-05-03 22:53 - 00000000 ____D () C:\ProgramData\BDLogging
2014-05-03 22:53 - 2013-12-02 12:58 - 00635392 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2014-05-03 22:53 - 2013-12-02 12:56 - 00893440 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2014-05-03 22:53 - 2013-11-04 16:47 - 00082824 _____ (BitDefender SRL) C:\WINDOWS\system32\Drivers\bdsandbox.sys
2014-05-03 22:53 - 2013-11-04 16:47 - 00074512 _____ (BitDefender SRL) C:\WINDOWS\SysWOW64\bdsandboxuiskin32.dll
2014-05-03 22:53 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2014-05-03 22:53 - 2013-07-30 18:41 - 00079192 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2014-05-03 22:53 - 2013-07-24 18:19 - 00098768 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\bdfndisf6.sys
2014-05-03 22:53 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2014-05-03 22:53 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2014-05-03 22:52 - 2014-05-03 22:54 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-05-03 22:52 - 2014-05-03 22:53 - 00000000 ____D () C:\Program Files\Bitdefender
2014-05-03 22:52 - 2013-11-04 16:47 - 00084848 _____ (BitDefender SRL) C:\WINDOWS\system32\BDSandBoxUISkin.dll
2014-05-03 22:52 - 2013-11-04 16:46 - 00034384 _____ (BitDefender SRL) C:\WINDOWS\system32\BDSandBoxUH.dll
2014-05-03 22:52 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2014-05-03 22:52 - 2013-08-07 13:46 - 00389240 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2014-05-03 22:51 - 2014-05-03 22:52 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-05-03 22:51 - 2014-05-03 22:51 - 00000000 ____D () C:\Users\linux\AppData\Roaming\QuickScan
2014-05-03 22:12 - 2014-05-14 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 22:12 - 2014-05-03 22:12 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 22:12 - 2014-05-03 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 22:12 - 2014-05-03 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 22:12 - 2014-05-03 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 22:12 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-03 22:12 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-03 22:12 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-03 21:49 - 2014-05-03 21:49 - 00000000 ____D () C:\Users\linux\AppData\Local\MediaServer
2014-05-03 21:41 - 2014-05-03 21:42 - 00000000 ____D () C:\Users\linux\AppData\Local\pinger.com
2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\Users\linux\AppData\Local\Windows Live
2014-05-03 21:33 - 2014-05-03 21:33 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-03 21:33 - 2014-05-03 21:33 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 21:33 - 2014-05-03 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-03 21:33 - 2014-05-03 21:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 21:30 - 2014-05-03 21:30 - 00000000 ____D () C:\ProgramData\Recovery
2014-05-03 21:27 - 2014-05-13 17:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-03 21:27 - 2014-05-04 17:12 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-03 21:26 - 2014-05-03 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-05-03 21:26 - 2014-05-03 21:26 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1
2014-05-03 21:23 - 2014-05-03 21:23 - 00000000 ____D () C:\Users\linux\AppData\Local\Microsoft_Corporation
2014-05-03 21:20 - 2014-05-14 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-03 21:20 - 2014-05-03 21:20 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-03 21:20 - 2014-05-03 21:20 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-03 21:20 - 2014-05-03 21:20 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Mozilla
2014-05-03 21:20 - 2014-05-03 21:20 - 00000000 ____D () C:\Users\linux\AppData\Local\Mozilla
2014-05-03 21:20 - 2014-05-03 21:20 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-03 21:18 - 2014-05-03 21:18 - 00000000 __SHD () C:\Users\linux\AppData\Local\EmieUserList
2014-05-03 21:18 - 2014-05-03 21:18 - 00000000 __SHD () C:\Users\linux\AppData\Local\EmieSiteList
2014-05-03 21:18 - 2014-05-03 21:18 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Macromedia
2014-05-03 21:05 - 2013-05-04 00:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2014-05-03 21:05 - 2013-05-04 00:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2014-05-03 20:57 - 2014-05-04 00:47 - 00000000 ____D () C:\Users\linux\AppData\Local\Hewlett-Packard
2014-05-03 20:54 - 2014-01-19 03:33 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-05-03 20:47 - 2014-05-14 19:43 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340839276-330637587-1524343909-1001
2014-05-03 20:45 - 2014-05-03 20:45 - 00001449 _____ () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-03 20:45 - 2014-05-03 20:45 - 00000020 ___SH () C:\Users\linux\ntuser.ini
2014-05-03 20:44 - 2014-05-03 21:19 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Hewlett-Packard
2014-05-03 20:43 - 2014-05-03 20:43 - 00000000 ____D () C:\Users\linux\AppData\Roaming\ATI
2014-05-03 20:43 - 2014-05-03 20:43 - 00000000 ____D () C:\Users\linux\AppData\Local\ATI
2014-05-03 20:42 - 2014-05-13 23:23 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5A4C9C45-B94F-4D00-87FB-12E7BB7277AF}
2014-05-03 20:42 - 2014-05-13 23:17 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 20:42 - 2014-05-13 23:17 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-03 20:42 - 2014-05-03 20:42 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Adobe
2014-05-03 20:41 - 2014-05-18 19:19 - 01123629 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-03 20:41 - 2014-05-03 22:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-05-03 20:41 - 2014-05-03 20:41 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-05-03 20:41 - 2014-05-03 20:41 - 00000000 __RSH () C:\WINDOWS\SysWOW64\Drivers\103C_HP_cPC_500-164_Y53316J_0U_Q3CR33605F6_E13AM5RR8601_4A_I2AE0_SMSI_V1.0_B80.35_T130710_W8101-0_L409_M7366_J2000_7AMD_8F31_93.50_#130722_N168C0032;19691091_Z_G1002990E_Ohp DVD-RAM GHA3N_DDELD055.MRK
2014-05-03 20:41 - 2014-05-03 20:41 - 00000000 __RSH () C:\WINDOWS\system32\Drivers\103C_HP_cPC_500-164_Y53316J_0U_Q3CR33605F6_E13AM5RR8601_4A_I2AE0_SMSI_V1.0_B80.35_T130710_W8101-0_L409_M7366_J2000_7AMD_8F31_93.50_#130722_N168C0032;19691091_Z_G1002990E_Ohp DVD-RAM GHA3N_DDELD055.MRK
2014-05-03 20:40 - 2014-05-03 23:30 - 00000000 ____D () C:\Users\linux\AppData\Local\Packages
2014-05-03 20:40 - 2014-05-03 20:40 - 00000000 ____D () C:\Users\linux\AppData\Local\VirtualStore
2014-05-03 20:40 - 2014-05-03 20:40 - 00000000 ____D () C:\Users\linux\AppData\Local\Power2Go8
2014-05-03 20:40 - 2014-05-03 20:18 - 01462831 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-05-03 20:40 - 2013-07-22 17:46 - 00000000 ___HD () C:\Users\linux\Documents\hp.system.package.metadata
2014-05-03 20:38 - 2014-05-03 20:38 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-03 20:36 - 2014-05-03 20:36 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-03 20:36 - 2014-05-03 20:36 - 00000000 ____D () C:\Users\Default\Documents\hp.system.package.metadata
2014-05-03 20:36 - 2014-05-03 20:36 - 00000000 ____D () C:\Users\Default User\Documents\hp.system.package.metadata
2014-05-03 20:34 - 2014-05-03 20:34 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-05-03 20:33 - 2014-05-14 20:13 - 00000000 ____D () C:\Users\linux
2014-05-03 20:33 - 2014-05-03 20:41 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-05-03 20:33 - 2014-05-03 20:41 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-05-03 20:33 - 2014-05-03 20:34 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-03 20:33 - 2014-05-03 20:34 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-03 20:33 - 2014-03-18 06:13 - 00000369 _____ () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-03 20:33 - 2014-03-18 06:13 - 00000369 _____ () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-03 20:33 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-03 20:33 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-03 20:31 - 2014-05-04 19:24 - 00973162 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-05-03 20:31 - 2014-05-03 20:34 - 00012096 _____ () C:\WINDOWS\iis.log
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin
2014-05-03 20:13 - 2014-05-03 20:41 - 00006569 _____ () C:\WINDOWS\comsetup.log
2014-05-03 20:03 - 2014-05-03 20:03 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== One Month Modified Files and Folders =======

