Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG cannot remove "Trojan horse Inject2.AXKQ", svchost.exe n srvsvc.dll involved


  • This topic is locked This topic is locked
15 replies to this topic

#1 rp88

rp88

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 26 September 2014 - 08:54 AM

I scanned with avg today and found three threats two of them could not be removed. The threats were classified as "Trojan horse Inject2.AXKQ". Avg makes it deliberately difficult to copy the logs out of their program so i have had to type them here manually.
I don't know how i got this infection, i have hardly used the internet for the past few days, from memory i have only visited gmail, google,wikipedia, some google image pages, bleeping computer, blenderguru, bbc iplayer, yesterday on demand,demand5,and bbc news. I haven't downloaded any programs for months, i haven't had any spam emails with attachments.
As far as i can tell this threat could still be active on my system doing all kinds of disgusting things, i need urgent help with this. I have scanned with every scanner i have and their logs are below my copied out AVG log. The AVG log i have copied shows only two threats, the ones that were not "removed", the stupid program managed to lose the log showing all 3 when i tried to export that log "to an archive", if you know where the f**k that menas the log went it will post it for you also.

AVG "log", why couldn't they just f**king make it easy to copy out of the software!!

"Whole Computer Scan"
"High severity";"2";"0";"2"
"Notifications";"478";"0";"478"
"Scanned folders:";"Scan Whole Computer"
"Started:";"26/09/2014, 13:33:53"
"Finished:";"26/09/2014, 13:39:52"
"Scanned items:";"222993"
"Launched by:";"personal info removed"

"Name";"Description";"Status";"Status";"Priority"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Engine%4BackupLog.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Policy%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-ManagementAgent%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_unspecified_67f15aea8f3e87f539b5cea3c885c7e7872fda_216f90f7\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\Users\personal info removed\uni stuff\maths first semester\Vectors.pptm";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\restore\MachineGuid.txt";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Documents\My Pictures\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\IE\diagerr.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200_a04392e5306b2cc46dcc4943ad95c963fdb1d8_19c530b7\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\MFAData\progupd.cfg";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Network\Downloader\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppID%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WFP%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\$RECYCLE.BIN\S-1-5-21-3470675919-4289468765-2846079494-500\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\config\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\NTUSER.DAT";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04f0a146\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\swapfile.sys";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\$Recycle.Bin\S-1-5-18\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Recent\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\security\audit\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbServer%4Security.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\HomeGroup\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\System\System Performance.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TWinUI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Cookies\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_f023334ea62b5059984218e83d5db124d9b87bf2_11f0273b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\WinSAT";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Setup.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_0_0_cab_0480e415\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\OAlerts.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_138c4c82db5c1d5748fdf925cd64b3dd9b52e687_01c73ea8\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker%4BitLocker Management.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-IKE%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\ntuser.dat.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Panther\UnattendGC\setuperr.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_063d2d7f\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\inetsrv\config\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\C599AFA5A6F053BAD70179501868318E.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\Tasks\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\inetpub\temp\appPools\APCA661.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_49b8fe33bbe6f88b655c33097539f98953be8e_201812ef\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_c0ed3293f91aa6867bf773127e84e9dc6d81cee_453044af\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\User Account Pictures\IIS APPPOOL+.NET v4.5.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Internet Explorer.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\WitnessClientAdmin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NdisImPlatform%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\Analysis\PROCDB.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-SPP-UX-Notifications%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\LocationProvider\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200_6f44456347da5c5ae9624e48c021a032b9ccb98_cab_040a823b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Resources\Themes\aero\VSCache\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CertificateServicesClient-Lifecycle-System%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_c0ed3293f91aa6867bf773127e84e9dc6d81cee_04e9c861\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\Rules\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-Driver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\WS\License Validation";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\spool\PRINTERS\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapHost%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Installer\$PatchCache$\Managed\00004109610090400100000000F01FEC\14.0.4763\FUNCRES.XLAM_1033";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\15CB6E2BC4C7288B6A26F06F2EA3EBAA.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\WMI\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\Analysis\ATPVBAEN.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200.16683_c9fcd5d0341d912e52a173a4c2c94ded1b91631_cab_04058a81\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-International-RegionalOptionsControlPanel%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NTLM%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Anytime-Upgrade-Events%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\Users\personal info removed\uni stuff\maths first semester\Vector Algebra.pptm";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\ModemLogs\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\Com\dmp\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_45aa569b491b5259c5bcb92a41f91cac082f27e_47903159\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmartCard-TPM-VCard-Module%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\setuperr.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_5bfdd5c19f30313629ef5a2bcf5299a027b58bc_2ebe3d67\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBClient%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3470675919-4289468765-2846079494-500";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\sru\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\WindowsApps\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Regsvr32%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_06c9a7c9\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\SystemRestore\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\DF66BF7FE8B151CD01B5A759CD88E60A.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\WebCache\V01.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\RecoveryDisc\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\inetpub\temp\appPools\APC8685.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1587f23cf06ea59041f8671669a8df3a_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\E6B4BE61393D55691F733CCCDBAD5EF7.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-MTPEnum%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files (x86)\Google\CrashReports\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TCPIP%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wdi\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c140a13ca7ad0ae32a4c6f353368df7e_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\System\System Diagnostics.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\Users\personal info removed\uni stuff\maths first semester\Further differentiation.pptm";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\IE\diagwrn.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\spool\SERVERS\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\diagwrn.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\config\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\MsDtc\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\Templates\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec38c03e61b3aff7d3608ee651050120_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c878643facf037edf287141dabdf6a2_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-WS-Licensing%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Mprddm%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\MFAData\aviupd.cfg";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoostDriver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\SMSApi.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\log.txt";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\79A1347BEE2DDBA266DAC7663C7EC688.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DataIntegrityScan%4CrashRecovery.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.8.9200.16925_23373bb16e6ab150b6e9f2e0494bf34fad3f8e7_cab_03651b61\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8720041d60ce67898df0e4d3b76672d3_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\diagerr.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\catroot2\edb.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\networklist\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6d986f09a1ee04e24c949879fdb506c_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\WindowsBackup\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-HidBthLE%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NcdAutoSetup%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\LiveKernelReports\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_46eabf8740f2bfcadfe5a5e438296f0af030b2_15558463\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200_a04392e5306b2cc46dcc4943ad95c963fdb1d8_1df13105\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\security\cap\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\AppRepository\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-PnPConfig%4Configuration.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\ElevatedDiagnostics\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\AppCompat\Programs\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{c62ccdcd-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000002.regtrans-ms";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_13f2ea8e4dd5944a5230581476d381b8369b69_2ebe3837\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\Keys\11e9bff8c13b048383a2c020ca5d82a4_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\CBS\CBS.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\517b696993c8b98bcd9ff19659786bf4_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\inetpub\temp\appPools\APC6F7E.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WWAN-SVC-Events%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_101_e1ca80ae65674f4ca821977132896bd3d07a2d58_cab_1450480b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-CompositeClassDriver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\HTTPERR\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-VHDMP%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04f0a3e6\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Documents\My Music\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Search\Data\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\MOF\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04dcce80\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.8.9200.16925_23373bb16e6ab150b6e9f2e0494bf34fad3f8e7_cab_1fa11b61\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\SOLVER\SOLVER.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_2579a725d770b17d701f2fabd5409218a3807489_295b9cf0\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\System Volume Information\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_unspecified_70dc4e6fe46c9f3b92656f21cb013b728dce27e_cab_042504d6\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_4029aca1e1c181beb196c49a919f8e727cb158_47902c48\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\SystemData\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6de9cb26d2b98c01ec4e9e8b34824aa2_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CertificateServicesClient-Lifecycle-User%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_2ebe3384\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-IdCtrls%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\PrintHood\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\718b9a6753d02ea0be204ba9999f6912_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Templates\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_3ddc0fec\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Listener Service%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\687fdce59587eeda9e5be9359de548a9_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.2.9200_e6d23d3f77401da83b7332e9721ada8cea2bc3fb_cab_162abf91\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\DPX\setupact.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\ias\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Public\Documents\My Videos\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_2ebe2e44\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbServer%4Connectivity.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_5bfdd5c19f30313629ef5a2bcf5299a027b58bc_4530422e\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Core%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\srvsvc.dll";"Trojan horse Inject2.AXKQ";"Infected";"Infected";"High"
"C:\Users\Default\NetHood\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_26c00fec\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\Firewall\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_unspecified_2f53ad484b67c653e9ee468a55b9503f80bbe1a6_216f8b69\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Steps-Recorder.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Authentication User Interface%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\ntuser.dat.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Folder Redirection%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04dcd17e\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\MFAData\msistorg.dat.bkp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\srvsvc.dll";"Trojan horse Inject2.AXKQ";"Infected";"Infected";"High"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-All-User-Install-Agent%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\Fax\Incoming\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DhcpNap%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveId%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_SATELLITE PRO L8_b542ecf9e46349dd14564e877c0ec6329ae1c6_056029cf\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f43fd3e6dd14005e817c96d3194aa24e_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\ServiceProfiles\NetworkService\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PackageStateRoaming%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\3DBE55C53EC25A6A2C96523D5C1F43F2.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapMethods-Sim%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-ConnectedAccountState%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\IE\setuperr.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft_166d2c2e7c6f60edbf543fd43cf38da4cc4223f_cab_058af4d6\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_a8bc545b61f8474a2ce816f584c7bf3f47ffc89_295ba05b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4PlaybackManager.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_fc5cbaf14f4bbc31559d4074b84488e5591a24da_04e9bc6b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{d7a39924-16dc-11e3-be71-7054d28de8f3}.TMContainer00000000000000000002.regtrans-ms";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200_a04392e5306b2cc46dcc4943ad95c963fdb1d8_1af51957\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\inetpub\temp\appPools\APCAC7C.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapMethods-Ttls%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_06c9b045\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{c62ccdcd-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000001.regtrans-ms";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Public\Documents\My Pictures\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\MsDtc\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\7073EBB8E2F3C70E0FA1F650B7DEA970.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\hiberfil.sys";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_683becb6ea65b34e83bf2e47f17ec82e626cd1fd_04e9b70c\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\ServiceProfiles\LocalService\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_a41cff4b4b6b917b7242a9881db4eccb298ecb_1d8a8a1b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_063d2aa0\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_6a3aaa5637e944cc0fcd9c688b324f6ceb3fdd0_47903f72\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Public\Documents\My Music\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04f09e97\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Config.Msi\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\DefaultAppPool\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Security.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Desktop\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\Reports\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\setupact.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\PerfLogs\System\Diagnostics\ROBERTPECK_20140614-000001\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Netlogon%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbServer%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_101_7e37abdba5a96e32212a404bc0be17225ac17d55_cab_15350dc3\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSync%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Installer\$PatchCache$\Managed\00004109610090400100000000F01FEC\14.0.4763\PROCDB.XLAM_1033";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\System.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{d7a39924-16dc-11e3-be71-7054d28de8f3}.TM.blf";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Mobile-Broadband-Experience-SmsRouter%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-VDRVROOT%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\Analysis\FUNCRES.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-FMS%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Doctor Web.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Superfetch%4AgmcOperation.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e69a26f7e30d68f2aa6f871eba2e0163_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\networklist\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Documents and Settings\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_06c9ad86\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DataIntegrityScan%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft_166d2c2e7c6f60edbf543fd43cf38da4cc4223f_05a33384\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows Defender\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5bb09ac44fae706dbb22a671808e3907_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Panther\UnattendGC\diagerr.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\HardwareEvents.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-EventCollector%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmartCard-Audit%4Authentication.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Panther\UnattendGC\diagwrn.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Documents\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppHost%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wfp\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\WinSxS\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.2.9200.16384_none_b49cdddad4a4ca96\traceanonconfig.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{c62ccdcd-d701-11e1-9f13-782bcb37b9d5}.TM.blf";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Control Panel%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Key Management Service.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_unspecified_ee899b9f34371b411971adf2def5c4d75ab4e_cab_04250498\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\msmq\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Tasks\AVG_SYS_TASK_0814av.job";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Prefetch\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\AppData\Local\Temporary Internet Files\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_101_d5471a64a27d5880d59d83b06967c7b36171cac_cab_11bb92a0\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\pagefile.sys";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\AUInstallAgent\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\WinSxS\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.2.9200.16384_none_29f83810bfc3ed4a\dnary.xsd";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\EUROTOOL.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Com\dmp\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Ras\MobilityManager";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\DPX\setuperr.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\User Account Pictures\IIS APPPOOL+.NET v4.5 Classic.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\System Volume Information\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_06c9aa98\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\IE\setupact.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_49b8fe33bbe6f88b655c33097539f98953be8e_47903ade\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\swapfile.sys";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{d7a39924-16dc-11e3-be71-7054d28de8f3}.TMContainer00000000000000000001.regtrans-ms";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\inetsrv\Config\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\14C5A2A3C41254184B007011E5565E5B.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Application.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\Fax\Outgoing\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Installer\259f43.msp";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows NT\MSFax\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Documents\My Videos\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\1033\EXPTOOWS.XLA";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\Panther\UnattendGC\setupact.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\iis.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-KdsSvc%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-BthLEEnum%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Templates\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\Sqm\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\PerfLogs\System\Diagnostics\ROBERTPECK_20140901-000002\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_47904406\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\CBS\CbsPersist_20140926004603.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Iphlpsvc%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\AppData\Local\History\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\security\database\secedit.sdb";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\$Recycle.Bin\S-1-5-21-3470675919-4289468765-2846079494-500\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\User Account Pictures\IIS APPPOOL+DefaultAppPool.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04f09bc8\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProvisioning%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\parent.lock";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\UsrClass.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\MFAData\msistorg.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\Users\personal info removed\uni stuff\maths first semester\Further Integration.pptm";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmartCard-TPM-VCard-Module%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-GenericRoaming%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"


