Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn trojan. Afraid to reconnect my laptop to the internet.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Semicomputerliterate

Semicomputerliterate

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 01 January 2015 - 07:47 PM

Hello. Sorry to barge in and ask for help without actually contributing to the community. I've got a trojan/dropper calling itself taskhost.exe, winrar.exe, and photoshop.exe. It has added itself to the startup--the photoshop one only stays open for a second right when windows loads up. When I originally wrote this last night I was a little frazzled from trying to get rid of the stupid thing all day, so I'm rewriting it now to include more details and less commentary.  

 

Some details about my computer are as follows:

Dell Latitude E6410

Windows 7 Ultimate 64 bit

Intel Core i5 CPU M 5600 @2.67 GHz

2GB Ram, 150GB HD

 

 

Taskhost.exe in C:\ProgramData

 

Taskhost.exe in C:\Windows\SysWOW64\drivers

 

Winrar.exe in C:\AppData\Roaming

 

photoshop.exe in C:\User%\AppData\Local\Temp

 

photoshop.exe in another folder whose path I can't remember but it was related to Windows startup.

 

 

 

The taskhost files' Type and Attributes fields under details panel both said "Microsoft ® Windows ® Operating System". And that the file was 90kb rather than the 67kb taskhost was in my Windows folder.

 

I disabled my wireless adapter, found the offending program in task manager and tried to close it. I got a warning dialog that there was unsaved data open in said program and closing would cause me to lose it. I clicked 'close anyway' and my computer blue screened and commenced a memory dump.

 

The taskhost and winrar files created rules to allow themselves internet connection in my firewall. The photoshop.exe in the startup folder seems to replenish the deleted exe files and then shut itself down right after startup. Maybe. Like the stupid username says, I'm only semi-literate with this stuff at best.

 

Avira wasn't really catching much of anything. It noticed one of the taskhost files, but not until after I deleted it. Even when I pointed it right at the winrar.exe it came up clean.

 

 

More details: I don't know if this is helpful, but I found it strange/alarming. On two of the files, I believe it was a photoshop and winrar, the details panel under properties lists Publisher and Copyright as just "Bernard".

 

When I turned on my wifi adapter after deleting the files, TrustedInstaller kept loading up on its own, presumably replacing the files. So I disabled it. 

 

I think I've finally gotten rid of all of them, blocked them in the firewall, turned off offline files (just in case -- I just sort of happened across this and looked it up. I didn't know what they were until yesterday), turned UAC up to insane for the moment. But I feel that my internet connection is putting an unreasonable load on my computer now. the svchost hosting my 'Netman' service is eating up 115,000-150,000 kb. 

 

 

 

Here's one of the Avira logs. There's another one with a TR/Dropper.MSIL in it, but I'll have to upload that later as I'm going to be late for work if I stay another minute.

 

 
 
Avira Free Antivirus
Report file date: Thursday, January 01, 2015  01:26
 
 
The program is running as an unrestricted full version.
Online services are available.
 
Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 7 Ultimate
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : CAVEATEMPTOR-PC
 