2014-05-19 08:41 - 2014-05-19 08:41 - 00012836 _____ () C:\Users\scags_000\Desktop\FRST.txt
2014-05-19 08:41 - 2014-05-19 08:41 - 00000000 ____D () C:\FRST
2014-05-19 08:40 - 2014-05-19 08:40 - 02067456 _____ (Farbar) C:\Users\scags_000\Desktop\FRST64.exe
2014-05-19 08:38 - 2014-05-04 14:42 - 00000000 __RDO () C:\Users\scags_000\OneDrive
2014-05-19 08:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-18 23:24 - 2014-05-04 00:47 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForlinux.job
2014-05-18 23:14 - 2014-05-18 23:14 - 00000000 __SHD () C:\Users\scags_000\AppData\Local\EmieUserList
2014-05-18 23:14 - 2014-05-18 23:14 - 00000000 __SHD () C:\Users\scags_000\AppData\Local\EmieSiteList
2014-05-18 23:13 - 2014-05-04 14:52 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\vlc
2014-05-18 23:10 - 2014-03-18 06:03 - 00960624 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-18 22:51 - 2014-05-12 17:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-18 21:43 - 2014-05-03 22:53 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Autoscan
2014-05-18 19:31 - 2014-05-18 19:32 - 00005551 _____ () C:\Users\scags_000\Desktop\1400454771_1_01.xml
2014-05-18 19:19 - 2014-05-03 20:41 - 01123629 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-18 18:53 - 2014-05-04 19:24 - 00000000 ____D () C:\ProgramData\VMware
2014-05-18 18:53 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-18 18:52 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-18 18:27 - 2014-05-18 18:29 - 00005614 _____ () C:\Users\scags_000\Desktop\1400450676_1_01.xml
2014-05-18 18:05 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-18 12:29 - 2014-05-04 16:44 - 00000000 ____D () C:\Users\scags_000\Desktop\Opie and Anthony
2014-05-17 17:57 - 2014-05-04 00:37 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-05-17 17:57 - 2014-05-04 00:37 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-17 11:16 - 2014-05-04 14:38 - 00000000 ____D () C:\Users\scags_000
2014-05-16 16:40 - 2014-05-04 20:13 - 00003178 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForscags_000
2014-05-16 16:40 - 2014-05-04 20:13 - 00000360 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForscags_000.job
2014-05-15 19:05 - 2014-05-04 14:46 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340839276-330637587-1524343909-1002
2014-05-14 20:15 - 2014-05-14 20:13 - 00000000 ____D () C:\Users\linux\SecurityScans
2014-05-14 20:13 - 2014-05-14 20:13 - 01810432 _____ () C:\Users\linux\Downloads\MBSASetup-x64-EN.msi
2014-05-14 20:13 - 2014-05-14 20:13 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2014-05-14 20:13 - 2014-05-14 20:13 - 00001100 _____ () C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
2014-05-14 20:13 - 2014-05-14 20:13 - 00000000 ____D () C:\Program Files\Microsoft Baseline Security Analyzer 2
2014-05-14 20:13 - 2014-05-03 20:33 - 00000000 ____D () C:\Users\linux
2014-05-14 20:06 - 2014-05-14 20:06 - 27769568 _____ (Microsoft Corporation) C:\Users\linux\Downloads\Windows-KB890830-x64-V5.12.exe
2014-05-14 19:50 - 2014-05-14 19:32 - 00000000 ____D () C:\Users\linux\AppData\Local\NPE
2014-05-14 19:43 - 2014-05-03 20:47 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340839276-330637587-1524343909-1001
2014-05-14 19:33 - 2014-05-14 19:33 - 00000000 ____D () C:\NPE
2014-05-14 19:33 - 2014-05-03 22:12 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 19:32 - 2013-07-22 18:09 - 00000000 ____D () C:\ProgramData\Norton
2014-05-14 19:31 - 2014-05-14 19:31 - 03077584 ____N (Symantec Corporation) C:\Users\linux\Downloads\NPE.exe
2014-05-14 19:31 - 2014-05-04 19:13 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-05-14 19:12 - 2014-05-14 19:12 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-14 19:08 - 2014-05-14 19:08 - 93327368 _____ (Sophos Limited) C:\Users\linux\Downloads\Sophos Virus Removal Tool.exe
2014-05-14 18:49 - 2014-05-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 14:07 - 2014-05-04 19:27 - 00000000 ____D () C:\Users\scags_000\AppData\Local\VMware
2014-05-14 14:02 - 2014-05-04 19:27 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\VMware
2014-05-14 13:04 - 2014-05-14 13:04 - 00002853 _____ () C:\Users\scags_000\Desktop\Malware responce.txt
2014-05-14 12:44 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-14 08:02 - 2014-05-04 14:38 - 00000000 ____D () C:\Users\scags_000\AppData\Local\Packages
2014-05-14 08:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-14 07:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-14 01:14 - 2014-05-14 01:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 23:43 - 2014-05-04 14:39 - 00000000 ___RD () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-13 23:43 - 2014-05-04 14:39 - 00000000 ___RD () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-13 23:25 - 2014-05-13 23:25 - 00000000 ____D () C:\Users\linux\AppData\Local\Downloaded Installations
2014-05-13 23:24 - 2014-05-13 23:24 - 00000000 ____D () C:\Users\linux\Documents\TomTom
2014-05-13 23:24 - 2014-05-13 23:24 - 00000000 ____D () C:\Users\linux\AppData\Roaming\TomTom
2014-05-13 23:24 - 2014-05-13 23:24 - 00000000 ____D () C:\Users\linux\AppData\Local\TomTom
2014-05-13 23:24 - 2014-05-13 23:24 - 00000000 ____D () C:\ProgramData\TomTom
2014-05-13 23:24 - 2014-05-04 00:47 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForlinux
2014-05-13 23:23 - 2014-05-13 23:23 - 00000000 ____D () C:\Users\linux\AppData\Local\Macromedia
2014-05-13 23:23 - 2014-05-13 23:23 - 00000000 ____D () C:\Program Files (x86)\TomTom DesktopSuite
2014-05-13 23:23 - 2014-05-03 20:42 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5A4C9C45-B94F-4D00-87FB-12E7BB7277AF}
2014-05-13 23:21 - 2013-08-22 10:46 - 00298723 _____ () C:\WINDOWS\setupact.log
2014-05-13 23:17 - 2014-05-03 20:42 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-13 23:17 - 2014-05-03 20:42 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-13 23:16 - 2013-08-22 10:44 - 00355096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-13 23:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-13 23:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-05-13 23:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-05-13 23:07 - 2014-05-13 23:07 - 00988096 _____ (EnTech Taiwan ) C:\Users\linux\Downloads\ddmsetup1450.exe
2014-05-13 23:07 - 2014-05-13 23:07 - 00001142 _____ () C:\Users\Public\Desktop\Dell Display Manager.lnk
2014-05-13 23:07 - 2014-05-13 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager
2014-05-13 23:07 - 2014-05-13 23:07 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-05-13 23:07 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-13 17:53 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-13 17:53 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-13 17:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-13 17:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-13 17:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-13 17:51 - 2014-05-12 17:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 17:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-13 17:43 - 2014-05-03 21:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-12 19:20 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Bitdefender