Also further details of what AVG said on it's finished screen.

2292993 items scanned
found 2 high severity threats, not removed two high severity threats

Threat1
Trojan horse Inject2.AXKQ
High severity, infected C:\Windows\System32\srvsvc.dll ,Cannot be removed, the file cannot be removed as it is critical for the operating system.
Extended element information:
Trojan horse Inject2.AXKQ C:\windows\system32\srvsvc.dll Infected Type:file or directory

Trojan horse Inject2.AXKQ C:\windows\system32\svchost.exe [1396] Object was blocked Type:process

Threat2
Trojan horse Inject2.AXKQ
High severity, infected C:\windows\system32\srvsvc.dll ,Cannot be removed, the fie cannot be removed as it is critical for the operating system.
Extended element information:
Trojan horse Inject2.AXKQ C;\windows\system32\srvsvc.dll Infected Type:file or directory

As i sais the first scan found a third instance of this trojan ticked in a folder with a very long name
C:\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.2.9200.17060_none_51d0129374933876\srvsvc.dll
but "archive report" seems to f**king delete reports not put them in a text file somehwere easy to get at.

I hava also scanned with Rkill

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/26/2014 01:59:55 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/26/2014 02:00:09 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

It gave that but it was an old(ish) version of rkill

I have scanned with FSS and got this

Farbar Service Scanner Version: 21-07-2014
Ran by personal info removed (administrator) on 26-09-2014 at 14:00:58
Running from "D:\Users\personal info removed\Downloads"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


I have scanned with Minitoolbox, I was offline during the scan

MiniToolBox by Farbar Version: 23-01-2014
Ran by personal info removed (administrator) on 26-09-2014 at 14:02:09
Running from "D:\Users\personal info removed\Downloads\scanners"
Microsoft Windows 8 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Qualcomm Atheros AR946x Wireless Network Adapter = WiFi 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : RobertPeck
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 12-D9-62-1D-2F-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Qualcomm Atheros AR946x Wireless Network Adapter #2
Physical Address. . . . . . . . . : C0-D9-62-1D-2F-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : customer.(can't give you this, it's my home address).lan
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 70-54-D2-8D-E8-F3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...12 d9 62 1d 2f c0 ......Microsoft Wi-Fi Direct Virtual Adapter #2
20...c0 d9 62 1d 2f c0 ......Qualcomm Atheros AR946x Wireless Network Adapter #2
12...70 54 d2 8d e8 f3 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/26/2014 01:59:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/26/2014 11:59:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/26/2014 11:58:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/26/2014 11:29:41 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (09/25/2014 06:05:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/25/2014 06:05:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/25/2014 01:39:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/24/2014 05:23:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/24/2014 05:14:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "SRH,type="win32",version="1.0.0.0"1".
Dependent Assembly SRH,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/24/2014 05:09:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (09/23/2014 04:22:01 PM) (Source: Microsoft-Windows-FilterManager) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume35'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/23/2014 01:42:16 PM) (Source: Microsoft-Windows-FilterManager) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume31'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/23/2014 05:15:15 AM) (Source: Microsoft-Windows-FilterManager) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume24'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/23/2014 02:42:16 AM) (Source: Microsoft-Windows-FilterManager) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume20'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/20/2014 03:06:19 AM) (Source: VDS Basic Provider) (User: )
Description: Cannot zero sectors on disk \\?\PhysicalDrive1. Error code: \\?\PhysicalDrive1


Microsoft Office Sessions:
=========================
Error: (09/26/2014 01:59:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/26/2014 11:59:08 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\Nuance\naturallyspeaking12\Program\dragon_support_packager.exe

Error: (09/26/2014 11:58:42 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/26/2014 11:29:41 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (09/25/2014 06:05:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/25/2014 06:05:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/25/2014 01:39:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/24/2014 05:23:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/24/2014 05:14:24 PM) (Source: SideBySide)(User: )
Description: SRH,type="win32",version="1.0.0.0"C:\Windows\WinSxS\wow64_microsoft-windows-narrator_31bf3856ad364e35_6.2.9200.16384_none_213c2aa761ddf02b\Narrator.exe