Version information:
BUILD.DAT       : 14.0.7.468     91859 Bytes  11/24/2014 10:23:00
AVSCAN.EXE      : 14.0.7.462   1015544 Bytes  11/24/2014 15:23:24
AVSCANRC.DLL    : 14.0.7.308     54576 Bytes  11/24/2014 15:23:24
LUKE.DLL        : 14.0.7.462     60664 Bytes  11/24/2014 15:23:29
AVSCPLR.DLL     : 14.0.7.440     93488 Bytes  11/24/2014 15:23:24
REPAIR.DLL      : 14.0.7.412    366328 Bytes  11/24/2014 15:23:24
REPAIR.RDF      : 1.0.3.52      632267 Bytes    1/1/2015 06:15:18
AVREG.DLL       : 14.0.7.310    264952 Bytes  11/24/2014 15:23:23
AVLODE.DLL      : 14.0.7.440    561456 Bytes  11/24/2014 15:23:23
AVLODE.RDF      : 14.0.4.54      78895 Bytes    1/1/2015 06:14:47
XBV00013.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:33
XBV00014.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:33
XBV00015.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:33
XBV00016.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:33
XBV00017.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:33
XBV00018.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00019.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00020.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00021.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00022.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00023.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00024.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00025.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00026.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00027.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00028.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00029.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00030.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00031.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00032.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00033.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00034.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00035.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00036.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00037.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00038.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00039.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00040.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00041.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 15:23:34
XBV00138.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00139.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00140.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00141.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00142.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00143.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00144.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00145.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00146.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00147.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:56
XBV00148.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00149.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00150.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00151.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00152.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00153.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00154.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00155.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00156.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00157.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00158.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00159.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00160.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00161.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00162.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:57
XBV00163.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00164.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00165.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00166.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00167.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00168.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00169.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00170.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00171.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00172.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00173.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00174.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00175.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00176.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00177.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00178.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:58
XBV00179.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00180.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00181.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00182.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00183.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00184.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00185.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00186.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00187.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00188.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00189.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00190.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00191.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00192.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:14:59
XBV00193.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:00
XBV00194.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:00
XBV00195.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:00
XBV00196.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:00
XBV00197.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:00
XBV00198.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:00
XBV00199.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:01
XBV00200.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:01
XBV00201.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:01
XBV00202.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:01
XBV00203.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:01
XBV00204.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:01
XBV00205.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:01
XBV00206.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:02
XBV00207.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:02
XBV00208.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:02
XBV00209.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:02
XBV00210.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:02
XBV00211.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:02
XBV00212.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:03
XBV00213.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:03
XBV00214.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:03
XBV00215.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:03
XBV00216.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:03
XBV00217.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:03
XBV00218.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:03
XBV00219.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:04
XBV00220.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:04
XBV00221.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:04
XBV00222.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:04
XBV00223.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:04
XBV00224.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:04
XBV00225.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:05
XBV00226.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:05
XBV00227.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:05
XBV00228.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:05
XBV00229.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:05
XBV00230.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:06
XBV00231.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:06
XBV00232.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:06
XBV00233.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:06
XBV00234.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:06
XBV00235.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:06
XBV00236.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:06
XBV00237.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:07
XBV00238.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:07
XBV00239.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:07
XBV00240.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:07
XBV00241.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:07
XBV00242.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:07
XBV00243.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00244.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00245.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00246.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00247.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00248.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00249.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00250.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00251.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00252.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00253.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:08
XBV00254.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:09
XBV00255.VDF    : 8.11.197.100     2048 Bytes  12/23/2014 06:15:09
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 15:23:33
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 15:23:33
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 15:23:33
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 15:23:33
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 15:23:33
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 15:23:33
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 15:23:33
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 15:23:33
XBV00008.VDF    : 8.11.165.192  4251136 Bytes    8/7/2014 15:23:33
XBV00009.VDF    : 8.11.172.30  2094080 Bytes   9/15/2014 15:23:33
XBV00010.VDF    : 8.11.178.32  1581056 Bytes  10/14/2014 15:23:33
XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11/11/2014 15:23:33
XBV00012.VDF    : 8.11.190.32  1876992 Bytes   12/3/2014 06:14:47
XBV00042.VDF    : 8.11.190.56    35840 Bytes   12/3/2014 06:14:48
XBV00043.VDF    : 8.11.192.58     2048 Bytes   12/3/2014 06:14:48
XBV00044.VDF    : 8.11.192.86    18944 Bytes   12/3/2014 06:14:48
XBV00045.VDF    : 8.11.192.110     7680 Bytes   12/3/2014 06:14:48
XBV00046.VDF    : 8.11.192.134     5120 Bytes   12/3/2014 06:14:48
XBV00047.VDF    : 8.11.192.138     9216 Bytes   12/3/2014 06:14:48
XBV00048.VDF    : 8.11.192.140     4608 Bytes   12/4/2014 06:14:48
XBV00049.VDF    : 8.11.192.144     8192 Bytes   12/4/2014 06:14:48
XBV00050.VDF    : 8.11.192.146    20480 Bytes   12/4/2014 06:14:48
XBV00051.VDF    : 8.11.192.148    19456 Bytes   12/4/2014 06:14:48
XBV00052.VDF    : 8.11.192.152    12800 Bytes   12/4/2014 06:14:48
XBV00053.VDF    : 8.11.192.154     5120 Bytes   12/4/2014 06:14:48
XBV00054.VDF    : 8.11.192.158     2048 Bytes   12/4/2014 06:14:48
XBV00055.VDF    : 8.11.192.160     2048 Bytes   12/4/2014 06:14:49
XBV00056.VDF    : 8.11.192.162     2048 Bytes   12/4/2014 06:14:49
XBV00057.VDF    : 8.11.192.166     8192 Bytes   12/4/2014 06:14:49
XBV00058.VDF    : 8.11.192.168     6144 Bytes   12/5/2014 06:14:49
XBV00059.VDF    : 8.11.192.172     6144 Bytes   12/5/2014 06:14:49
XBV00060.VDF    : 8.11.192.236    24064 Bytes   12/5/2014 06:14:49
XBV00061.VDF    : 8.11.192.238     2048 Bytes   12/5/2014 06:14:49
XBV00062.VDF    : 8.11.193.22    11776 Bytes   12/5/2014 06:14:49
XBV00063.VDF    : 8.11.193.42    29696 Bytes   12/6/2014 06:14:49
XBV00064.VDF    : 8.11.193.66    41472 Bytes   12/6/2014 06:14:50
XBV00065.VDF    : 8.11.193.68     2048 Bytes   12/6/2014 06:14:50
XBV00066.VDF    : 8.11.193.70    37888 Bytes   12/7/2014 06:14:50
XBV00067.VDF    : 8.11.193.76    13824 Bytes   12/7/2014 06:14:50
XBV00068.VDF    : 8.11.193.78    31744 Bytes   12/8/2014 06:14:50
XBV00069.VDF    : 8.11.193.98     2048 Bytes   12/8/2014 06:14:50
XBV00070.VDF    : 8.11.193.118     7680 Bytes   12/8/2014 06:14:50
XBV00071.VDF    : 8.11.193.138     3584 Bytes   12/8/2014 06:14:50
XBV00072.VDF    : 8.11.193.158    24064 Bytes   12/8/2014 06:14:50
XBV00073.VDF    : 8.11.193.160     2048 Bytes   12/8/2014 06:14:50
XBV00074.VDF    : 8.11.193.162     2048 Bytes   12/8/2014 06:14:50
XBV00075.VDF    : 8.11.193.168     2560 Bytes   12/8/2014 06:14:50
XBV00076.VDF    : 8.11.193.170     2048 Bytes   12/8/2014 06:14:50
XBV00077.VDF    : 8.11.193.172     2048 Bytes   12/8/2014 06:14:51
XBV00078.VDF    : 8.11.193.174    31232 Bytes   12/8/2014 06:14:51
XBV00079.VDF    : 8.11.193.176     2048 Bytes   12/8/2014 06:14:51
XBV00080.VDF    : 8.11.193.180    14336 Bytes   12/9/2014 06:14:51
XBV00081.VDF    : 8.11.193.184     8192 Bytes   12/9/2014 06:14:51
XBV00082.VDF    : 8.11.193.188    10240 Bytes   12/9/2014 06:14:51
XBV00083.VDF    : 8.11.193.190     4096 Bytes   12/9/2014 06:14:51
XBV00084.VDF    : 8.11.193.192     5120 Bytes   12/9/2014 06:14:51
XBV00085.VDF    : 8.11.193.194     7680 Bytes   12/9/2014 06:14:51
XBV00086.VDF    : 8.11.193.196     9216 Bytes   12/9/2014 06:14:51
XBV00087.VDF    : 8.11.193.198     2048 Bytes   12/9/2014 06:14:51
XBV00088.VDF    : 8.11.193.202    25088 Bytes   12/9/2014 06:14:51
XBV00089.VDF    : 8.11.193.208    63488 Bytes   12/9/2014 06:14:51
XBV00090.VDF    : 8.11.197.100  1426944 Bytes  12/23/2014 06:14:52
XBV00091.VDF    : 8.11.197.116     5120 Bytes  12/23/2014 06:14:52
XBV00092.VDF    : 8.11.197.134    22016 Bytes  12/23/2014 06:14:52
XBV00093.VDF    : 8.11.197.152    21504 Bytes  12/23/2014 06:14:52
XBV00094.VDF    : 8.11.197.154     2048 Bytes  12/23/2014 06:14:52
XBV00095.VDF    : 8.11.197.156    12288 Bytes  12/23/2014 06:14:52
XBV00096.VDF    : 8.11.197.158     8192 Bytes  12/23/2014 06:14:52
XBV00097.VDF    : 8.11.197.160    26112 Bytes  12/24/2014 06:14:52
XBV00098.VDF    : 8.11.197.162     8192 Bytes  12/24/2014 06:14:53
XBV00099.VDF    : 8.11.197.164    20480 Bytes  12/24/2014 06:14:53
XBV00100.VDF    : 8.11.197.166     7680 Bytes  12/24/2014 06:14:53
XBV00101.VDF    : 8.11.197.170    22016 Bytes  12/24/2014 06:14:53
XBV00102.VDF    : 8.11.197.172     6144 Bytes  12/24/2014 06:14:53
XBV00103.VDF    : 8.11.197.174     6144 Bytes  12/24/2014 06:14:53
XBV00104.VDF    : 8.11.197.190    44032 Bytes  12/25/2014 06:14:53
XBV00105.VDF    : 8.11.197.204     2048 Bytes  12/25/2014 06:14:53
XBV00106.VDF    : 8.11.197.218    16896 Bytes  12/25/2014 06:14:53
XBV00107.VDF    : 8.11.197.232     6656 Bytes  12/25/2014 06:14:53
XBV00108.VDF    : 8.11.197.248    94208 Bytes  12/26/2014 06:14:53
XBV00109.VDF    : 8.11.198.6     12288 Bytes  12/26/2014 06:14:53
XBV00110.VDF    : 8.11.198.20    13824 Bytes  12/26/2014 06:14:54
XBV00111.VDF    : 8.11.198.36    10752 Bytes  12/26/2014 06:14:54
XBV00112.VDF    : 8.11.198.38     2048 Bytes  12/26/2014 06:14:54
XBV00113.VDF    : 8.11.198.40     2048 Bytes  12/26/2014 06:14:54
XBV00114.VDF    : 8.11.198.54   108544 Bytes  12/27/2014 06:14:54
XBV00115.VDF    : 8.11.198.56     2048 Bytes  12/27/2014 06:14:54
XBV00116.VDF    : 8.11.198.70    23552 Bytes  12/27/2014 06:14:54
XBV00117.VDF    : 8.11.198.88    94208 Bytes  12/28/2014 06:14:54
XBV00118.VDF    : 8.11.198.100    18432 Bytes  12/28/2014 06:14:54
XBV00119.VDF    : 8.11.198.112    85504 Bytes  12/29/2014 06:14:54
XBV00120.VDF    : 8.11.198.114     2048 Bytes  12/29/2014 06:14:54
XBV00121.VDF    : 8.11.198.126    13824 Bytes  12/29/2014 06:14:54
XBV00122.VDF    : 8.11.198.138     4096 Bytes  12/29/2014 06:14:54
XBV00123.VDF    : 8.11.198.150     9216 Bytes  12/29/2014 06:14:54
XBV00124.VDF    : 8.11.198.162    12288 Bytes  12/29/2014 06:14:55
XBV00125.VDF    : 8.11.198.176    23040 Bytes  12/29/2014 06:14:55
XBV00126.VDF    : 8.11.198.178    12800 Bytes  12/29/2014 06:14:55
XBV00127.VDF    : 8.11.198.180   109056 Bytes  12/30/2014 06:14:55
XBV00128.VDF    : 8.11.198.182     9728 Bytes  12/30/2014 06:14:55
XBV00129.VDF    : 8.11.198.184    11264 Bytes  12/30/2014 06:14:56
XBV00130.VDF    : 8.11.198.186    12800 Bytes  12/30/2014 06:14:56
XBV00131.VDF    : 8.11.198.188     7680 Bytes  12/30/2014 06:14:56
XBV00132.VDF    : 8.11.198.192    14848 Bytes  12/30/2014 06:14:56
XBV00133.VDF    : 8.11.198.194    12800 Bytes  12/30/2014 06:14:56
XBV00134.VDF    : 8.11.198.198    86016 Bytes  12/31/2014 06:14:56
XBV00135.VDF    : 8.11.198.210     7680 Bytes  12/31/2014 06:14:56
XBV00136.VDF    : 8.11.198.220    12288 Bytes  12/31/2014 06:14:56
XBV00137.VDF    : 8.11.198.230     2048 Bytes  12/31/2014 06:14:56
LOCAL000.VDF    : 8.11.198.230 118499840 Bytes  12/31/2014 06:16:27
Engine version  : 8.3.28.4  
AEVDF.DLL       : 8.3.1.6       133992 Bytes  11/24/2014 15:23:20
AESCRIPT.DLL    : 8.2.2.40      546728 Bytes    1/1/2015 06:14:46
AESCN.DLL       : 8.3.2.2       139456 Bytes  11/24/2014 15:23:20
AESBX.DLL       : 8.2.20.24    1409224 Bytes  11/24/2014 15:23:20
AERDL.DLL       : 8.2.1.16      743328 Bytes  11/24/2014 15:23:20
AEPACK.DLL      : 8.4.0.56      789360 Bytes    1/1/2015 06:14:45
AEOFFICE.DLL    : 8.3.1.8       350120 Bytes    1/1/2015 06:14:45
AEMOBILE.DLL    : 8.1.2.0       277360 Bytes    1/1/2015 06:14:46
AEHEUR.DLL      : 8.1.4.1454   7940008 Bytes    1/1/2015 06:14:45
AEHELP.DLL      : 8.3.1.0       278728 Bytes  11/24/2014 15:23:20
AEGEN.DLL       : 8.1.7.40      456608 Bytes    1/1/2015 06:14:44
AEEXP.DLL       : 8.4.2.48      252776 Bytes    1/1/2015 06:14:46
AEEMU.DLL       : 8.1.3.4       399264 Bytes  11/24/2014 15:23:20
AEDROID.DLL     : 8.4.3.6       850800 Bytes    1/1/2015 06:14:46
AECORE.DLL      : 8.3.4.0       243624 Bytes    1/1/2015 06:14:44
AEBB.DLL        : 8.1.2.0        60448 Bytes  11/24/2014 15:23:20
AVWINLL.DLL     : 14.0.7.308     25904 Bytes  11/24/2014 15:23:25
AVPREF.DLL      : 14.0.7.308     52016 Bytes  11/24/2014 15:23:23
AVREP.DLL       : 14.0.7.308    220976 Bytes  11/24/2014 15:23:24
AVARKT.DLL      : 14.0.7.308    227632 Bytes  11/24/2014 15:23:21
AVEVTLOG.DLL    : 14.0.7.440    184112 Bytes  11/24/2014 15:23:21
SQLITE3.DLL     : 14.0.7.308    453936 Bytes  11/24/2014 15:23:32
AVSMTP.DLL      : 14.0.7.308     79096 Bytes  11/24/2014 15:23:24
NETNT.DLL       : 14.0.7.308     15152 Bytes  11/24/2014 15:23:29
RCIMAGE.DLL     : 14.0.7.308   4866808 Bytes  11/24/2014 15:23:30
RCTEXT.DLL      : 14.0.7.318     75568 Bytes  11/24/2014 15:23:31
 
Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_54a4e46a\guard_slideup.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete
 
Start of the scan: Thursday, January 01, 2015  01:26
 
The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '106' Module(s) have been scanned
Scan process 'svchost.exe' - '152' Module(s) have been scanned
Scan process 'STacSV64.exe' - '36' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '75' Module(s) have been scanned
Scan process 'spoolsv.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'Dwm.exe' - '28' Module(s) have been scanned
Scan process 'Explorer.EXE' - '199' Module(s) have been scanned
Scan process 'taskhost.exe' - '51' Module(s) have been scanned
Scan process 'sttray64.exe' - '41' Module(s) have been scanned
Scan process 'Apoint.exe' - '43' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '27' Module(s) have been scanned
Scan process 'HidFind.exe' - '24' Module(s) have been scanned
Scan process 'Apntex.exe' - '28' Module(s) have been scanned
Scan process 'conhost.exe' - '20' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '20' Module(s) have been scanned
Scan process 'mmc.exe' - '115' Module(s) have been scanned
Scan process 'prevhost.exe' - '29' Module(s) have been scanned
Scan process 'mmc.exe' - '67' Module(s) have been scanned
Scan process 'Avira.OE.ServiceHost.exe' - '129' Module(s) have been scanned
Scan process 'Avira.OE.Systray.exe' - '160' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'avgnt.exe' - '96' Module(s) have been scanned
Scan process 'avguard.exe' - '136' Module(s) have been scanned
Scan process 'sched.exe' - '59' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'wuauclt.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'taskhost.exe' - '31' Module(s) have been scanned
Scan process 'avcenter.exe' - '117' Module(s) have been scanned
Scan process 'avscan.exe' - '109' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '64' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
 
Starting the file scan:
 
Begin scan in 'C:\$Recycle.Bin\S-1-5-21-1361591397-1297305956-3969139387-1000\$R0JT5JY.exe'
C:\$Recycle.Bin\S-1-5-21-1361591397-1297305956-3969139387-1000\$R0JT5JY.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/InstallCore.860264
 
Beginning disinfection:
C:\$Recycle.Bin\S-1-5-21-1361591397-1297305956-3969139387-1000\$R0JT5JY.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/InstallCore.860264
  [NOTE]      The file was moved to the quarantine directory under the name '518d4466.qua'!
 