2014-05-12 17:49 - 2014-05-12 17:49 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Macromedia
2014-05-12 17:49 - 2014-05-12 17:49 - 00000000 ____D () C:\Users\scags_000\AppData\Local\Macromedia
2014-05-12 17:48 - 2014-05-12 17:47 - 00000000 ____D () C:\Users\linux\AppData\Local\Adobe
2014-05-10 11:30 - 2014-05-10 11:30 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\QuickScan
2014-05-07 20:10 - 2014-05-07 20:02 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-06 09:43 - 2014-05-06 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-06 00:40 - 2014-05-13 17:42 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-13 17:42 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-13 17:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-13 17:42 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-04 20:13 - 2014-05-04 20:09 - 00000000 ____D () C:\Users\scags_000\AppData\Local\Hewlett-Packard
2014-05-04 20:09 - 2014-05-04 20:09 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\hpqlog
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Hewlett-Packard
2014-05-04 19:29 - 2014-05-04 19:29 - 00000000 ____D () C:\Users\scags_000\Documents\Virtual Machines
2014-05-04 19:24 - 2014-05-04 19:24 - 00002103 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-05-04 19:24 - 2014-05-04 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-05-04 19:24 - 2014-05-04 19:24 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-05-04 19:24 - 2014-05-04 19:24 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-05-04 19:24 - 2014-05-03 20:31 - 00973162 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-05-04 18:51 - 2014-05-04 18:51 - 00000000 ____D () C:\Users\scags_000\VirtualBox VMs
2014-05-04 17:12 - 2014-05-03 21:27 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-04 16:46 - 2014-05-04 16:46 - 00083456 _____ () C:\Users\scags_000\Desktop\MD5_and_SHA_Checksum_Utility.exe
2014-05-04 15:45 - 2014-05-04 15:45 - 00000412 __RSH () C:\ProgramData\ntuser.pol
2014-05-04 15:44 - 2014-05-04 15:39 - 00000000 ____D () C:\WINDOWS\CSC
2014-05-04 15:44 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-05-04 15:40 - 2014-03-18 05:54 - 00005630 _____ () C:\WINDOWS\PFRO.log
2014-05-04 15:39 - 2014-05-04 15:39 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-05-04 15:39 - 2014-05-04 15:39 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-04 15:39 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-04 15:39 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-04 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-05-04 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-05-04 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\security
2014-05-04 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-05-04 15:38 - 2014-05-04 15:38 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 01230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 01165824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbda.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmstormod.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddputils.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationSettings.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmshell.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00147439 _____ () C:\WINDOWS\SysWOW64\gpedit.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00147439 _____ () C:\WINDOWS\system32\gpedit.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00146389 _____ () C:\WINDOWS\system32\printmanagement.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddptrace.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iTVData.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00120458 _____ () C:\WINDOWS\system32\secpol.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizardElev.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizard.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iTVData.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00090464 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeyboardFilterSvc.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmlib.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmtrace.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Mcx2Svc.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddp_ps.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsPbdaCoInst.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00043566 _____ () C:\WINDOWS\SysWOW64\rsop.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00043566 _____ () C:\WINDOWS\system32\rsop.msc
2014-05-04 15:38 - 2014-05-04 15:38 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm_ps.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwinsta.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\qprocess.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\quser.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tskill.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\qappsrv.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgport.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsdiscon.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscon.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00022272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbldfltr.sys
2014-05-04 15:38 - 2014-05-04 15:38 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rwinsta.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoff.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgusr.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\chglogon.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\reset.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\change.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\query.exe
2014-05-04 15:38 - 2014-05-04 15:38 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeSysprep.dll
2014-05-04 15:38 - 2014-05-04 15:38 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysprepMCE.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 02176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00935424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2014-05-04 15:37 - 2014-05-04 15:37 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmstormod.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2014-05-04 15:37 - 2014-05-04 15:37 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmshell.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcsrchPH.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00096088 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedapplauncher.exe
2014-05-04 15:37 - 2014-05-04 15:37 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmtrace.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistHttpTrans.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistAD.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00040288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeyboardFilterCore.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00039264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00034144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KeyboardFilterCore.dll