Error: (09/24/2014 05:09:58 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe


=========================== Installed Programs ============================

7-Zip 9.20
Atheros Bluetooth Filter Driver Package (Version: 2.0.0.3)
Atheros Driver Installation Program (Version: 10.0)
AVG 2014 (Version: 14.0.4025)
AVG 2014 (Version: 14.0.4765)
AVG 2014 (Version: 2014.0.4765)
Blender (Version: 2.65a-release)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.12(T))
Canon IJ Scan Utility
Canon MG5400 series MP Drivers (Version: 1.00)
Canon MG5400 series On-screen Manual (Version: 7.5.0)
Canon MG5400 series User Registration
Canon My Image Garden (Version: 1.0.0)
Canon My Image Garden Design Files (Version: 1.0.0)
Canon My Printer (Version: 3.0.0)
Canon Quick Menu (Version: 2.0.0)
CCleaner (Version: 4.13)
Claro ScreenMarker (Version: 1.1.0)
ClaroCapture (Version: 3.0.19)
ClaroIdeas (Version: 2.1.0)
ClaroRead Plus (Version: 6.2.7)
ClaroView (Version: 1.0.12)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dragon NaturallySpeaking 12 (Version: 12.50.000)
eLearning Module Content version 2.0 (Version: 2.0)
eLearning version 2.0 (Version: 2.0)
ESET Online Scanner v3
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 37.0.2062.124)
Google SketchUp 8 (Version: 3.0.11752)
Google Update Helper (Version: 1.3.24.15)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.3040)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
KAZ (Keyboard A-Z) Version 20.5
Malwarebytes Anti-Malware version 2.0.2.1012 (Version: 2.0.2.1012)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.30514.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Broadband HL Service (Version: 22.001.14.01.105)
Mozilla Firefox 32.0.3 (x86 en-US) (Version: 32.0.3)
Mozilla Maintenance Service (Version: 29.0.1)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Olympus Sonority (Version: 1.4.3)
Realtek High Definition Audio Driver (Version: 6.0.1.6794)
Realtek USB 2.0 Card Reader (Version: 6.1.8400.30136)
ScreenRuler (Version: 3.0.5)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Speccy (Version: 1.26)
Synaptics Pointing Device Driver (Version: 17.0.8.21)
TOSHIBA Function Key (Version: 1.00.6626.6410)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player (Version: 2.1.5)
Vocalizer Daniel from Claro Software (Version: 1.2.1.0)
Vocalizer Fiona from Claro Software (Version: 1.2.1.0)
Vocalizer Karen from Claro Software (Version: 1.2.1.0)
Vocalizer Lee from Claro Software (Version: 1.2.1.0)
Vocalizer Moira from Claro Software (Version: 1.2.1.0)
Vocalizer Sangeeta from Claro Software (Version: 1.2.1.0)
Vocalizer Serena from Claro Software (Version: 1.2.1.0)
Vocalizer Tom from Claro Software (Version: 1.2.1.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 3979.3 MB
Available physical RAM: 2217.98 MB
Total Pagefile: 4683.3 MB
Available Pagefile: 3318.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:197.9 GB) (Free:143.33 GB) NTFS
2 Drive d: () (Fixed) (Total:218.69 GB) (Free:159.23 GB) NTFS

========================= Users: ========================================

User accounts for \\personal info removed

Administrator Guest personal info removed

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

02-09-2014 19:14:27 Installed AVG 2014
10-09-2014 21:57:01 Windows Update
20-09-2014 14:25:54 Scheduled Checkpoint
23-09-2014 01:40:33 Windows Backup
23-09-2014 12:40:35 Windows Backup

**** End of log ****

I have scanned with security check

Results of screen317's Security Check version 0.99.86
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````



I have scanned with malwarebytes antimalware free but AVG pops up part way through an MBAM scan, saying it has detected Trojan horse Inject2.AXKQ from C:\Windows\System32\srvsvc.dll again.
So i would assume mbam has been compromised by the virus. It's log is posted below but i don't think it can be trusted in these circumstances.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26/09/2014
Scan Time: 14:06:52
Logfile: mbam26092014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.26.04
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: personal info removed

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423883
Time Elapsed: 10 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)





I am forced to double post as this is too long for one post apparently
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 26 September 2014 - 09:05 AM

I also scanned with MBAR (malwarebytes antirootkit), it too lead to an AVG prompt about srvsvc.dll which once again, when i tried "remove selected threats" gave a "access denied, this threat cannot be removed" result.
This means MBAR is quite possible also compromised and not trustable in this circumstances
It reported "clean" it doesn't produce logs.



I also have a DDS log here

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by personal info removed at 14:40:29 on 2014-09-26
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3979.2328 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [AVG-Secure-Search-Update_0814av] C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=665594040dc747d39dcba11d94690100-bdb527e1ce41070524c77cdce9e4a40f26d7971f /CMPID=0814av
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\ROBERT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\personal info removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.db
StartupFolder: C:\Users\personal info removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup notes\Thumbs.db
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.235.192.1
TCP: Interfaces\{0A58E177-44F0-462A-B0D5-02F8D96B8949} : DHCPNameServer = 10.235.192.1
TCP: Interfaces\{1423E7E4-013E-4041-9151-F2E142041865} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{2DEA570A-F43C-4EFD-857B-766FC08F9CDB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5F3EEAC4-0743-4D45-BE4A-CC1031FC7BFF} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{69170C52-A926-4986-B0A9-611C89B102C7} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A4FFB84C-6C80-4594-8C1F-98A29B59D107} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C67238EB-F208-49BC-B06A-5872169B00AC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D2FBCD64-017D-4781-BA1C-379477A32F43} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck -
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-mPolicies-System: EnableSecureUIAPath = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2014-6-30 270104]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-8-22 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-22 166720]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2013-9-12 232288]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-8-28 201872]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-22 365376]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-8-22 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\Drivers\btfilter.sys [2012-7-11 43944]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2012-11-8 174592]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-3-8 311184]
.
=============== Created Last 30 ================
.
2014-09-16 21:17:23 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 16:49:52 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-14 16:49:37 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-14 16:49:37 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-14 16:49:37 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-14 16:49:37 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-14 16:49:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 14:18:47 -------- d-----w- C:\FRST
2014-09-13 13:37:04 305832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-10 21:55:23 536776 ----a-w- C:\Windows\SysWow64\msvcp120_clr0400.dll
2014-09-10 21:55:22 678600 ----a-w- C:\Windows\System32\msvcp120_clr0400.dll
2014-09-10 21:53:51 556544 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-10 21:53:50 755712 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 21:53:39 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-09-10 21:53:39 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-09-10 21:53:22 26218496 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 21:53:20 25479168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 21:49:54 148480 ----a-w- C:\Windows\System32\poqexec.exe
2014-09-10 21:49:54 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2014-09-03 21:27:58 -------- d-----w- C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av
2014-09-03 21:27:37 -------- d-----w- C:\ProgramData\Avg_Update_0814av
2014-09-02 19:15:38 -------- d-----w- C:\Users\personal info removed\AppData\Roaming\AVG2014
2014-09-02 19:14:53 -------- d--h--w- C:\$AVG
2014-09-02 19:14:53 -------- d-----w- C:\ProgramData\AVG2014
2014-09-02 19:14:22 -------- d-----w- C:\Program Files (x86)\AVG
2014-09-02 19:03:45 -------- d-----w- C:\Users\personal info removed\AppData\Local\MFAData
2014-09-02 19:03:45 -------- d-----w- C:\Users\personal info removed\AppData\Local\Avg2014
2014-09-02 19:03:45 -------- d-----w- C:\ProgramData\MFAData
2014-09-01 17:34:15 -------- d-----w- C:\Users\personal info removed\AppData\Local\Apps
2014-08-28 17:34:42 -------- d-----w- C:\Program Files\Speccy
2014-08-27 22:17:55 4036096 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-30 05:48:18 10115072 ----a-w- C:\Windows\System32\twinui.dll
2014-08-30 05:47:29 2885632 ----a-w- C:\Windows\System32\msi.dll
2014-08-30 05:46:33 2306560 ----a-w- C:\Windows\System32\authui.dll
2014-08-30 04:05:16 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll
2014-08-30 04:04:35 2416128 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-30 04:03:50 2037760 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-16 09:34:19 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-08-16 09:34:10 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-06 09:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-31 23:40:32 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-07-24 13:50:54 447296 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2014-07-21 20:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-16 23:28:11 27648 ----a-w- C:\Windows\SysWow64\sscore.dll
2014-07-16 22:59:01 35840 ----a-w- C:\Windows\System32\sscore.dll
2014-07-16 22:59:01 305664 ----a-w- C:\Windows\System32\srvsvc.dll
2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2014-07-12 06:45:14 1549824 ----a-w- C:\Windows\System32\msdtctm.dll
2014-07-12 04:41:28 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-12 04:41:26 8704 ----a-w- C:\Windows\System32\KBDRUM.DLL
2014-07-12 04:41:18 6656 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-12 04:36:25 211456 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-07-12 04:36:01 674304 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-07-12 04:34:34 404480 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-07-12 04:34:22 250368 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-07-12 04:16:30 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-12 04:16:23 8192 ----a-w- C:\Windows\SysWow64\KBDRUM.DLL
2014-07-12 04:15:54 6144 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-12 02:36:04 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-08 22:33:04 181248 ----a-w- C:\Windows\System32\Defrag.exe
2014-07-08 22:32:55 1539584 ----a-w- C:\Windows\System32\storagewmi.dll
2014-07-08 22:32:25 340480 ----a-w- C:\Windows\System32\defragsvc.dll
2014-07-08 22:30:54 1220608 ----a-w- C:\Windows\SysWow64\storagewmi.dll
2014-07-07 05:52:33 74752 ----a-w- C:\Windows\System32\wcmcsp.dll
2014-07-07 05:52:33 263680 ----a-w- C:\Windows\System32\wcmsvc.dll
2014-07-04 10:52:10 328000 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2014-07-03 01:59:28 1824784 ----a-w- C:\Windows\System32\ntdll.dll
2014-07-03 00:30:17 1408952 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-06-30 22:42:56 394240 ----a-w- C:\Windows\System32\devinv.dll
2014-06-30 22:42:48 87552 ----a-w- C:\Windows\System32\aepic.dll
2014-06-30 11:43:18 270104 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys
2014-06-30 11:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
.
============= FINISH: 14:41:10.62 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 06/09/2013 08:38:47
System Uptime: 26/09/2014 12:37:27 (2 hours ago)
.
Motherboard: Intel | | PLCSF8
Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz | U3E1 | 1200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 198 GiB total, 143.324 GiB free.
D: is FIXED (NTFS) - 219 GiB total, 159.228 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 02/09/2014 20:14:27 - Installed AVG 2014
RP66: 10/09/2014 22:57:01 - Windows Update
RP67: 20/09/2014 15:25:54 - Scheduled Checkpoint
RP68: 23/09/2014 02:40:33 - Windows Backup
RP69: 23/09/2014 13:40:35 - Windows Backup
.
==== Installed Programs ======================
.
7-Zip 9.20
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
AVG 2014
Blender
Bluetooth Stack for Windows by Toshiba
Canon IJ Scan Utility
Canon MG5400 series MP Drivers
Canon MG5400 series On-screen Manual
Canon MG5400 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
CCleaner
Claro ScreenMarker
ClaroCapture
ClaroIdeas
ClaroRead Plus
ClaroView
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dragon NaturallySpeaking 12
eLearning Module Content version 2.0
eLearning version 2.0
ESET Online Scanner v3
GIMP 2.8.6
Google Chrome
Google SketchUp 8
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Trusted Connect Service Client
KAZ (Keyboard A-Z) Version 20.5
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Broadband HL Service
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 Parser and SDK
Olympus Sonority
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ScreenRuler
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Speccy
Synaptics Pointing Device Driver
TOSHIBA Function Key
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
Vocalizer Daniel from Claro Software
Vocalizer Fiona from Claro Software
Vocalizer Karen from Claro Software
Vocalizer Lee from Claro Software
Vocalizer Moira from Claro Software
Vocalizer Sangeeta from Claro Software
Vocalizer Serena from Claro Software
Vocalizer Tom from Claro Software
.
==== Event Viewer Messages From Past Week ========
.
23/09/2014 16:22:01, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolume35'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.
23/09/2014 13:42:16, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolume31'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.
23/09/2014 05:15:15, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolume24'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.
23/09/2014 02:42:16, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolume20'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.
20/09/2014 03:06:19, Error: VDS Basic Provider [5] - Cannot zero sectors on disk \\?\PhysicalDrive1. Error code: \\?\PhysicalDrive1
.
==== End Of File ===========================