 
End of the scan: Thursday, January 01, 2015  01:27
Used time: 00:21 Minute(s)
 
The scan has been done completely.
 
      0 Scanned directories
    780 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
    779 Files not concerned
      3 Archives were scanned
      0 Warnings
      1 Notes
 
 
The scan results will be transferred to the Guard.
 
 
 
 
Thank you a hundred times for doing what you guys do. This is an awesome place.

Edited by Semicomputerliterate, 02 January 2015 - 07:58 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:35 AM

Posted 04 January 2015 - 10:50 AM

hi,

Your post is a few days old. If you still need help you can get a download that we will use as starting point. Please post both the logs it generates in your reply and we will go from there:

Please download Farbar Recovery Scan Tool and save it to your desktop

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

If your not sure which one to run; Download them both and try running each one. The compatible version will be the one that actually works.

Right-click on the FRST icon then click "Run as administrator"
When the tool opens click Yes to the disclaimer
Press the Scan Button.
When the scan is done, it will produce a log called FRST.txt in the same directory the tool was run from.
Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt also located on the desktop).
Please copy/paste both logs: FRST.txt and addition.txt in your reply.


How Can I Reduce My Risk to Malware?


#3 Semicomputerliterate

Semicomputerliterate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 04 January 2015 - 11:27 PM

Hello shelf life and thank you for your reply.

 

I actually reinstalled Windows and reformatted. I ran another scan yesterday which found 30-some system32 files that had been recently modified. I'm not savvy enough to know if that's salvageable, or it it's even a real problem or just something I overreacted to, but at that point I figured expert help or not, I wouldn't feel comfortable with it until I scrapped the whole thing. Unless you think there's a chance that it's still hiding on my computer somewhere (registry gets wiped with a reformat too, right?), I won't waste your time. I need to finish running updates at the moment, but I'll download that tool and upload the logs in the morning before work. I know you're busy and your work is in high demand, so just in case I still need your help, I'll do what I can to avoid keeping you waiting.

 

edit: Didn't have time to run the scan this morning. I'll post the log tonight when I get home from work.


Edited by Semicomputerliterate, 05 January 2015 - 12:34 PM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:35 AM

Posted 05 January 2015 - 05:17 PM

ok. no problem. Your not wasting my time,  just post the FRST log when you get a chance. It should look golden, a reformat/reinstall will wipe everything.

 


How Can I Reduce My Risk to Malware?