2014-05-04 15:37 - 2014-05-04 15:37 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm_ps.dll
2014-05-04 15:19 - 2014-05-04 15:19 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Mozilla
2014-05-04 15:19 - 2014-05-04 15:19 - 00000000 ____D () C:\Users\scags_000\AppData\Local\Mozilla
2014-05-04 14:42 - 2014-05-04 14:42 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\ATI
2014-05-04 14:42 - 2014-05-04 14:42 - 00000000 ____D () C:\Users\scags_000\AppData\Local\ATI
2014-05-04 14:42 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\scags_000\AppData\Local\PackageStaging
2014-05-04 14:41 - 2014-05-04 14:41 - 00000385 _____ () C:\Users\scags_000\AppData\Roaminguser_gensett.xml
2014-05-04 14:38 - 2014-05-04 14:38 - 00001449 _____ () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-04 14:38 - 2014-05-04 14:38 - 00000020 ___SH () C:\Users\scags_000\ntuser.ini
2014-05-04 14:38 - 2014-05-04 14:38 - 00000000 ____D () C:\Users\scags_000\AppData\Roaming\Adobe
2014-05-04 14:38 - 2014-05-04 14:38 - 00000000 ____D () C:\Users\scags_000\AppData\Local\VirtualStore
2014-05-04 12:41 - 2014-05-03 23:25 - 00000000 ____D () C:\Users\linux\AppData\Roaming\vlc
2014-05-04 12:35 - 2014-05-04 12:35 - 00000000 ___RD () C:\Users\linux\SkyDrive
2014-05-04 12:35 - 2014-05-04 12:35 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-05-04 00:51 - 2014-05-04 00:51 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2014-05-04 00:51 - 2014-05-04 00:51 - 00000000 ____D () C:\Users\linux\AppData\Roaming\WinBatch
2014-05-04 00:51 - 2014-05-04 00:51 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-04 00:51 - 2013-07-22 17:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-04 00:51 - 2013-04-10 15:20 - 00000000 ____D () C:\SWSETUP
2014-05-04 00:51 - 2013-03-01 15:28 - 09889352 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtsUStoricon.dll
2014-05-04 00:51 - 2013-03-01 15:28 - 00263896 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2014-05-04 00:50 - 2013-07-22 17:51 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-05-04 00:50 - 2013-07-22 17:51 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-05-04 00:48 - 2014-05-04 00:48 - 00000000 ____D () C:\ProgramData\AmUStor
2014-05-04 00:48 - 2014-05-04 00:48 - 00000000 ____D () C:\Program Files (x86)\AmUStor
2014-05-04 00:47 - 2014-05-03 20:57 - 00000000 ____D () C:\Users\linux\AppData\Local\Hewlett-Packard
2014-05-04 00:35 - 2014-05-04 00:35 - 00002200 _____ () C:\Users\linux\Desktop\HP Support Assistant.lnk
2014-05-04 00:35 - 2013-07-22 17:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-04 00:34 - 2013-07-22 17:46 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-04 00:33 - 2014-05-04 00:33 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-04 00:31 - 2014-05-04 00:31 - 00000000 ____D () C:\Users\linux\AppData\Roaming\hpqLog
2014-05-04 00:31 - 2013-07-22 17:47 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-04 00:28 - 2014-05-04 00:28 - 00000000 __SHD () C:\Recovery
2014-05-04 00:27 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-05-04 00:26 - 2014-05-04 00:26 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-05-04 00:26 - 2014-05-04 00:26 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-05-04 00:26 - 2014-05-04 00:26 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-05-04 00:26 - 2014-05-04 00:26 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-05-04 00:26 - 2014-05-04 00:26 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-05-04 00:26 - 2014-05-04 00:26 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-05-04 00:26 - 2014-05-04 00:26 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-04 00:26 - 2014-05-04 00:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-05-04 00:26 - 2014-05-04 00:26 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-05-04 00:26 - 2014-05-04 00:26 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-05-04 00:26 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2014-05-04 00:26 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-05-04 00:26 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-05-04 00:25 - 2014-05-04 00:25 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2014-05-04 00:25 - 2014-05-04 00:25 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2014-05-04 00:24 - 2014-05-04 00:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-04 00:24 - 2014-05-04 00:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-04 00:23 - 2014-05-04 00:23 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-05-04 00:22 - 2014-05-04 00:22 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2014-05-04 00:22 - 2014-05-04 00:22 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2014-05-04 00:22 - 2014-05-04 00:22 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-05-04 00:22 - 2014-05-04 00:22 - 00000000 ____D () C:\inetpub
2014-05-03 23:30 - 2014-05-03 20:40 - 00000000 ____D () C:\Users\linux\AppData\Local\Packages
2014-05-03 23:24 - 2014-05-03 23:24 - 00001049 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-03 23:24 - 2014-05-03 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-03 23:24 - 2014-05-03 23:24 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-03 23:15 - 2014-05-03 23:15 - 00000481 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-05-03 22:58 - 2014-05-03 22:58 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-05-03 22:58 - 2014-05-03 22:58 - 00074512 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin32.dll
2014-05-03 22:55 - 2014-05-03 22:55 - 00532041 _____ () C:\ProgramData\1399171914.bdinstall.bin
2014-05-03 22:54 - 2014-05-03 22:54 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2014-05-03 22:54 - 2014-05-03 22:54 - 00000385 _____ () C:\Users\linux\AppData\Roaminguser_gensett.xml
2014-05-03 22:54 - 2014-05-03 22:53 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Bitdefender
2014-05-03 22:54 - 2014-05-03 22:52 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-05-03 22:53 - 2014-05-03 22:53 - 00002213 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-05-03 22:53 - 2014-05-03 22:53 - 00002165 _____ () C:\Users\Public\Desktop\Bitdefender Total Security.lnk
2014-05-03 22:53 - 2014-05-03 22:53 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-05-03 22:53 - 2014-05-03 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2014-05-03 22:53 - 2014-05-03 22:53 - 00000000 ____D () C:\ProgramData\BDLogging
2014-05-03 22:53 - 2014-05-03 22:52 - 00000000 ____D () C:\Program Files\Bitdefender
2014-05-03 22:52 - 2014-05-03 22:51 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-05-03 22:51 - 2014-05-03 22:51 - 00000000 ____D () C:\Users\linux\AppData\Roaming\QuickScan
2014-05-03 22:33 - 2014-05-03 20:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-05-03 22:24 - 2013-07-22 17:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-03 22:12 - 2014-05-03 22:12 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 22:12 - 2014-05-03 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 22:12 - 2014-05-03 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 22:12 - 2014-05-03 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 21:49 - 2014-05-03 21:49 - 00000000 ____D () C:\Users\linux\AppData\Local\MediaServer