And a FRST log here, AVG once again flashed up a detection when this was run so i think it is also not trustworthy and has somehow been compromised.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 (ATTENTION: ====> FRST version is 14 days old and could be outdated)
Ran by personal info removed (administrator) on ROBERTPECK on 26-09-2014 14:43:22
Running from D:\Users\personal info removed\Downloads
Platform: Windows 8 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3470675919-4289468765-2846079494-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-3470675919-4289468765-2846079494-1001\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe [2775576 2014-08-12] ()
HKU\S-1-5-21-3470675919-4289468765-2846079494-1001\...\MountPoints2: {d7a39846-16dc-11e3-be71-7054d28de8f3} - "G:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\personal info removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\personal info removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup notes ()
Startup: C:\Users\personal info removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.db ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 10.235.192.1

FireFox:
========
FF ProfilePath: C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Extension: NoScript - C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-19]
FF Extension: Adblock Plus - C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-03-08]

Chrome:
=======
CHR Profile: C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Google Search) - C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-03-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-11-08] (OLYMPUS IMAGING CORP.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-02] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 11:02 - 2014-09-25 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 22:17 - 2014-09-26 14:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 17:49 - 2014-09-26 14:21 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 17:49 - 2014-09-26 14:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 17:49 - 2014-09-14 17:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 17:49 - 2014-09-14 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 17:49 - 2014-09-14 17:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 17:49 - 2014-09-14 17:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 17:49 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-14 17:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-13 15:18 - 2014-09-26 14:43 - 00000000 ____D () C:\FRST
2014-09-10 23:07 - 2014-08-16 10:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:07 - 2014-08-16 10:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:07 - 2014-08-16 10:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-10 23:07 - 2014-08-16 10:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:07 - 2014-08-16 10:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:07 - 2014-08-16 10:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:07 - 2014-08-16 10:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:07 - 2014-08-16 10:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:07 - 2014-08-16 10:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:07 - 2014-08-16 10:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:07 - 2014-08-16 10:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 23:07 - 2014-08-16 10:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:07 - 2014-08-16 10:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:07 - 2014-08-16 10:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:07 - 2014-08-16 08:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:07 - 2014-08-16 08:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:07 - 2014-08-16 08:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:07 - 2014-08-16 08:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:07 - 2014-03-07 01:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:07 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-10 23:07 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-10 23:07 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:07 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:07 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 23:07 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:07 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:07 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:07 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 23:07 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:07 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-10 23:07 - 2012-11-08 05:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:07 - 2012-11-08 05:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:07 - 2012-07-26 04:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:06 - 2014-08-16 10:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:06 - 2014-08-16 08:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 22:56 - 2014-08-28 12:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-10 22:56 - 2014-08-28 07:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-10 22:56 - 2014-08-28 07:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-10 22:56 - 2014-08-28 07:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-10 22:56 - 2014-08-28 07:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-10 22:56 - 2014-08-28 07:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-10 22:56 - 2014-08-28 07:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-10 22:56 - 2014-08-28 07:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-10 22:56 - 2014-08-28 07:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-10 22:56 - 2014-08-28 07:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-10 22:56 - 2014-08-28 07:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-10 22:56 - 2014-08-28 07:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-10 22:56 - 2014-08-28 07:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-10 22:56 - 2014-08-28 07:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-10 22:56 - 2014-08-01 00:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-10 22:55 - 2014-06-05 02:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-10 22:55 - 2014-06-04 00:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-10 22:53 - 2014-09-04 23:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 22:53 - 2014-09-03 02:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 22:53 - 2014-07-24 04:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 22:53 - 2014-07-24 04:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-10 22:51 - 2014-08-30 06:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-10 22:51 - 2014-08-30 06:47 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-10 22:51 - 2014-08-30 06:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-10 22:51 - 2014-08-30 05:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-10 22:51 - 2014-08-30 05:04 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-10 22:51 - 2014-08-30 05:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-10 22:51 - 2014-08-01 23:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-10 22:51 - 2014-07-24 14:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-10 22:51 - 2014-07-17 00:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-09-10 22:51 - 2014-07-16 23:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-09-10 22:51 - 2014-07-16 23:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-09-10 22:51 - 2014-07-12 07:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-09-10 22:51 - 2014-07-12 05:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-10 22:51 - 2014-07-12 05:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-10 22:51 - 2014-07-12 05:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-09-10 22:51 - 2014-07-12 05:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-10 22:51 - 2014-06-28 07:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-09-10 22:51 - 2014-06-28 03:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-09-10 22:49 - 2014-08-09 09:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-10 22:49 - 2014-08-09 09:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-03 22:27 - 2014-09-26 12:38 - 00000550 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av.job
2014-09-03 22:27 - 2014-09-26 12:38 - 00000418 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job
2014-09-03 22:27 - 2014-09-03 22:27 - 00002900 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av_DELETE
2014-09-03 22:27 - 2014-09-03 22:27 - 00002824 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av
2014-09-03 22:27 - 2014-09-03 22:27 - 00000000 ____D () C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av
2014-09-03 22:27 - 2014-09-03 22:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-02 20:15 - 2014-09-02 20:15 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-02 20:15 - 2014-09-02 20:15 - 00000000 ____D () C:\Users\personal info removed\AppData\Roaming\AVG2014
2014-09-02 20:15 - 2014-09-02 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 20:14 - 2014-09-02 20:15 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-02 20:14 - 2014-09-02 20:14 - 00000000 ___HD () C:\$AVG
2014-09-02 20:14 - 2014-09-02 20:14 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-02 20:03 - 2014-09-26 10:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-02 20:03 - 2014-09-02 20:36 - 00000000 ____D () C:\Users\personal info removed\AppData\Local\Avg2014
2014-09-02 20:03 - 2014-09-02 20:03 - 00000000 ____D () C:\Users\personal info removed\AppData\Local\MFAData
2014-09-01 18:34 - 2014-09-01 18:34 - 00000000 ____D () C:\Users\personal info removed\AppData\Local\Apps\2.0
2014-08-31 04:24 - 2014-08-31 04:24 - 00000618 _____ () C:\Users\personal info removed\Desktop\JRT.txt
2014-08-30 19:04 - 2014-08-30 19:04 - 00053936 _____ () C:\Users\personal info removed\Desktop\sfcdetails.txt
2014-08-28 20:29 - 2014-08-28 20:29 - 00007600 _____ () C:\Users\personal info removed\AppData\Local\Resmon.ResmonCfg
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Program Files\Speccy
2014-08-27 23:17 - 2014-08-23 07:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 14:43 - 2014-09-13 15:18 - 00000000 ____D () C:\FRST
2014-09-26 14:39 - 2014-09-16 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-26 14:21 - 2014-09-14 17:49 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 14:21 - 2014-09-14 17:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-26 14:00 - 2013-08-22 17:21 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-26 12:38 - 2014-09-03 22:27 - 00000550 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av.job
2014-09-26 12:38 - 2014-09-03 22:27 - 00000418 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job
2014-09-26 12:38 - 2013-08-22 17:21 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 12:37 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 12:07 - 2013-09-12 14:28 - 00000000 ____D () C:\Users\personal info removed\AppData\Roaming\vlc
2014-09-26 11:14 - 2013-08-22 15:50 - 01417982 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 10:59 - 2014-09-02 20:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-26 02:03 - 2014-05-28 18:52 - 00000000 ____D () C:\AdwCleaner
2014-09-25 18:00 - 2013-12-27 00:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 11:02 - 2014-09-25 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 00:20 - 2012-07-26 08:28 - 00977226 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 17:20 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-20 02:31 - 2012-07-26 08:21 - 00025851 _____ () C:\Windows\setupact.log
2014-09-19 18:53 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-19 16:33 - 2013-08-22 09:54 - 00208150 _____ () C:\Windows\PFRO.log
2014-09-15 10:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-09-14 17:49 - 2014-09-14 17:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 17:49 - 2014-09-14 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 17:49 - 2014-09-14 17:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 17:49 - 2014-09-14 17:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 23:32 - 2014-07-11 16:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 23:32 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-10 23:14 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-10 23:12 - 2013-09-06 09:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 23:05 - 2013-08-22 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:57 - 2013-08-22 16:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-04 23:36 - 2014-09-10 22:53 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-03 22:27 - 2014-09-03 22:27 - 00002900 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av_DELETE
2014-09-03 22:27 - 2014-09-03 22:27 - 00002824 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av
2014-09-03 22:27 - 2014-09-03 22:27 - 00000000 ____D () C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av
2014-09-03 22:27 - 2014-09-03 22:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-03 16:21 - 2013-09-06 08:45 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3470675919-4289468765-2846079494-1001
2014-09-03 02:49 - 2014-09-10 22:53 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 20:36 - 2014-09-02 20:03 - 00000000 ____D () C:\Users\personal info removed\AppData\Local\Avg2014
2014-09-02 20:32 - 2014-07-11 16:18 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 20:32 - 2014-07-11 16:18 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-02 20:15 - 2014-09-02 20:15 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-02 20:15 - 2014-09-02 20:15 - 00000000 ____D () C:\Users\personal info removed\AppData\Roaming\AVG2014
2014-09-02 20:15 - 2014-09-02 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 20:15 - 2014-09-02 20:14 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-02 20:15 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-02 20:14 - 2014-09-02 20:14 - 00000000 ___HD () C:\$AVG
2014-09-02 20:14 - 2014-09-02 20:14 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-02 20:03 - 2014-09-02 20:03 - 00000000 ____D () C:\Users\personal info removed\AppData\Local\MFAData
2014-09-01 23:10 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-01 18:34 - 2014-09-01 18:34 - 00000000 ____D () C:\Users\personal info removed\AppData\Local\Apps\2.0
2014-08-31 04:24 - 2014-08-31 04:24 - 00000618 _____ () C:\Users\personal info removed\Desktop\JRT.txt
2014-08-30 19:08 - 2013-09-12 20:10 - 00000000 ____D () C:\tmp
2014-08-30 19:04 - 2014-08-30 19:04 - 00053936 _____ () C:\Users\personal info removed\Desktop\sfcdetails.txt
2014-08-30 06:48 - 2014-09-10 22:51 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-30 06:47 - 2014-09-10 22:51 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-30 06:46 - 2014-09-10 22:51 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-30 05:05 - 2014-09-10 22:51 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-30 05:04 - 2014-09-10 22:51 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-30 05:03 - 2014-09-10 22:51 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-28 22:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-28 20:29 - 2014-08-28 20:29 - 00007600 _____ () C:\Users\personal info removed\AppData\Local\Resmon.ResmonCfg
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Program Files\Speccy
2014-08-28 12:34 - 2014-09-10 22:56 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 07:05 - 2014-09-10 22:56 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 07:05 - 2014-09-10 22:56 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 07:05 - 2014-09-10 22:56 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 07:05 - 2014-09-10 22:56 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 07:02 - 2014-09-10 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 07:01 - 2014-09-10 22:56 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 07:01 - 2014-09-10 22:56 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 07:01 - 2014-09-10 22:56 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 07:01 - 2014-09-10 22:56 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 07:01 - 2014-09-10 22:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 07:01 - 2014-09-10 22:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 07:01 - 2014-09-10 22:56 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 07:01 - 2014-09-10 22:56 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-27 23:20 - 2014-08-16 17:26 - 00424216 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-24 13:34

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by personal info removed at 2014-09-26 14:44:08
Running from D:\Users\personal info removed\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4025 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Blender (HKLM\...\Blender) (Version: 2.65a-release - Blender Foundation)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG5400 series User Registration (HKLM-x32\...\Canon MG5400 series User Registration) (Version: - Canon Inc.?)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Claro ScreenMarker (HKLM-x32\...\{4E5FD3CA-F8C3-4D5A-A44A-6289C179FCFA}) (Version: 1.1.0 - Claro Software)
ClaroCapture (HKLM-x32\...\{54CBA75F-6623-4A18-A0D5-B7BE983F69FD}) (Version: 3.0.19 - Claro Software)
ClaroIdeas (HKLM-x32\...\{267F05DC-9816-4E68-A83A-6DAFA3A2BC50}) (Version: 2.1.0 - Claro Software)
ClaroRead Plus (HKLM-x32\...\{0389C7C3-A73B-4C16-909F-80C350EA8953}) (Version: 6.2.7 - Claro Software)
ClaroView (HKLM-x32\...\{A836EF85-4F9B-4BE0-904A-A56B6A48293F}) (Version: 1.0.12 - Claro Software)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version: - Microsoft)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
eLearning Module Content version 2.0 (HKLM-x32\...\{8218117A-6682-485E-B7BA-305558DCEF0D}_is1) (Version: 2.0 - iansyst Ltd)
eLearning version 2.0 (HKLM-x32\...\{E1B01443-4A1D-4986-BECC-2D043E0CF893}_is1) (Version: 2.0 - iansyst Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
KAZ (Keyboard A-Z) Version 20.5 (HKLM-x32\...\Kaz_10) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Olympus Sonority (HKLM-x32\...\{40CAF5AE-4E70-46C8-8AD8-4A036D32525C}) (Version: 1.4.3 - OLYMPUS IMAGING CORP.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
ScreenRuler (HKLM-x32\...\{46243C14-2485-45EE-9B4E-609B71B5D5FF}) (Version: 3.0.5 - Claro Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vocalizer Daniel from Claro Software (HKLM-x32\...\{36FB67D5-2099-41E0-8E28-7E061828845C}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Fiona from Claro Software (HKLM-x32\...\{AE789798-995E-47D0-A16C-55E97BCDBFC8}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Karen from Claro Software (HKLM-x32\...\{BFF55ECD-AA48-4872-82A5-65BFD3598CB8}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Lee from Claro Software (HKLM-x32\...\{8B0DF0EC-FCC1-4A97-86E4-E0D9720DAA92}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Moira from Claro Software (HKLM-x32\...\{B8C81D28-7194-4F07-94BE-733615F498E9}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Sangeeta from Claro Software (HKLM-x32\...\{B70556CA-E6DB-4ACD-92B5-1A5F85621690}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Serena from Claro Software (HKLM-x32\...\{4345FA12-BFC9-492B-B47C-C7BEF6785398}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Tom from Claro Software (HKLM-x32\...\{985F3407-E764-4D79-B1AB-ECA53FFBEC52}) (Version: 1.2.1.0 - Claro Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3470675919-4289468765-2846079494-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-3470675919-4289468765-2846079494-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files (x86)\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points =========================