#5 Semicomputerliterate

Semicomputerliterate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 06 January 2015 - 12:22 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Bobby (administrator) on BOBBY-PC on 05-01-2015 23:48:54
Running from C:\Users\Bobby\Desktop
Loaded Profile: Bobby (Available profiles: Bobby)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel® Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111488 2013-01-23] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4276875114-3730672819-4281616421-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-04]
CHR Extension: (Google Docs) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-04]
CHR Extension: (Google Drive) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-04]
CHR Extension: (YouTube) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-04]
CHR Extension: (Adblock Plus) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-04]
CHR Extension: (Google Search) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-04]
CHR Extension: (Google Sheets) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-04]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-04]
CHR Extension: (Gmail) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
R4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-08-07] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77480 2013-02-25] (Fresco Logic)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 23:48 - 2015-01-05 23:49 - 00010617 _____ () C:\Users\Bobby\Desktop\FRST.txt
2015-01-05 23:48 - 2015-01-05 23:48 - 00000000 ____D () C:\FRST
2015-01-05 11:56 - 2015-01-05 11:58 - 00000000 ____D () C:\c20d95cef256044b6fea97
2015-01-05 11:50 - 2015-01-05 11:53 - 00006252 _____ () C:\Windows\IE11_main.log
2015-01-05 11:35 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-05 11:35 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-05 11:35 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-05 11:35 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-05 11:35 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-05 11:35 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-05 11:35 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-05 11:35 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-05 11:35 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-05 11:35 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-05 11:35 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-05 11:35 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-05 11:35 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-05 11:35 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-05 11:35 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-05 11:35 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-05 11:35 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-05 11:35 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-05 11:10 - 2015-01-05 11:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-05 11:04 - 2015-01-05 11:04 - 00444532 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-05 09:59 - 2015-01-05 10:54 - 00445654 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-05 09:32 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-05 09:32 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-05 09:32 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-05 09:32 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-05 09:32 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-05 09:32 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-05 09:32 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-05 09:32 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-05 09:32 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-05 09:32 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-05 09:20 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-05 09:20 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-05 09:02 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-05 09:02 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-05 09:02 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-05 09:02 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-05 09:02 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-05 09:02 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-05 09:02 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-05 09:02 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-05 08:59 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-05 08:59 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-01-05 08:59 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-01-05 08:59 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-01-05 08:59 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-05 08:59 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-05 08:59 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-01-05 08:59 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-01-05 08:59 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-01-05 08:58 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-05 08:58 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-05 08:58 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-05 08:58 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-05 08:58 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-05 08:58 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-01-05 08:58 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-01-05 08:58 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-01-05 08:58 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-01-05 08:58 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-01-05 08:58 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-01-05 08:58 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-01-05 08:58 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-01-05 08:58 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-01-05 08:58 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-01-05 08:58 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-01-05 08:58 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-01-05 08:58 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-01-05 08:58 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-01-05 08:58 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-05 08:58 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-01-05 08:57 - 2014-11-20 12:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-05 08:57 - 2014-11-20 12:40 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-05 08:57 - 2014-11-20 12:40 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-05 08:57 - 2014-11-20 12:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-05 08:57 - 2014-11-20 12:39 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-05 08:57 - 2014-11-20 12:38 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-05 08:57 - 2014-11-20 12:38 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-05 08:57 - 2014-11-20 12:38 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-05 08:57 - 2014-11-20 12:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-05 08:57 - 2014-11-20 12:37 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-05 08:57 - 2014-11-20 09:08 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-05 08:57 - 2014-11-20 09:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-05 08:57 - 2014-11-20 09:06 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-05 08:57 - 2014-11-20 09:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-05 08:57 - 2014-11-20 09:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-05 08:57 - 2014-11-20 08:01 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-05 08:57 - 2014-11-20 07:56 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-05 08:57 - 2014-11-20 07:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-05 08:57 - 2014-11-20 07:28 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-05 08:57 - 2014-07-16 21:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-05 08:57 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-05 08:57 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-05 08:57 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-05 08:57 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-05 08:57 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-05 08:57 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-05 08:56 - 2014-11-20 12:40 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-05 08:56 - 2014-11-20 12:39 - 19285504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-05 08:56 - 2014-11-20 12:39 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-05 08:56 - 2014-11-20 12:38 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-05 08:56 - 2014-11-20 12:38 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-05 08:56 - 2014-11-20 12:38 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-05 08:56 - 2014-11-20 12:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-05 08:56 - 2014-11-20 12:38 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-05 08:56 - 2014-11-20 12:38 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-05 08:56 - 2014-11-20 12:38 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-05 08:56 - 2014-11-20 12:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-05 08:56 - 2014-11-20 09:09 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-05 08:56 - 2014-11-20 09:08 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-05 08:56 - 2014-11-20 09:07 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-05 08:56 - 2014-11-20 09:07 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-05 08:56 - 2014-11-20 09:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-05 08:56 - 2014-11-20 09:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-05 08:56 - 2014-11-20 09:07 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-05 08:56 - 2014-11-20 07:12 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-05 08:56 - 2014-11-20 07:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-05 08:56 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-01-05 08:55 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-05 08:55 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-05 08:55 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-05 08:55 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-05 08:55 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-05 08:55 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-05 08:55 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-05 08:55 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-01-05 08:55 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-01-05 08:55 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-01-05 08:55 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-01-05 08:55 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-01-05 08:55 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-01-05 08:55 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-01-05 08:55 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-01-05 08:55 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-01-05 08:55 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-01-05 08:55 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-01-05 08:55 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-01-05 08:55 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-01-05 08:55 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-01-05 08:55 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-01-05 08:55 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-01-05 08:55 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-01-05 08:55 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-01-05 08:55 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-05 08:55 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-05 08:55 - 2013-02-27 00:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-01-05 08:54 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-05 08:54 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-05 08:54 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-01-05 08:54 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-01-05 08:54 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-01-05 08:54 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-01-05 08:54 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-01-05 08:54 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-01-05 08:53 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-05 08:53 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-05 08:53 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-05 08:53 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-05 08:53 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-05 08:53 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-05 08:53 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-05 08:53 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-05 08:53 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-05 08:53 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-05 08:53 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-05 08:53 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-05 08:53 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-05 08:53 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-05 08:53 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-05 08:53 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-05 08:52 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-05 08:52 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-05 08:52 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-05 08:52 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-05 08:52 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-05 08:52 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-05 08:52 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-05 08:52 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-05 08:52 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-01-05 08:52 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-01-05 08:52 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-01-05 08:52 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-01-05 08:52 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-01-05 08:52 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-05 08:52 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-05 08:52 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-01-05 08:52 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-01-05 08:52 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-01-05 08:52 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-01-05 08:52 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-01-05 08:52 