2014-05-03 21:49 - 2013-07-22 18:02 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-03 21:49 - 2013-07-22 18:02 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-03 21:49 - 2013-07-22 17:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-05-03 21:42 - 2014-05-03 21:41 - 00000000 ____D () C:\Users\linux\AppData\Local\pinger.com
2014-05-03 21:42 - 2013-07-22 18:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-05-03 21:40 - 2013-07-22 17:54 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\Users\linux\AppData\Local\Windows Live
2014-05-03 21:33 - 2014-05-03 21:33 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-03 21:33 - 2014-05-03 21:33 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 21:33 - 2014-05-03 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-03 21:33 - 2014-05-03 21:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 21:30 - 2014-05-03 21:30 - 00000000 ____D () C:\ProgramData\Recovery
2014-05-03 21:26 - 2014-05-03 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-05-03 21:26 - 2014-05-03 21:26 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1
2014-05-03 21:23 - 2014-05-03 21:23 - 00000000 ____D () C:\Users\linux\AppData\Local\Microsoft_Corporation
2014-05-03 21:20 - 2014-05-03 21:20 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-03 21:20 - 2014-05-03 21:20 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-03 21:20 - 2014-05-03 21:20 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Mozilla
2014-05-03 21:20 - 2014-05-03 21:20 - 00000000 ____D () C:\Users\linux\AppData\Local\Mozilla
2014-05-03 21:20 - 2014-05-03 21:20 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-03 21:19 - 2014-05-03 20:44 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Hewlett-Packard
2014-05-03 21:18 - 2014-05-03 21:18 - 00000000 __SHD () C:\Users\linux\AppData\Local\EmieUserList
2014-05-03 21:18 - 2014-05-03 21:18 - 00000000 __SHD () C:\Users\linux\AppData\Local\EmieSiteList
2014-05-03 21:18 - 2014-05-03 21:18 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Macromedia
2014-05-03 20:58 - 2013-07-22 17:50 - 00000000 ____D () C:\Program Files\IDT
2014-05-03 20:53 - 2014-05-04 14:38 - 00000000 ___RD () C:\Users\scags_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-03 20:45 - 2014-05-04 00:28 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-03 20:45 - 2014-05-03 20:45 - 00001449 _____ () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-03 20:45 - 2014-05-03 20:45 - 00000020 ___SH () C:\Users\linux\ntuser.ini
2014-05-03 20:43 - 2014-05-03 20:43 - 00000000 ____D () C:\Users\linux\AppData\Roaming\ATI
2014-05-03 20:43 - 2014-05-03 20:43 - 00000000 ____D () C:\Users\linux\AppData\Local\ATI
2014-05-03 20:42 - 2014-05-03 20:42 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Adobe
2014-05-03 20:42 - 2013-07-22 18:06 - 00000000 ___RD () C:\Program Files\Online Services
2014-05-03 20:42 - 2013-07-22 17:53 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-05-03 20:42 - 2013-04-09 21:58 - 00000000 _RSHD () C:\SYSTEM.SAV
2014-05-03 20:41 - 2014-05-03 20:41 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-05-03 20:41 - 2014-05-03 20:41 - 00000000 __RSH () C:\WINDOWS\SysWOW64\Drivers\103C_HP_cPC_500-164_Y53316J_0U_Q3CR33605F6_E13AM5RR8601_4A_I2AE0_SMSI_V1.0_B80.35_T130710_W8101-0_L409_M7366_J2000_7AMD_8F31_93.50_#130722_N168C0032;19691091_Z_G1002990E_Ohp DVD-RAM GHA3N_DDELD055.MRK
2014-05-03 20:41 - 2014-05-03 20:41 - 00000000 __RSH () C:\WINDOWS\system32\Drivers\103C_HP_cPC_500-164_Y53316J_0U_Q3CR33605F6_E13AM5RR8601_4A_I2AE0_SMSI_V1.0_B80.35_T130710_W8101-0_L409_M7366_J2000_7AMD_8F31_93.50_#130722_N168C0032;19691091_Z_G1002990E_Ohp DVD-RAM GHA3N_DDELD055.MRK
2014-05-03 20:41 - 2014-05-03 20:33 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-05-03 20:41 - 2014-05-03 20:33 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-05-03 20:41 - 2014-05-03 20:13 - 00006569 _____ () C:\WINDOWS\comsetup.log
2014-05-03 20:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-05-03 20:40 - 2014-05-03 20:40 - 00000000 ____D () C:\Users\linux\AppData\Local\VirtualStore
2014-05-03 20:40 - 2014-05-03 20:40 - 00000000 ____D () C:\Users\linux\AppData\Local\Power2Go8
2014-05-03 20:39 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-05-03 20:38 - 2014-05-03 20:38 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-03 20:36 - 2014-05-04 14:38 - 00000000 ____D () C:\Users\scags_000\Documents\hp.system.package.metadata
2014-05-03 20:36 - 2014-05-03 20:36 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-03 20:36 - 2014-05-03 20:36 - 00000000 ____D () C:\Users\Default\Documents\hp.system.package.metadata
2014-05-03 20:36 - 2014-05-03 20:36 - 00000000 ____D () C:\Users\Default User\Documents\hp.system.package.metadata
2014-05-03 20:36 - 2014-03-18 05:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-05-03 20:36 - 2014-03-18 05:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-05-03 20:36 - 2014-03-18 05:32 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-05-03 20:36 - 2013-08-22 11:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log
2014-05-03 20:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-05-03 20:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-05-03 20:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2014-05-03 20:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-05-03 20:36 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated
2014-05-03 20:35 - 2013-08-22 11:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-05-03 20:35 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-05-03 20:35 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-05-03 20:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-05-03 20:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-05-03 20:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2014-05-03 20:35 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-03 20:35 - 2013-07-22 17:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-05-03 20:35 - 2013-04-03 20:13 - 00000000 ____D () C:\ProgramData\PRICache
2014-05-03 20:34 - 2014-05-03 20:34 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-05-03 20:34 - 2014-05-03 20:33 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-03 20:34 - 2014-05-03 20:33 - 00000000 ___RD () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-03 20:34 - 2014-05-03 20:31 - 00012096 _____ () C:\WINDOWS\iis.log
2014-05-03 20:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-05-03 20:31 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin
2014-05-03 20:29 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2014-05-03 20:18 - 2014-05-03 20:40 - 01462831 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-05-03 20:05 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-05-03 20:03 - 2014-05-03 20:03 - 00000000 ____D () C:\Users\linux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-01 16:30 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:30 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-22 15:07 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\ELAMBKUP