02-09-2014 19:14:27 Installed AVG 2014
10-09-2014 21:57:01 Windows Update
20-09-2014 14:25:54 Scheduled Checkpoint
23-09-2014 01:40:33 Windows Backup
23-09-2014 12:40:35 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {48D62909-FF77-4BFA-BC18-3170E32D0C2F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {613BB28E-23C7-406E-9B7A-01AB6507A448} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {6A29A037-C751-4FB8-B047-3E160284D4DA} - System32\Tasks\AVG_SYS_TASK_0814av_DELETE => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe [2014-08-12] ()
Task: {86A52827-397F-4C7A-91EB-B2703ECE996C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BAC3F964-392F-4874-9211-C5D07078BF5D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E956E91B-4502-4699-A0B6-880F5B387DDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F74428C3-C420-4D76-BEC2-949546E582D4} - System32\Tasks\AVG_SYS_TASK_0814av => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe [2014-08-12] ()
Task: {FAF79F39-D2D2-4DFC-8016-AAD66CD40854} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: C:\Windows\Tasks\AVG_SYS_TASK_0814av.job => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-12 13:37 - 2012-03-12 10:05 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-09-03 22:27 - 2014-08-12 17:10 - 02775576 _____ () C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
2013-03-06 03:02 - 2013-03-06 03:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 15:15 - 2012-10-31 15:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2014-09-03 22:27 - 2014-08-12 17:10 - 02775576 _____ () C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
2013-08-22 15:25 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth Manager.lnk"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKCU\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKCU\...\StartupApproved\Run: => "ISUSPM"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 01:59:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/26/2014 11:59:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/26/2014 11:58:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/26/2014 11:29:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/25/2014 06:05:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/25/2014 06:05:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/25/2014 01:39:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/24/2014 05:23:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/24/2014 05:14:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "SRH,type="win32",version="1.0.0.0"1".
Dependent Assembly SRH,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/24/2014 05:09:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (09/23/2014 04:22:01 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume35'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/23/2014 01:42:16 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume31'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/23/2014 05:15:15 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume24'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/23/2014 02:42:16 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume20'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/20/2014 03:06:19 AM) (Source: VDS Basic Provider) (EventID: 5) (User: )
Description: Cannot zero sectors on disk \\?\PhysicalDrive1. Error code: \\?\PhysicalDrive1


Microsoft Office Sessions:
=========================
Error: (09/26/2014 01:59:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/26/2014 11:59:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\Nuance\naturallyspeaking12\Program\dragon_support_packager.exe

Error: (09/26/2014 11:58:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/26/2014 11:29:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/25/2014 06:05:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/25/2014 06:05:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/25/2014 01:39:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/24/2014 05:23:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Users\personal info removed\Downloads\esetsmartinstaller_enu.exe

Error: (09/24/2014 05:14:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: SRH,type="win32",version="1.0.0.0"C:\Windows\WinSxS\wow64_microsoft-windows-narrator_31bf3856ad364e35_6.2.9200.16384_none_213c2aa761ddf02b\Narrator.exe

Error: (09/24/2014 05:09:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe


==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.3 MB
Available physical RAM: 2298.56 MB
Total Pagefile: 4683.3 MB
Available Pagefile: 3313.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:197.9 GB) (Free:143.33 GB) NTFS
Drive d: () (Fixed) (Total:218.69 GB) (Free:159.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6FAE3D31)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=197.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)

==================== End Of Log ============================


(this frst or addition log contains something in unicode which was lost when i saved this text file i am editing it in as an ANSI.)


I also ran "tdss killer", an oldish version i got from your site. It found nothing but AVG once again flashed up when it was run, it seems the virus has affected a file that all antivirus scanners need.



I am scanning with ESET online scanner now and will post it's log as soon as it finishes, I will also edit this post to include a kasperksy virus rmeoval tool log when i have had time for that to complete.
I have not seen any very visible symptoms of this trojan virus, there has been some subtle flickering of screens now and again but no pop ups, no redirects. I was just doing a routine scan whilst i was busy with something else and when i returned to my computr i saw the AVG prompt saying imfections were found.
My system should be all up to date, i use chrome and firefox as my browsers. I do not have java, i don't have adobe reader, i don't have adobe flash (i use the one within chrome). I haven't opened IE for months. I have even started using "noscript" and "adblock plus" for the majority of my firefox browsing in the last few days. AVG was updated this morning, before i scanned and found the threat, i don't know if that means the threat has been there a while and AVG has only just acquired the signature to detect it or whether the virus has got onto my system between this scan and the previous one.

I need URGENT help getting this infection off my system, i have no other internet capable computer, i madde a recovery disc and system image a few days baxck but for all i know i could have been infected when making them, if thye even work. I have to use this machine for all my personal stuff including banking, i need to do some financial stuff via it very soon, i need it clean by then.
I also need to know WHEN i caught this infection, so i can work out what else might be compromised.
As the infections weren't removed, and it seems one of the processes must be coming back time and again I NEED HELP URGENTLY and am minimizing time spent connected to the interent so the bastard f**king s**tbag who gave me this virus can't give it further instructions/get further personal info from it.

I need your help to wipe evry trace of the F**king virus from ym system, AVG cannot seem to clean it as it is inside critical files, if those files can be deleted the normal way i don't know if you could just email me some replacements(i assume it's the same file for everyone).

Thank You


Soryy about double posting, this forum won't let me make a long enough post to include evrything

Edited by quietman7, 08 November 2014 - 06:41 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 26 September 2014 - 09:41 AM

Hi there,

this might be a false positive detection by AVG. Let's see what other engines think about this file:


Please visit VirusTotal and scan a file as follows:
  • Click on Choose File.
  • Copy and paste the following into the file name textbox:
    C:\windows\system32\srvsvc.dll
    and click Open.
  • Now hit the Scan it! button on the website to scan the selected file.
  • If you get the message

    File already analysed - This file was last analyse by VirusTotal on ....

    then click on Reanalyse!
  • Wait until the scan has finished.
  • Copy the URL from your browsers address bar and paste it in your next reply.


#4 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 26 September 2014 - 11:48 AM

through the uploader i cannot get at the file, srvsvc.dll is not on the list of files in C:\system32\ when viewed through the uploader, though it is when viewed through the normal file browser. putting the file path straight into the uploader didn't help, srvsvc.dll couldn't be found by it. though it could be found through the normal file browser. I'll try copying the file and uplaodign a renamed copy form another directory.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 26 September 2014 - 01:08 PM

https://www.virustotal.com/en/file/384230a10ea0394e260282509b7d8efcbff8814611f6efab2dd346b97963ec55/analysis/1411753870/

 

that is the virus total url for my attempted upload, let me explain something about what i did. I went to C:\windows\system32\ in explorer and copied srvsvc.dll into a folder within my documents (my downloads folder to be precise), i renamed it to "probably infected srvsvc.dll" and then went to virustotal in the browser. I was able to upload that file, it shows clean but it shows AVG finding it to be clean, this means it can't be a false positive because if it were avg would show "infected" and eveyrthing else would show "clean". I guess therefore that either the infection made sure that the copied file was clean before i uploaded, or that AVG has been seeing problems elsewhere on my machine and mislabelled them as being due to srvsvc. Also i notice someone else has the same issue today, that on the other hand raises my suspicions of false positive. I did try earlier contacting avg tech support, thye were rubbish. I chatted online to a guy who told e to run some "avg_remover_all.exe " tool, and after hours of scanning it was unable to see the virus that my main program was pointng so clearly at, either the tool had a much older database or it was only meant for removing certain infections, mine not on the list, the same tool almost prevented me from booting up as well, but i think i fixed that.

 

I am running AVG again having updated the database about 5 min ago, the last time i updated ws 11am or so uk time today. I will see if it still detects, if not this might be a false positive but i am still VERY suspicious of the situation. I have seen a slowdown in computer speed, and assume it's due to the trojan running (i can't see a process name i don't recpgnize but there are mentions of it using svchost in my first post here), but maybe it's due to AVG putting all it's effort into attacking a non-existent threat. I'll run another MBAM scan afterwards and see if that triggers AVG popping up, because if this really isthe worst case scenario then the infection has managed to compromise evry scanner(mbam, mbar) on this pc except for AVG. Eset online scanner log will follow after that.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 26 September 2014 - 01:27 PM

Avg just finished, it now thinks i'm clean but i REALLY do not trust it after what happened today.

mbam scanned the system and reported it clean, using standard threat scan across 424092 objects.

est coming up.