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-01-05 08:52 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-01-05 08:52 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-01-05 08:51 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-05 08:51 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-05 08:51 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-05 08:51 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-05 08:51 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-05 08:51 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-05 08:51 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-05 08:51 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-05 08:51 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-05 08:51 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-01-05 08:51 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-01-05 08:51 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-01-05 08:51 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-01-05 08:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-05 08:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-05 08:50 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-01-05 08:50 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-01-05 08:50 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-05 08:50 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-01-05 08:50 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-01-05 08:50 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-01-05 08:50 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-01-05 08:50 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-01-05 08:50 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-01-05 08:50 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-01-05 08:50 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-01-05 08:50 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-01-05 08:50 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-01-05 08:50 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2015-01-05 08:50 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2015-01-05 08:50 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-05 08:50 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-05 08:50 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-01-05 08:50 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-01-05 08:50 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-01-05 08:50 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-05 08:50 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-01-05 08:50 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-01-05 08:50 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-01-05 08:50 - 2013-04-25 18:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-01-05 08:50 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-01-05 08:50 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-01-05 08:50 - 2013-03-31 17:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-01-05 08:49 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-05 08:49 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-05 08:49 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-05 08:49 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-05 08:49 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-05 08:49 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-01-05 08:49 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-01-05 08:49 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-01-05 08:49 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-01-05 08:49 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-01-05 08:49 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-01-05 08:49 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-05 08:49 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-05 08:49 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-01-05 08:49 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-01-05 08:49 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-01-05 08:49 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-01-05 08:49 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-01-05 08:49 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-01-05 08:49 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-05 08:49 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-05 08:49 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-05 08:49 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-05 08:49 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-05 08:48 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-05 08:48 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-05 08:48 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-05 08:48 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-05 08:48 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-05 08:48 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-05 08:48 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-05 08:48 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-05 08:48 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-05 08:48 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-05 08:48 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-05 08:48 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-05 08:48 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-05 08:48 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-05 08:48 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-05 08:48 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-05 08:48 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-05 08:48 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-05 08:48 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-05 08:48 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-05 08:48 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-05 08:48 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-05 08:48 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-05 08:48 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-05 08:48 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-05 08:48 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-05 08:48 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-05 08:48 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-05 08:48 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-01-05 08:48 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-05 08:48 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-05 08:48 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-01-05 08:48 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-01-05 08:48 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-01-05 08:48 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-05 08:48 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-01-05 08:48 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-01-05 08:48 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-05 08:48 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-01-05 08:48 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-01-05 08:48 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-01-05 08:48 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-01-05 08:48 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-01-05 08:48 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-01-05 08:48 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-01-05 08:48 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-01-05 08:48 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-01-05 08:48 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-01-05 08:48 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-01-05 08:48 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-01-05 08:48 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-01-05 08:48 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-01-05 08:48 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-01-05 08:48 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-01-05 08:48 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-01-05 08:48 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-01-05 08:48 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-01-05 08:48 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-01-05 08:48 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-01-05 08:48 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-01-05 08:48 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-01-05 08:48 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-05 08:48 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-01-05 08:48 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-01-05 08:48 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-01-05 08:47 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-05 08:47 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-05 08:47 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-05 08:47 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-05 08:47 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-05 08:47 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-05 08:47 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-05 08:47 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-05 08:47 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-01-05 08:47 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-01-05 08:47 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-01-05 08:47 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-05 08:47 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-05 08:47 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-05 08:47 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-01-05 08:47 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-01-05 08:47 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-01-05 08:47 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-01-05 08:47 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-01-05 08:47 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-01-05 08:47 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-01-05 08:47 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-01-05 08:47 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-05 08:47 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-05 08:25 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-01-05 08:23 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-05 08:23 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-05 07:46 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-05 07:46 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-05 07:46 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-05 07:46 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-05 07:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-05 07:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-05 07:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-05 07:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-05 07:34 - 2015-01-05 07:34 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\AVG2015
2015-01-05 07:33 - 2015-01-05 07:34 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-05 07:33 - 2015-01-05 07:33 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-05 07:33 - 2015-01-05 07:33 - 00000000 ___HD () C:\$AVG
2015-01-05 07:33 - 2015-01-05 07:33 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\TuneUp Software
2015-01-05 07:33 - 2015-01-05 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-05 07:32 - 2015-01-05 07:32 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-05 07:28 - 2015-01-05 12:08 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-05 07:28 - 2015-01-05 07:34 - 00000000 ____D () C:\Users\Bobby\AppData\Local\Avg2015
2015-01-05 07:28 - 2015-01-05 07:28 - 04637504 _____ (AVG Technologies) C:\Users\Bobby\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-05 07:28 - 2015-01-05 07:28 - 00000000 ____D () C:\Users\Bobby\AppData\Local\MFAData
2015-01-05 07:17 - 2015-01-05 07:17 - 02123776 _____ (Farbar) C:\Users\Bobby\Desktop\FRST64.exe
2015-01-04 23:47 - 2015-01-04 23:47 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-01-04 23:47 - 2015-01-04 23:47 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2015-01-04 23:46 - 2015-01-04 23:46 - 00002105 _____ () C:\Users\Bobby\Desktop\FL Studio 11.5 (beta) (64bit).lnk
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 ____D () C:\Users\Bobby\Documents\Image-Line
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Image-Line
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 ____D () C:\Program Files\Image-Line
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 ____D () C:\Program Files\Common Files\VST2
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2015-01-04 23:45 - 2015-01-04 23:45 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2015-01-04 23:39 - 2015-01-04 23:46 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-01-04 23:07 - 2015-01-05 23:46 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 23:07 - 2015-01-05 23:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 23:07 - 2015-01-04 23:07 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-04 23:07 - 2015-01-04 23:07 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-04 23:07 - 2015-01-04 23:07 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-04 23:07 - 2015-01-04 23:07 - 00000000 ____D () C:\Users\Bobby\AppData\Local\Google
2015-01-04 23:07 - 2015-01-04 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-04 23:07 - 2015-01-04 23:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-04 23:06 - 2015-01-04 23:07 - 00000000 ____D () C:\Users\Bobby\AppData\Local\Deployment
2015-01-04 23:06 - 2015-01-04 23:06 - 00000000 ____D () C:\Users\Bobby\AppData\Local\Apps\2.0
2015-01-04 22:30 - 2015-01-04 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-04 22:26 - 2015-01-04 22:26 - 00015696 _____ () C:\Windows\system32\results.xml
2015-01-04 22:24 - 2015-01-04 22:24 - 00000000 ____D () C:\ProgramData\NTRU Cryptosystems
2015-01-04 22:24 - 2015-01-04 22:24 - 00000000 ____D () C:\Program Files\NTRU Cryptosystems
2015-01-04 22:24 - 2015-01-04 22:24 - 00000000 ____D () C:\Program Files (x86)\NTRU Cryptosystems
2015-01-04 22:19 - 2015-01-04 22:24 - 00000000 ____D () C:\Program Files\Common Files\SPBA
2015-01-04 22:19 - 2015-01-04 22:19 - 00000000 ____D () C:\Program Files\DIFX
2015-01-04 22:19 - 2015-01-04 22:19 - 00000000 ____D () C:\Program Files (x86)\Gemalto
2015-01-04 22:19 - 2015-01-04 22:18 - 00081904 _____ () C:\Windows\system32\pbadrvdll.dll
2015-01-04 22:19 - 2015-01-04 22:18 - 00080368 _____ () C:\Windows\SysWOW64\pbadrvdll.dll
2015-01-04 22:19 - 2015-01-04 22:18 - 00032240 _____ (Dell Inc) C:\Windows\system32\Drivers\PBADRV.SYS