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-13 23:11] - [2014-03-28 11:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-13 23:11] - [2014-03-06 08:42] - 0310616 ____A (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663



LastRegBack: 2014-05-17 11:21

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by linux at 2014-05-19 08:42:26
Running from C:\Users\scags_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{40959651-122E-1A16-9011-40629C01703F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
EMET 4.1 Update 1 (HKLM-x32\...\{6A09FEB2-691C-456B-B982-2F6D21B19602}) (Version: 4.1.1 - Microsoft Corporation)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{D8D25854-D7F0-45C5-8702-D650A5A23E21}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
tools-linux (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.2 - VMware, Inc)
VMware Player (Version: 6.0.2 - VMware, Inc.) Hidden

==================== Restore Points  =========================

04-05-2014 22:47:22 Installed Oracle VM VirtualBox 4.3.10
13-05-2014 16:27:41 Scheduled Checkpoint
14-05-2014 23:12:20 Installed Sophos Virus Removal Tool.

==================== Hosts content: ==========================

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {26A4AC3E-26C5-46E1-BE84-DC3CC2CD7E78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32D107C6-3926-4BA2-97D3-2BFF0FED758E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3324C673-EB5E-4174-BE32-1B6E95AA0140} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-04] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {416D786C-93DF-40A4-8D05-CBD5E0A6C516} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2013-06-19] (Bitdefender)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80EA4647-08D3-41EB-BF61-7FC9B39697EF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {839B5D0B-52B4-4163-9F4A-55918A818A72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9B2DF1F9-E445-4B1C-9726-52E438AA4F7F} - System32\Tasks\HPCeeScheduleForlinux => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A39335E4-FCD4-4125-A3C8-6C593A3D0888} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B1BA1107-7E45-4DDF-A508-72C544D4FB69} - System32\Tasks\HPCeeScheduleForscags_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C353C866-B6FF-48BE-82C2-ACA03E8ACF9E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D3151988-512C-437B-AB9A-9E44294C9499} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D78CCBF7-9ECB-4424-8A9E-9493A8994A44} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DC65C175-2089-49B1-AAC3-396B378652BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F6C8C534-7BA0-45BB-B3B0-DDEC4DC65D24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForlinux.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForscags_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-04-29 10:28 - 2014-04-29 10:28 - 00091648 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE64.DLL
2014-05-03 22:53 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-05-03 22:53 - 2014-04-22 15:00 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-05-03 22:53 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-05-03 22:53 - 2014-04-22 15:00 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-05-03 22:53 - 2014-03-25 11:53 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpbr.mdl
2014-05-03 22:53 - 2014-03-25 11:53 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpdsp.mdl
2014-05-03 22:53 - 2014-03-25 11:53 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpph.mdl
2014-05-03 22:53 - 2014-03-25 11:53 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttprbl.mdl
2014-05-03 22:53 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-04-29 10:28 - 2014-04-29 10:28 - 00124424 _____ () C:\Program Files (x86)\EMET 4.1\HelperLib.dll
2014-04-29 10:28 - 2014-04-29 10:28 - 00037896 _____ () C:\Program Files (x86)\EMET 4.1\ReportingSubsystem.dll
2014-04-29 10:28 - 2014-04-29 10:28 - 00348160 _____ () C:\Program Files (x86)\EMET 4.1\DevExpress.UserSkins.HighContrast.dll
2014-04-29 10:28 - 2014-04-29 10:28 - 00032776 _____ () C:\Program Files (x86)\EMET 4.1\TrayIconSubsystem.dll
2014-04-29 10:28 - 2014-04-29 10:28 - 00052232 _____ () C:\Program Files (x86)\EMET 4.1\PKIPinningSubsystem.dll
2013-01-22 18:50 - 2013-01-22 18:50 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2014-04-14 16:41 - 2014-04-14 16:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-05-14 01:14 - 2014-05-14 01:14 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-04 15:26 - 2014-05-04 15:26 - 01020928 _____ () C:\Users\scags_000\AppData\Roaming\Mozilla\Firefox\Profiles\culw5g6e.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-05-03 22:53 - 2014-03-15 01:10 - 00035896 _____ () C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\components\ffpwdman.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\linux\Downloads\ddmsetup1450.exe:BDU
AlternateDataStreams: C:\Users\linux\Downloads\NPE.exe:BDU
AlternateDataStreams: C:\Users\linux\Downloads\Sophos Virus Removal Tool.exe:BDU
AlternateDataStreams: C:\Users\linux\Downloads\Windows-KB890830-x64-V5.12.exe:BDU
AlternateDataStreams: C:\Users\scags_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\scags_000\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\scags_000\Desktop\MD5_and_SHA_Checksum_Utility.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2014 07:05:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/14/2014 07:12:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/14/2014 00:11:57 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727