Edited by rp88, 26 September 2014 - 01:41 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 26 September 2014 - 03:21 PM

This is a typical case of a false positive. It's a file that was updated very recently through Windows Updates. It somehow triggered a signature from AVG. They realized it and removed this detection with their next database update.
Nothing to worry about.

#8 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 26 September 2014 - 04:38 PM

The computer is VERY slow right now though.
Eset's scan gave 1 result, a bundled google toolbar within an installer exe file in my downloads folder, quite harmless.
I'm going to run kaspersky virus removal tool as well though, as i said this slow down is keeping my suspicions high.
I'll also contact AVG and see if anyone there can confirm they had a false positive problem recently, as for your mention of windows update, i haven't had any of them since the 10th(i haven't installed that russian time zones one yet, i don't know how important it is), i would think it was more likely that AVG's updates switched AVG's behavior into thinking that the srvsvc.dll file was a trojan.

I have also just managed to find the bit of AVG's first scan log i lost earlier, it shows the one of he three that AVG managed to clean. It mainly just lists all the locked files, but some details of the "infected" ones are in there. The one "infected" copy of srvsvc.dll it removed was at C:\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.2.9200.17060_none_51d0129374933876\srvsvc.dll and was "moved to the virus vault".

"Whole Computer Scan"
"High severity";"3";"1";"2"
"Notifications";"483";"0";"483"
"Scanned folders:";"Scan Whole Computer"
"Started:";"26/09/2014, 12:13:31"
"Finished:";"26/09/2014, 12:36:32"
"Scanned items:";"349132"
"Launched by:";"personal info removed"

"Name";"Description";"Status";"Status";"Priority"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_unspecified_ee899b9f34371b411971adf2def5c4d75ab4e_cab_04250498\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\C599AFA5A6F053BAD70179501868318E.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\.NET v4.5 Classic\NTUSER.DAT";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoostDriver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\.NET v4.5 Classic\ntuser.dat.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\diagerr.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\msmq\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_c0ed3293f91aa6867bf773127e84e9dc6d81cee_453044af\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\IE\diagerr.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\WindowsApps\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapMethods-Ttls%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_2ebe3384\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\AppCompat\Programs\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200_6f44456347da5c5ae9624e48c021a032b9ccb98_cab_040a823b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Engine%4BackupLog.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_2ebe2e44\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\WMI\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-KdsSvc%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_5bfdd5c19f30313629ef5a2bcf5299a027b58bc_2ebe3d67\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Documents\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\MsDtc\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_45aa569b491b5259c5bcb92a41f91cac082f27e_47903159\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveId%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200_a04392e5306b2cc46dcc4943ad95c963fdb1d8_1df13105\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\WebCache\V01.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_06c9aa98\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6d986f09a1ee04e24c949879fdb506c_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\PerfLogs\System\Diagnostics\ROBERTPECK_20140901-000002\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\System Volume Information\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_49b8fe33bbe6f88b655c33097539f98953be8e_47903ade\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProvisioning%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\ServiceProfiles\LocalService\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\diagwrn.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Installer\259f43.msp";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\NetHood\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{c62ccdcd-d701-11e1-9f13-782bcb37b9d5}.TM.blf";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Templates\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\iis.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_46eabf8740f2bfcadfe5a5e438296f0af030b2_15558463\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Recent\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\Tasks\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapMethods-Sim%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\14C5A2A3C41254184B007011E5565E5B.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\ElevatedDiagnostics\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8720041d60ce67898df0e4d3b76672d3_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmartCard-Audit%4Authentication.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\System Volume Information\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c140a13ca7ad0ae32a4c6f353368df7e_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\ntuser.dat.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\WinSAT";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Policy%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\srvsvc.dll";"Trojan horse Inject2.AXKQ";"Infected";"Infected";"High"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_47904406\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Com\dmp\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Documents\My Pictures\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\DPX\setupact.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wfp\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\.NET v4.5\NTUSER.DAT";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\CBS\CBS.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Installer\$PatchCache$\Managed\00004109610090400100000000F01FEC\14.0.4763\PROCDB.XLAM_1033";"Contains macros";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_SATELLITE PRO L8_b542ecf9e46349dd14564e877c0ec6329ae1c6_056029cf\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Panther\UnattendGC\setupact.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\ModemLogs\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-VDRVROOT%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200_a04392e5306b2cc46dcc4943ad95c963fdb1d8_19c530b7\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Documents\My Music\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\E6B4BE61393D55691F733CCCDBAD5EF7.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_063d2aa0\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-MTPEnum%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\WindowsBackup\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft_166d2c2e7c6f60edbf543fd43cf38da4cc4223f_05a33384\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Control Panel%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\LiveKernelReports\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_6a3aaa5637e944cc0fcd9c688b324f6ceb3fdd0_47903f72\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_06c9b045\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-PnPConfig%4Configuration.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\restore\MachineGuid.txt";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\CBS\CbsPersist_20140926004603.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.2.9200_e6d23d3f77401da83b7332e9721ada8cea2bc3fb_cab_162abf91\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\System\System Performance.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Ras\MobilityManager";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSync%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmartCard-TPM-VCard-Module%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Authentication User Interface%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_06c9ad86\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\WS\License Validation";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec38c03e61b3aff7d3608ee651050120_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.2.9200.17060_none_51d0129374933876\srvsvc.dll";"Trojan horse Inject2.AXKQ";"Secured";"Healed";"High"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200_a04392e5306b2cc46dcc4943ad95c963fdb1d8_1af51957\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\pagefile.sys";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\config\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\inetsrv\Config\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\IE\setuperr.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04f09e97\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e69a26f7e30d68f2aa6f871eba2e0163_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_f023334ea62b5059984218e83d5db124d9b87bf2_11f0273b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_138c4c82db5c1d5748fdf925cd64b3dd9b52e687_01c73ea8\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\EUROTOOL.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\Panther\UnattendGC\diagerr.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04dcce80\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-International-RegionalOptionsControlPanel%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_28e73cbcb334893167932627e9f8d6256788dd8_063d2d7f\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\NTUSER.DAT";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_fc5cbaf14f4bbc31559d4074b84488e5591a24da_04e9bc6b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\System\System Diagnostics.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\inetpub\temp\appPools\APCAC7C.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Listener Service%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\SOLVER\SOLVER.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Network\Downloader\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-ConnectedAccountState%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\WinSxS\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.2.9200.16384_none_29f83810bfc3ed4a\dnary.xsd";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Mobile-Broadband-Experience-SmsRouter%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\AUInstallAgent\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PackageStateRoaming%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows NT\MSFax\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Templates\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\3DBE55C53EC25A6A2C96523D5C1F43F2.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Regsvr32%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DataIntegrityScan%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NdisImPlatform%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_c0ed3293f91aa6867bf773127e84e9dc6d81cee_04e9c861\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\AppData\Local\Temporary Internet Files\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_5bfdd5c19f30313629ef5a2bcf5299a027b58bc_4530422e\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\SystemData\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_683becb6ea65b34e83bf2e47f17ec82e626cd1fd_04e9b70c\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-FMS%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\HardwareEvents.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\MFAData\aviupd.cfg";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Netlogon%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\Analysis\ATPVBAEN.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\catroot2\edb.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Resources\Themes\aero\VSCache\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\SMSApi.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NcdAutoSetup%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_unspecified_2f53ad484b67c653e9ee468a55b9503f80bbe1a6_216f8b69\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Setup.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\$Recycle.Bin\S-1-5-18\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\.NET v4.5 Classic\ntuser.dat.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmartCard-TPM-VCard-Module%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\spool\SERVERS\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\PerfLogs\System\Diagnostics\ROBERTPECK_20140614-000001\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_unspecified_70dc4e6fe46c9f3b92656f21cb013b728dce27e_cab_042504d6\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\inetpub\temp\appPools\APCA0D3.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\UsrClass.