2015-01-04 22:19 - 2012-03-19 16:34 - 00440208 _____ () C:\Windows\system32\brcmbsp.dll
2015-01-04 22:19 - 2012-03-19 16:34 - 00241544 _____ () C:\Windows\system32\bipbsp.dll
2015-01-04 22:18 - 2015-01-04 22:31 - 00000000 ____D () C:\ProgramData\Wave Systems Corp
2015-01-04 22:18 - 2015-01-04 22:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2015-01-04 22:18 - 2015-01-04 22:18 - 00000000 ____D () C:\Windows\system32\BioAPIFFDB
2015-01-04 22:18 - 2015-01-04 22:18 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-04 22:18 - 2015-01-04 22:18 - 00000000 ____D () C:\Users\Public\Downloads\Dell
2015-01-04 22:18 - 2015-01-04 22:18 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Wave Systems Corp
2015-01-04 22:18 - 2015-01-04 22:18 - 00000000 ____D () C:\ProgramData\Broadcom
2015-01-04 22:18 - 2015-01-04 22:18 - 00000000 ____D () C:\Program Files\Broadcom Corporation
2015-01-04 22:17 - 2015-01-04 22:17 - 00000000 ____D () C:\Windows\nvmup
2015-01-04 22:17 - 2013-07-08 22:05 - 00012064 _____ (NVIDIA Corporation) C:\Windows\system32\NVMUPEventMsg.dll
2015-01-04 22:14 - 2011-01-31 19:34 - 03157528 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-01-04 22:14 - 2011-01-31 19:34 - 00509976 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-01-04 22:14 - 2011-01-31 19:34 - 00417304 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-01-04 22:14 - 2011-01-31 19:34 - 00386584 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-01-04 22:14 - 2011-01-31 19:34 - 00223768 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-01-04 22:14 - 2011-01-31 19:34 - 00162328 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-01-04 22:14 - 2011-01-31 19:34 - 00152600 _____ () C:\Windows\system32\difx64.exe
2015-01-04 22:14 - 2011-01-12 18:40 - 00005388 _____ () C:\Windows\system32\iglhxs64.vp
2015-01-04 22:14 - 2011-01-12 18:25 - 00092672 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2281.dll
2015-01-04 22:14 - 2011-01-12 18:18 - 10627392 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-01-04 22:14 - 2011-01-12 18:18 - 06549504 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-01-04 22:14 - 2011-01-12 18:16 - 00874048 _____ () C:\Windows\SysWOW64\igkrng575.bin
2015-01-04 22:14 - 2011-01-12 18:16 - 00874048 _____ () C:\Windows\system32\igkrng575.bin
2015-01-04 22:14 - 2011-01-12 18:16 - 00127868 _____ () C:\Windows\SysWOW64\igcompkrng575.bin
2015-01-04 22:14 - 2011-01-12 18:16 - 00127868 _____ () C:\Windows\system32\igcompkrng575.bin
2015-01-04 22:14 - 2011-01-12 18:16 - 00104796 _____ () C:\Windows\SysWOW64\igfcg575m.bin
2015-01-04 22:14 - 2011-01-12 18:16 - 00104796 _____ () C:\Windows\system32\igfcg575m.bin
2015-01-04 22:14 - 2011-01-12 18:12 - 04967424 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-01-04 22:14 - 2011-01-12 18:10 - 00571904 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2015-01-04 22:14 - 2011-01-12 18:08 - 04722176 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-01-04 22:14 - 2011-01-12 18:06 - 04411392 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-01-04 22:14 - 2011-01-12 18:00 - 15034880 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-01-04 22:14 - 2011-01-12 17:51 - 11039232 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-01-04 22:14 - 2011-01-12 17:46 - 00189494 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00178349 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00165337 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00139851 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00136343 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00133688 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00125500 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00123172 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00122869 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00122651 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00122368 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-01-04 22:14 - 2011-01-12 17:46 - 00121115 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00120742 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00120308 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00119558 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00119528 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00119302 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00119009 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00118687 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00118639 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00118351 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00118000 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00114794 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00114314 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00114203 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00110156 _____ () C:\Windows\system32\Gfxres.en-US.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00103986 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00102825 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2015-01-04 22:14 - 2011-01-12 17:46 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-01-04 22:14 - 2011-01-12 17:46 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-01-04 22:14 - 2011-01-12 17:46 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-01-04 22:14 - 2011-01-12 17:46 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-01-04 22:14 - 2011-01-12 17:46 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-01-04 22:14 - 2011-01-12 17:46 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-01-04 22:14 - 2011-01-12 17:46 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-01-04 22:14 - 2011-01-12 17:46 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-01-04 22:14 - 2011-01-12 17:46 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-01-04 22:14 - 2011-01-12 17:45 - 00380416 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-01-04 22:14 - 2011-01-12 17:45 - 00244224 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-01-04 22:14 - 2011-01-12 17:45 - 00061952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-01-04 22:14 - 2011-01-12 17:45 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-01-04 22:14 - 2011-01-12 17:44 - 00272384 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-01-04 22:14 - 2011-01-12 17:44 - 00119808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-01-04 22:14 - 2011-01-12 17:44 - 00108544 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-01-04 22:14 - 2011-01-12 17:44 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-01-04 22:14 - 2011-01-12 17:44 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-01-04 22:14 - 2011-01-12 17:43 - 00830464 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-01-04 22:14 - 2011-01-12 17:43 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-01-04 22:14 - 2011-01-12 17:40 - 00023552 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-01-04 22:14 - 2011-01-12 17:39 - 00228864 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-01-04 22:14 - 2011-01-12 17:32 - 01991936 _____ () C:\Windows\system32\iglhxa64.cpa
2015-01-04 22:14 - 2011-01-12 17:32 - 00208896 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-01-04 22:14 - 2011-01-12 17:32 - 00206336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-01-04 22:14 - 2011-01-12 17:32 - 00188416 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-01-04 22:14 - 2011-01-12 17:32 - 00147456 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-01-04 22:14 - 2011-01-12 17:32 - 00060254 _____ () C:\Windows\system32\iglhxg64.vp
2015-01-04 22:14 - 2011-01-12 17:32 - 00060226 _____ () C:\Windows\system32\iglhxc64.vp
2015-01-04 22:14 - 2011-01-12 17:32 - 00060015 _____ () C:\Windows\system32\iglhxo64.vp
2015-01-04 22:14 - 2011-01-12 17:32 - 00001090 _____ () C:\Windows\system32\iglhxa64.vp
2015-01-04 22:14 - 2010-08-31 12:07 - 00317440 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2015-01-04 22:14 - 2010-08-31 12:07 - 00014848 _____ (Intel® Corporation) C:\Windows\system32\IntcDAuC.dll
2015-01-04 22:14 - 2010-02-26 23:32 - 00158976 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys
2015-01-04 22:11 - 2015-01-04 22:11 - 00058016 _____ () C:\Users\Bobby\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 22:11 - 2015-01-04 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-04 22:10 - 2015-01-04 22:15 - 00000000 ____D () C:\Intel
2015-01-04 22:10 - 2013-01-23 17:18 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2015-01-04 22:09 - 2015-01-04 22:19 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-01-04 22:08 - 2009-09-02 06:13 - 00131072 _____ (Dell, Inc.) C:\Windows\SysWOW64\DellSPMsg.dll
2015-01-04 22:04 - 2015-01-04 22:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-01-04 22:04 - 2015-01-04 22:04 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Intel
2015-01-04 22:03 - 2015-01-04 22:15 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-04 22:03 - 2015-01-04 22:15 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-04 22:03 - 2015-01-04 22:03 - 00000000 ____D () C:\ProgramData\Intel
2015-01-04 22:03 - 2015-01-04 22:03 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-01-04 22:00 - 2015-01-04 22:03 - 00000000 ____D () C:\Program Files\Intel
2015-01-04 22:00 - 2015-01-04 22:00 - 00000000 ____D () C:\drvrtmp
2015-01-04 22:00 - 2010-04-13 23:47 - 00091840 _____ (Intel Corporation) C:\Windows\system32\NicInstK.dll
2015-01-04 22:00 - 2010-04-05 23:37 - 00301232 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1k62x64.sys
2015-01-04 22:00 - 2010-04-01 23:56 - 00068264 _____ (Intel Corporation) C:\Windows\system32\e1kmsg.dll
2015-01-04 22:00 - 2010-02-23 11:00 - 00345800 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2015-01-04 22:00 - 2009-10-09 10:43 - 00003143 _____ () C:\Windows\system32\e1k62x64.din
2015-01-04 22:00 - 2009-05-26 09:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2015-01-04 22:00 - 2006-01-12 13:52 - 00001904 ____N () C:\Windows\system32\SetupBD.din
2015-01-04 21:59 - 2015-01-04 22:08 - 00000000 ____D () C:\dell
2015-01-04 21:57 - 2015-01-04 22:23 - 00000000 ____D () C:\Program Files\Dell
2015-01-04 21:57 - 2015-01-04 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell System Manager
2015-01-04 21:56 - 2015-01-04 22:19 - 00025470 _____ () C:\Windows\DPINST.LOG
2015-01-04 21:56 - 2015-01-04 21:57 - 00000000 ____D () C:\ProgramData\Dell
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 ____D () C:\Windows\Dell
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 ____D () C:\Users\Bobby\AppData\Local\Dell
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 ____D () C:\Program Files\DellTPad
2015-01-04 21:56 - 2013-02-21 14:10 - 00489264 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2015-01-04 21:56 - 2013-02-12 21:31 - 00114520 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2015-01-04 15:58 - 2015-01-04 15:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2015-01-04 15:57 - 2015-01-04 15:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-04 15:56 - 2015-01-04 15:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2015-01-04 15:54 - 2015-01-05 23:46 - 01619228 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 15:51 - 2015-01-04 15:51 - 00000000 ____D () C:\Windows\CSC
2015-01-04 15:03 - 2015-01-04 15:03 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Syntorial
2015-01-04 15:00 - 2015-01-04 15:17 - 00000000 ____D () C:\Users\Bobby\Documents\Syntorial
2015-01-04 14:59 - 2015-01-04 23:10 - 00000000 ____D () C:\Program Files (x86)\Syntorial
2015-01-04 14:59 - 2015-01-04 14:59 - 00000949 _____ () C:\Users\Public\Desktop\Syntorial.lnk
2015-01-04 14:44 - 2015-01-04 14:44 - 00001417 _____ () C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-04 14:44 - 2015-01-04 14:44 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Adobe
2015-01-04 14:44 - 2015-01-04 14:44 - 00000000 ____D () C:\Users\Bobby\AppData\Local\VirtualStore
2015-01-04 14:43 - 2015-01-04 22:04 - 00000000 ____D () C:\Users\Bobby
2015-01-04 14:43 - 2015-01-04 14:43 - 00000020 ___SH () C:\Users\Bobby\ntuser.ini
2015-01-04 14:43 - 2015-01-04 14:43 - 00000000 __SHD () C:\Recovery
2015-01-04 14:43 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-04 14:43 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 22:17 - 2009-07-13 23:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 22:17 - 2009-07-13 23:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 20:26 - 2013-04-14 04:52 - 00724158 _____ () C:\Windows\system32\perfh019.dat
2015-01-05 20:26 - 2013-04-14 04:52 - 00150428 _____ () C:\Windows\system32\perfc019.dat
2015-01-05 20:26 - 2009-07-14 00:13 - 01647438 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 20:22 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-05 20:20 - 2009-07-13 23:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-05 20:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 20:19 - 2009-07-13 23:51 - 00033391 _____ () C:\Windows\setupact.log
2015-01-05 20:15 - 2011-04-12 03:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-05 20:14 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-05 20:14 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-05 20:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-05 20:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-05 20:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-05 20:10 - 2010-11-20 22:47 - 00005720 _____ () C:\Windows\PFRO.log
2015-01-05 12:05 - 2013-04-16 12:15 - 01630866 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-04 23:01 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-04 22:18 - 2006-12-08 15:42 - 00155136 _____ () C:\Windows\system32\bioapi100.dll
2015-01-04 22:18 - 2006-12-08 15:41 - 00239104 _____ () C:\Windows\system32\bioapi_mds300.dll
2015-01-04 22:04 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-04 22:02 - 2013-04-16 12:39 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-04 17:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-04 15:58 - 2013-04-16 11:42 - 00003652 _____ () C:\Windows\TSSysprep.log
2015-01-04 15:58 - 2009-07-13 23:46 - 00003806 _____ () C:\Windows\DtcInstall.log
2015-01-04 15:49 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-04 15:49 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-04 15:49 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2015-01-04 14:54 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-04 14:43 - 2013-04-16 23:40 - 00000000 ____D () C:\Windows\Panther
2015-01-04 14:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Recovery
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-04-16 11:40
 