Error: (05/14/2014 00:11:57 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278

Error: (05/13/2014 11:24:25 PM) (Source: TomTomHOMEService) (EventID: 10000) (User: )
Description: TomTomHOMEServiceOpenService failed with 0

Error: (05/13/2014 11:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_13_0_0_214.exe, version: 13.0.0.214, time stamp: 0x5359c61d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x715590df
Faulting process id: 0x128c
Faulting application start time: 0xFlashPlayerPlugin_13_0_0_214.exe0
Faulting application path: FlashPlayerPlugin_13_0_0_214.exe1
Faulting module path: FlashPlayerPlugin_13_0_0_214.exe2
Report Id: FlashPlayerPlugin_13_0_0_214.exe3
Faulting package full name: FlashPlayerPlugin_13_0_0_214.exe4
Faulting package-relative application ID: FlashPlayerPlugin_13_0_0_214.exe5

Error: (05/13/2014 11:23:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_13_0_0_214.exe, version: 13.0.0.214, time stamp: 0x5359c61d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x01224fa0
Faulting process id: 0x128c
Faulting application start time: 0xFlashPlayerPlugin_13_0_0_214.exe0
Faulting application path: FlashPlayerPlugin_13_0_0_214.exe1
Faulting module path: FlashPlayerPlugin_13_0_0_214.exe2
Report Id: FlashPlayerPlugin_13_0_0_214.exe3
Faulting package full name: FlashPlayerPlugin_13_0_0_214.exe4
Faulting package-relative application ID: FlashPlayerPlugin_13_0_0_214.exe5

Error: (05/13/2014 11:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_13_0_0_214.exe, version: 13.0.0.214, time stamp: 0x5359c61d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x715590df
Faulting process id: 0x1270
Faulting application start time: 0xFlashPlayerPlugin_13_0_0_214.exe0
Faulting application path: FlashPlayerPlugin_13_0_0_214.exe1
Faulting module path: FlashPlayerPlugin_13_0_0_214.exe2
Report Id: FlashPlayerPlugin_13_0_0_214.exe3
Faulting package full name: FlashPlayerPlugin_13_0_0_214.exe4
Faulting package-relative application ID: FlashPlayerPlugin_13_0_0_214.exe5

Error: (05/13/2014 11:23:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_13_0_0_214.exe, version: 13.0.0.214, time stamp: 0x5359c61d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x04384fa0
Faulting process id: 0x1270
Faulting application start time: 0xFlashPlayerPlugin_13_0_0_214.exe0
Faulting application path: FlashPlayerPlugin_13_0_0_214.exe1
Faulting module path: FlashPlayerPlugin_13_0_0_214.exe2
Report Id: FlashPlayerPlugin_13_0_0_214.exe3
Faulting package full name: FlashPlayerPlugin_13_0_0_214.exe4
Faulting package-relative application ID: FlashPlayerPlugin_13_0_0_214.exe5

Error: (05/13/2014 11:23:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_13_0_0_214.exe, version: 13.0.0.214, time stamp: 0x5359c61d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x715590df
Faulting process id: 0xa28
Faulting application start time: 0xFlashPlayerPlugin_13_0_0_214.exe0
Faulting application path: FlashPlayerPlugin_13_0_0_214.exe1
Faulting module path: FlashPlayerPlugin_13_0_0_214.exe2
Report Id: FlashPlayerPlugin_13_0_0_214.exe3
Faulting package full name: FlashPlayerPlugin_13_0_0_214.exe4
Faulting package-relative application ID: FlashPlayerPlugin_13_0_0_214.exe5


System errors:
=============
Error: (05/14/2014 07:32:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/13/2014 11:43:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (05/13/2014 11:37:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TomTomHOMEService service terminated unexpectedly.  It has done this 2 time(s).

Error: (05/13/2014 11:26:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The TomTomHOMEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/13/2014 11:26:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TomTomHOMEService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/13/2014 01:08:36 PM) (Source: DCOM) (EventID: 10010) (User: take4)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/13/2014 01:08:36 PM) (Source: DCOM) (EventID: 10010) (User: take4)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/13/2014 01:08:18 PM) (Source: DCOM) (EventID: 10010) (User: take4)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/13/2014 01:08:18 PM) (Source: DCOM) (EventID: 10010) (User: take4)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/12/2014 03:28:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.


Microsoft Office Sessions:
=========================
Error: (05/15/2014 07:05:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/14/2014 07:12:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/14/2014 00:11:57 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727

Error: (05/14/2014 00:11:57 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278

Error: (05/13/2014 11:24:25 PM) (Source: TomTomHOMEService) (EventID: 10000) (User: )
Description: TomTomHOMEServiceOpenService failed with 0

Error: (05/13/2014 11:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dunknown0.0.0.000000000c0000005715590df128c01cf6f23e9365703C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeunknown278c7a64-db17-11e3-be80-78e3b5c72f04

Error: (05/13/2014 11:23:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dunknown0.0.0.000000000c00001a501224fa0128c01cf6f23e9365703C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeunknown27232fbd-db17-11e3-be80-78e3b5c72f04

Error: (05/13/2014 11:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dunknown0.0.0.000000000c0000005715590df127001cf6f23e6482d17C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeunknown24f3c4a3-db17-11e3-be80-78e3b5c72f04

Error: (05/13/2014 11:23:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dunknown0.0.0.000000000c00001a504384fa0127001cf6f23e6482d17C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeunknown242ffcab-db17-11e3-be80-78e3b5c72f04

Error: (05/13/2014 11:23:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dunknown0.0.0.000000000c0000005715590dfa2801cf6f23e4287994C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeunknown2332fb71-db17-11e3-be80-78e3b5c72f04


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 7365.48 MB
Available physical RAM: 5315.86 MB
Total Pagefile: 7765.48 MB
Available Pagefile: 5846.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1843.78 GB) (Free:1774.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.31 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 409AA098)

Partition: GPT Partition Type.

==================== End Of Log ============================



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:12 PM

Posted 20 May 2014 - 11:03 AM

Hi scags

There's nothing untoward showing in the reports.
Let's look with a different tool and see if that can find anything:

Download RogueKiller and save it to your desktop.
  • Close all running processes (security programs etc )
  • Double click RogueKiller icon to run the program
    Vista/Win7/Win8 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

Thanks

BBPP6nz.png


#9 scags

scags
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 20 May 2014 - 11:46 AM

Thanks again for your time. :tophat:


Edited by scags, 20 May 2014 - 11:50 AM.