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_3ddc0fec\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Documents\My Videos\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.2.9200.16683_c9fcd5d0341d912e52a173a4c2c94ded1b91631_cab_04058a81\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-HidBthLE%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DataIntegrityScan%4CrashRecovery.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\MFAData\msistorg.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Public\Documents\My Videos\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\Analysis\PROCDB.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbServer%4Security.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WFP%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_13f2ea8e4dd5944a5230581476d381b8369b69_2ebe3837\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\Fax\Outgoing\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04f09bc8\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\Users\personal info removed\uni stuff\maths first semester\Vectors.pptm";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbServer%4Connectivity.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\Fax\Incoming\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TCPIP%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Panther\UnattendGC\setuperr.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Security.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-All-User-Install-Agent%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBClient%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\User Account Pictures\IIS APPPOOL+.NET v4.5.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\sru\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\inetpub\temp\appPools\APC8685.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\networklist\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-Driver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\networklist\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\1033\EXPTOOWS.XLA";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Public\Documents\My Pictures\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\Rules\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\15CB6E2BC4C7288B6A26F06F2EA3EBAA.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\517b696993c8b98bcd9ff19659786bf4_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Mprddm%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\LocationProvider\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\srvsvc.dll";"Trojan horse Inject2.AXKQ";"Infected";"Infected";"High"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-BthLEEnum%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Internet Explorer.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wdi\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-VHDMP%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Config.Msi\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_101_d5471a64a27d5880d59d83b06967c7b36171cac_cab_11bb92a0\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\inetpub\temp\appPools\APC6F7E.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_06c9a7c9\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WWAN-SVC-Events%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Core%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\IE\diagwrn.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-EventCollector%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{c62ccdcd-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000002.regtrans-ms";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\User Account Pictures\IIS APPPOOL+DefaultAppPool.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppID%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\718b9a6753d02ea0be204ba9999f6912_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_0_0_cab_0480e415\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\Templates\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_ba7634253d87f68be78c571cbe43edc44f35233_26c00fec\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\AppRepository\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DhcpNap%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\.NET v4.5\ntuser.dat.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{d7a39924-16dc-11e3-be71-7054d28de8f3}.TMContainer00000000000000000001.regtrans-ms";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\ntuser.dat.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Application.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\Users\personal info removed\uni stuff\maths first semester\Further Integration.pptm";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CertificateServicesClient-Lifecycle-System%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\DF66BF7FE8B151CD01B5A759CD88E60A.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\spool\PRINTERS\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_2579a725d770b17d701f2fabd5409218a3807489_295b9cf0\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CertificateServicesClient-Lifecycle-User%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Tasks\AVG_SYS_TASK_0814av.job";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-CompositeClassDriver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1587f23cf06ea59041f8671669a8df3a_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Folder Redirection%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{c62ccdcd-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000001.regtrans-ms";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\DefaultAppPool\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_4029aca1e1c181beb196c49a919f8e727cb158_47902c48\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\79A1347BEE2DDBA266DAC7663C7EC688.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\Keys\11e9bff8c13b048383a2c020ca5d82a4_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c878643facf037edf287141dabdf6a2_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppHost%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\WitnessClientAdmin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_101_e1ca80ae65674f4ca821977132896bd3d07a2d58_cab_1450480b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Panther\UnattendGC\diagwrn.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\Users\personal info removed\uni stuff\maths first semester\Further differentiation.pptm";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16731_a8bc545b61f8474a2ce816f584c7bf3f47ffc89_295ba05b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-ManagementAgent%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\security\database\secedit.sdb";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\WinSxS\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.2.9200.16384_none_b49cdddad4a4ca96\traceanonconfig.xml";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f43fd3e6dd14005e817c96d3194aa24e_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\DPX\setuperr.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Doctor Web.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\687fdce59587eeda9e5be9359de548a9_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker%4BitLocker Management.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\PrintHood\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Superfetch%4AgmcOperation.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\setuperr.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\HomeGroup\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Desktop\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-SPP-UX-Notifications%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04f0a146\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{d7a39924-16dc-11e3-be71-7054d28de8f3}.TM.blf";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\security\cap\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6de9cb26d2b98c01ec4e9e8b34824aa2_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-IKE%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\User Account Pictures\IIS APPPOOL+.NET v4.5 Classic.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Installer\$PatchCache$\Managed\00004109610090400100000000F01FEC\14.0.4763\FUNCRES.XLAM_1033";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_a41cff4b4b6b917b7242a9881db4eccb298ecb_1d8a8a1b\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\MsDtc\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows Defender\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\SystemRestore\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Anytime-Upgrade-Events%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\$Recycle.Bin\S-1-5-21-3470675919-4289468765-2846079494-500\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbServer%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\PLA\Reports\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Steps-Recorder.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\security\audit\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Iphlpsvc%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\swapfile.sys";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\log.txt";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\AutoRecover\7073EBB8E2F3C70E0FA1F650B7DEA970.mof";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft_166d2c2e7c6f60edbf543fd43cf38da4cc4223f_cab_058af4d6\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-IdCtrls%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Key Management Service.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.8.9200.16925_23373bb16e6ab150b6e9f2e0494bf34fad3f8e7_cab_03651b61\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\$RECYCLE.BIN\S-1-5-21-3470675919-4289468765-2846079494-500\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Documents and Settings\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TWinUI%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\swapfile.sys";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\ServiceProfiles\NetworkService\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NTLM%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\IE\setupact.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\wbem\MOF\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Search\Data\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.8.9200.16925_23373bb16e6ab150b6e9f2e0494bf34fad3f8e7_cab_1fa11b61\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{d7a39924-16dc-11e3-be71-7054d28de8f3}.TMContainer00000000000000000002.regtrans-ms";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-WS-Licensing%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\ias\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Prefetch\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\config\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\AppData\Local\History\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\OAlerts.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\System.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\Sqm\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\personal info removed\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Logs\RecoveryDisc\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\SysWOW64\Com\dmp\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapHost%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\hiberfil.sys";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Default\Cookies\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\inetsrv\config\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Sysprep\Panther\setupact.log";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\.NET v4.5\ntuser.dat.LOG1";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\Firewall\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_101_7e37abdba5a96e32212a404bc0be17225ac17d55_cab_15350dc3\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04dcd17e\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\MFAData\msistorg.dat.bkp";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_6.2.9200_1528b6c5c744a1e72c935bba557e447e37c0da4e_04f0a3e6\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3470675919-4289468765-2846079494-500";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_unspecified_67f15aea8f3e87f539b5cea3c885c7e7872fda_216f90f7\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.8.9200.16693_49b8fe33bbe6f88b655c33097539f98953be8e_201812ef\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Users\Public\Documents\My Music\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\MFAData\progupd.cfg";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-GenericRoaming%4Admin.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4PlaybackManager.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files\Microsoft Office\Office14\Library\Analysis\FUNCRES.XLAM";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\LogFiles\HTTPERR\";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"D:\Users\personal info removed\uni stuff\maths first semester\Vector Algebra.pptm";"Contains macros";"Notification";"Infected";"Message"
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5bb09ac44fae706dbb22a671808e3907_9424f89e-ff72-4b67-bc08-597a23319b5a";"Locked file. Not scanned.";"Notification";"Infected";"Message"
"C:\Program Files (x86)\Google\CrashReports\";"Locked file. Not scanned.";"Notification";"Infected";"Message"