==================== End Of Log ============================


#6 Semicomputerliterate

Semicomputerliterate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 06 January 2015 - 12:23 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Bobby at 2015-01-05 23:50:07
Running from C:\Users\Bobby\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
Dell ControlVault Host Components Installer 64 bit (Version: 2.2.123.393 - Broadcom Corporation) Hidden
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
Dell System Manager (HKLM\...\{9CC89928-4787-4ED5-9942-4EBF6C2468E6}) (Version: 1.7.10000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
FL Studio 11.5 (HKLM-x32\...\FL Studio 11.5) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2281 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51078 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{35459b22-19a6-44ec-8d34-27eb3131acac}) (Version: 11.0.51106.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{615bc16d-60f5-482e-91b3-b51d8130963b}) (Version: 11.0.51106.1 - Корпорация Майкрософт)
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
Syntorial (HKLM-x32\...\{9ADC43F8-760E-4DC8-9380-635F93967D94}) (Version: 1.1.301 - Audible Genius, LLC)
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
04-01-2015 14:54:41 Installed Syntorial
04-01-2015 21:57:26 Installed Dell System Manager.
04-01-2015 22:00:03 Installed Intel® Network Connections.
04-01-2015 22:02:45 Intel® PROSet/Wireless Software
04-01-2015 22:08:59 Installed System Software.
04-01-2015 22:23:16 Windows Update
05-01-2015 07:32:05 Installed AVG 2015
05-01-2015 07:32:43 Installed AVG 2015
05-01-2015 07:45:28 Windows Update
05-01-2015 09:00:50 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {5F7E2B9B-51B7-4AB6-8FB1-3A2F15EAABF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)
Task: {EDDEE3FE-9A05-418E-8C58-D83576B08BAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-17 07:45 - 2012-01-17 07:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 07:45 - 2012-01-17 07:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-08 22:56 - 2011-10-08 22:56 - 00003072 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2011-11-07 07:55 - 2011-11-07 07:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2006-12-08 15:42 - 2015-01-04 22:18 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-08 15:41 - 2015-01-04 22:18 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Credential Vault Host Control Service => 2
MSCONFIG\Services: Credential Vault Host Storage => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: Spooler => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: ZeroConfigService => 2
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4276875114-3730672819-4281616421-500 - Administrator - Disabled)
Bobby (S-1-5-21-4276875114-3730672819-4281616421-1000 - Administrator - Enabled) => C:\Users\Bobby
Guest (S-1-5-21-4276875114-3730672819-4281616421-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4276875114-3730672819-4281616421-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Centrino® Advanced-N 6200 AGN
Description: Intel® Centrino® Advanced-N 6200 AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2015 08:20:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 08:13:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 11:04:25 AM) (Source: MsiInstaller) (EventID: 11935) (User: Bobby-PC)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"
 
Error: (01/05/2015 10:34:40 AM) (Source: MsiInstaller) (EventID: 11935) (User: Bobby-PC)
Description: Product: MSXML 4.0 SP2 (KB954430) -- Error 1935. An error occured during the installation of assembly component {7B30B69B-0E6C-B7E0-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9870.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"
 
Error: (01/04/2015 10:31:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2015 10:26:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2015 10:17:17 PM) (Source: NVMUP) (EventID: 4) (User: )
Description: Update Update Failed
 
Package Display.Driver
 
Log file: C:\Windows\nvmup\updatepackage\log\nvmup.log
 
Exit Code = 1633 (Platform Unsupported)
 
Error: (01/04/2015 09:54:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2015 05:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/05/2015 08:19:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (01/05/2015 08:17:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147467243
 
Error: (01/05/2015 08:15:49 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
 
Error: (01/05/2015 08:15:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (01/05/2015 08:15:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (01/05/2015 08:12:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell System Manager Service service to connect.
 
Error: (01/05/2015 08:11:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service failed to start due to the following error: 
%%1053
 
Error: (01/05/2015 08:11:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Zero Configuration Service service to connect.
 
Error: (01/05/2015 08:11:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (01/05/2015 08:10:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:09:12 PM on ‎1/‎5/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2015 08:20:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 08:13:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 11:04:25 AM) (Source: MsiInstaller) (EventID: 11935) (User: Bobby-PC)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/05/2015 10:34:40 AM) (Source: MsiInstaller) (EventID: 11935) (User: Bobby-PC)
Description: Product: MSXML 4.0 SP2 (KB954430) -- Error 1935. An error occured during the installation of assembly component {7B30B69B-0E6C-B7E0-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9870.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/04/2015 10:31:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2015 10:26:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2015 10:17:17 PM) (Source: NVMUP) (EventID: 4) (User: )
Description: Update FailedDisplay.DriverC:\Windows\nvmup\updatepackage\log\nvmup.log1633 (Platform Unsupported)
 
Error: (01/04/2015 09:54:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/04/2015 05:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 61%
Total physical RAM: 1909.86 MB
Available physical RAM: 739.49 MB
Total Pagefile: 3819.72 MB
Available Pagefile: 2547.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:118.97 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 259D4594)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:35 AM

Posted 06 January 2015 - 07:53 PM

hi,

 

Thanks for the logs. dont see anything to be worried about. You may want to install the free version of Malwarebytes. You can keep and use it as a antimalware app. Looks like your reformat/reinstall did the trick.

 

If you want to get Malwarebytes:

 

(no need to post the log from it, can't imagine it will find any malware.)

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

 

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe

 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.

    At the end, be sure a checkmark is placed next to the following:

        Launch Malwarebytes Anti-Malware

        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

    Click Finish.

    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.

    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.

    A Threat Scan will begin.

    With some infections, you may see this message box.

        'Could not load DDA driver'

    Click 'Yes' to this message, to allow the driver to load after a restart.

    Allow the computer to restart. Continue with the rest of these instructions.

    When the scan is complete, click Apply Actions.

    Wait for the prompt to restart the computer to appear, then click on Yes.

    After the restart once you are back at your desktop, open MBAM once more.

    Click on the History tab > Application Logs.

    Double click on the scan log which shows the Date and time of the scan just performed.

    Click 'Copy to Clipboard'

    Paste the contents of the clipboard into your reply.

 


How Can I Reduce My Risk to Malware?


#8 Semicomputerliterate

Semicomputerliterate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 08 January 2015 - 07:42 AM

Hey shelf life. Sorry about the delayed response. Scan log came up clean. Thanks for taking the time to help my peace of mind! 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/7/2015
Scan Time: 10:28:39 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.08.02
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bobby
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326032
Time Elapsed: 15 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:35 AM

Posted 08 January 2015 - 05:16 PM

Your welcome. Looks like your good. Keep Malwarebytes as another antimalware app. Remember with the free version a scan has to be started manually and always check for updates first.

 

You can get one more download that will remove FRST and its folders then delete itself.

 

If all is good on your end, Happy safe surfing out there.

 

Next please download Delfix.exe and save it to your desktop. It will remove the tools and there associated folders/files.
 
    https://toolslib.net/downloads/viewdownload/2-delfix/
    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.
    The tool will delete itself once it finishes. You can delete the log it generates


How Can I Reduce My Risk to Malware?


#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:35 AM

Posted 23 January 2015 - 05:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users