#10 scags

scags
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 20 May 2014 - 11:47 AM

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : linux [Admin rights]
Mode : Scan -- Date : 05/20/2014 12:44:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] ce8a7d0834da1dc0b1fbb8e302f35440
[BSP] 435f4fe422e83082d3819b310c1494c3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05202014_124405.txt >>
 



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:12 PM

Posted 21 May 2014 - 10:47 AM

Hi scags

Those entries found by RK are nothing to worry about.
They are normal entries that appear in everyones report.

There is one thing i'd like to check:

For x64 bit systems download
ListParts64bit and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.
  • Press Scan button.
  • It will make a log (Result.txt) on your Desktop. Please copy and paste it to your reply.
Thanks

BBPP6nz.png


#12 scags

scags
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 21 May 2014 - 04:14 PM

ListParts by Farbar Version: 17-04-2014
Ran by linux (administrator) on 21-05-2014 at 17:09:43
WIN_81 (X64)
Running From: C:\Users\linux\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 7365.48 MB
Available physical RAM: 5544.44 MB
Total Pagefile: 7765.48 MB
Available Pagefile: 6126.19 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:1843.78 GB) (Free:1774.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Recovery Image) (Fixed) (Total:17.31 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]


  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online         1863 GB     8 MB        *

Partitions of Disk 0:
===============


Disk ID: {70E026E0-36AA-4FA6-B8B9-971CA7775788}

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1023 MB  1024 KB
  Partition 2    System (partition with boot components)             360 MB  1024 MB
  Partition 3    Reserved           128 MB  1384 MB
  Partition 4    Primary           1843 GB  1512 MB
  Partition 5    Recovery           450 MB  1845 GB
  Partition 6    Primary             17 GB  1845 GB

======================================================================================================

Disk: 0
Partition 1
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         Windows RE   NTFS   Partition   1023 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         SYSTEM       FAT32  Partition    360 MB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   Windows      NTFS   Partition   1843 GB  Healthy    Boot    

======================================================================================================

Disk: 0
Partition 5
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5                      NTFS   Partition    450 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 6
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: Yes
Attrib  : 0X0000000000000001

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 409AA098

Partition : GPT Partition Type

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {bafcf239-d32b-11e3-92ac-d487e1cdc7dd}
                        {bafcf23a-d32b-11e3-92ac-d487e1cdc7dd}
                        {bafcf23c-d32b-11e3-92ac-d487e1cdc7dd}
                        {bafcf23d-d32b-11e3-92ac-d487e1cdc7dd}
                        {bafcf23b-d32b-11e3-92ac-d487e1cdc7dd}
                        {bafcf23e-d32b-11e3-92ac-d487e1cdc7dd}
timeout                 2

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {bafcf245-d32b-11e3-92ac-d487e1cdc7dd}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {bafcf239-d32b-11e3-92ac-d487e1cdc7dd}
description             USB Floppy/CD

Firmware Application (101fffff)
-------------------------------
identifier              {bafcf23a-d32b-11e3-92ac-d487e1cdc7dd}
description             USB Hard Drive

Firmware Application (101fffff)
-------------------------------
identifier              {bafcf23b-d32b-11e3-92ac-d487e1cdc7dd}
description             USB Floppy/CD

Firmware Application (101fffff)
-------------------------------
identifier              {bafcf23c-d32b-11e3-92ac-d487e1cdc7dd}
description             UEFI: Ipv4 Network Card

Firmware Application (101fffff)
-------------------------------
identifier              {bafcf23d-d32b-11e3-92ac-d487e1cdc7dd}
description             UEFI: Ipv6 Network Card

Firmware Application (101fffff)
-------------------------------
identifier              {bafcf23e-d32b-11e3-92ac-d487e1cdc7dd}
description             Hard Drive

Windows Boot Loader
-------------------
identifier              {bafcf242-d32b-11e3-92ac-d487e1cdc7dd}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{bafcf243-d32b-11e3-92ac-d487e1cdc7dd}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{bafcf243-d32b-11e3-92ac-d487e1cdc7dd}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {bafcf247-d32b-11e3-92ac-d487e1cdc7dd}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {bafcf245-d32b-11e3-92ac-d487e1cdc7dd}
nx                      OptOut
bootmenupolicy          Standard
bootlog                 No

Windows Boot Loader
-------------------
identifier              {bafcf247-d32b-11e3-92ac-d487e1cdc7dd}
device                  ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{bafcf248-d32b-11e3-92ac-d487e1cdc7dd}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{bafcf248-d32b-11e3-92ac-d487e1cdc7dd}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {bafcf240-d32b-11e3-92ac-d487e1cdc7dd}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {bafcf242-d32b-11e3-92ac-d487e1cdc7dd}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {bafcf245-d32b-11e3-92ac-d487e1cdc7dd}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {bafcf247-d32b-11e3-92ac-d487e1cdc7dd}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {bafcf243-d32b-11e3-92ac-d487e1cdc7dd}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {bafcf244-d32b-11e3-92ac-d487e1cdc7dd}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {bafcf248-d32b-11e3-92ac-d487e1cdc7dd}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume5
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


****** End Of Log ******



#13 scags

scags
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 21 May 2014 - 04:18 PM

Is this normal? FAT32?

* Volume 4         SYSTEM       FAT32  Partition    360 MB  Healthy    System (partition with boot components) 



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:12 PM

Posted 21 May 2014 - 05:20 PM

Volume 4 SYSTEM FAT32 Partition 360 MB Healthy System (partition with boot components)

That's the EFI system partition.... Normal.

I can't seem to find anything wrong from the reports..... are you experiencing any problems with the system.

BBPP6nz.png


#15 scags

scags
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:12 AM

Posted 21 May 2014 - 05:45 PM

No virus like issues that i can tell. Possible false positive by MBAM.? One last question, before your help i ran sfc/scannow and came up with some corrupt files it could not fix.  Could this indicate a virus related issue?  Also, do you fix sf's by running Dism /Online /Cleanup-Image /RestoreHealth?  Again thank you for all your help!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users