I don't know what advice you can give but do you know anything of the sort of ways i can clean my system back to the state it was in 48 hours ago or so, i made a recovery disc a few days back and a system image but don't really know how to use them, nor whether (considering windows currently does boot) they can be used to replace what is here now entirely with the older system state or whether they can only be used on a computer that is fully wiped of all it's files. And i worry using them might compromise them if this is truly an infection, plus if this is an infection there is a very important file from late last night that i don't want to have to lose, it's backed up but if this is an infection it might be infected.

Another thing to add here, i've just noticed a file that appeared on my hard drive at 17:40 todat C:\cleanup.bat It might have had something to do with the tool i attempted to run from avg, (i have mentioned it in one of the earlier posts on here) or it might be something else entirely. virustotal didn't see anything in it when i uploaded it to that site, but it's weirrd to find it there and i don't know if having a bat file in C:\ makes my system try and boot with it rather than with my true OS.

Just to report, my system really is horrifically slow right now, something is very clearly not right still. My computer is struggling to perform a kaspersky virus removal tool scan and play a low res video at the same time, it would have done this with ease 24 hours ago. It is now having to freeze the video for a minute every 20 seconds of playback.

Edited by quietman7, 08 November 2014 - 09:57 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 27 September 2014 - 06:04 AM

I have contacted AVG about this, have had nothing back though. Kaspersky thought the system was clean, so it looks mroe and mroe like a false positive, but system is still slow. I would like to perform some sort of "clean install" of everything but i need to check some details about that.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 28 September 2014 - 06:24 AM

I wanted to check: whatever this thing was, loading my computer from a system image made a few days before the infection will cure my issue?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 29 September 2014 - 07:14 PM

Has ANYONE been able to work out for sure IF this was a false positive yet?

Edited by rp88, 29 September 2014 - 07:15 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 30 September 2014 - 03:52 AM

No, and that's not our job as we are not reverse engineers who analyze the binaries in detail.
As I told you before everything indicates that this was a false positive. AVG changing its mind about this alleged infection so quickly just being one of the reasons for this conclusion.
You can upload this file at Virustotal again and re-analyze it to see if any of the scanners detect a threat now.

#13 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 01 October 2014 - 09:34 AM

The file is long gone, i have done several rounds of system reimaging. Eventually i found one that came preinstalled with the computer, i never knew i had such a old image on here. I went back to it and am currently reinstalling my programs. Any virus should be utterly gone, and avg has now updated to it's 2015 version (new interface).
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 02 October 2014 - 04:06 AM

So can I do anything for you now or do you consider this topic done?

#15 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 12 October 2014 - 11:02 AM

I think it's done i went through multiple rounds of loading of old system images, the bleeping thing (be it virus or false positive) shouldn't have survved that. i haven't had any issues since the last in a series of restoring from old images.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users