Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple 'Chrome.exe *32' Processes, need help :( Removal Guide didn't help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 Barbarictoaster

Barbarictoaster

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 06 January 2015 - 07:44 PM

I went through the "How to remove Poweliks Trojan (Removal Guide)" and it brought up nothing. The eset program said "You don't have Win32/Poweliks in your system"... So unfortunately I am still in a pickle. I've done numerous things to see if I can remedy this, malware removal programs (about 3), and got so desperate I reloaded Windows 7. If anyone could help I would GREATLY appreciate it. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by Samantha at 19:37:02 on 2015-01-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8191.6459 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{69685F11-E351-4240-B2E5-EBF2D61F6BD7} : DHCPNameServer = 65.32.5.111 65.32.5.112
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2015-01-07 03:28:49 -------- d-----w- C:\Program Files (x86)\ESET
2015-01-07 02:28:29 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-01-07 02:28:27 -------- d-----w- C:\ProgramData\RogueKiller
2015-01-07 02:09:00 -------- d-sh--w- C:\Windows\Installer
2015-01-07 02:04:03 -------- d-----w- C:\Users\Samantha\AppData\Local\Google
2015-01-07 02:03:52 -------- d-----w- C:\Users\Samantha\AppData\Local\Apps
2015-01-07 02:03:51 -------- d-----w- C:\Users\Samantha\AppData\Local\Deployment
2015-01-07 01:35:33 -------- d-----w- C:\Windows\Panther
2015-01-07 01:22:19 -------- d-----w- C:\Windows.old
2015-01-06 18:25:01 -------- d--h--w- C:\$AVG
2015-01-06 17:49:20 -------- d-----w- C:\AdwCleaner
2014-12-25 01:44:02 -------- d-sh--w- C:\Recovery
.
==================== Find3M  ====================
.
.
============= FINISH: 19:37:17.12 ===============

Edited by hamluis, 06 January 2015 - 08:30 PM.
Moved from Win 7 to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 Barbarictoaster

Barbarictoaster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 07 January 2015 - 11:34 AM

bump?



#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 AM

Posted 07 January 2015 - 04:40 PM

Hey my friend. Sorry for the delay. Please note that we have all a private life, you have been waiting for 1 day ... that's not very long to be honest. But don't worry, I normally online more times on a day.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Barbarictoaster

Barbarictoaster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 07 January 2015 - 04:47 PM

Thank you for your reply, here are the copies of the files:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Samantha (administrator) on BATGIRL on 07-01-2015 16:43:25
Running from C:\Users\Samantha\Downloads
Loaded Profile: Samantha (Available profiles: Samantha)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.2.0\ScriptHelper.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2015-01-06] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKU\S-1-5-21-2149776902-1545478763-3826053741-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2149776902-1545478763-3826053741-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2149776902-1545478763-3826053741-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={490599CB-7C16-466B-8157-31E803F4AF76}&mid=0aa77360883047cdb062f18676760376-77951e45332c68f3b04186a986a7e014732107ae&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-06 22:12:43&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-06]
CHR Extension: (YouTube) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Google Wallet) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2015-01-06] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2015-01-06] (AVG Technologies)
R2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 16:43 - 2015-01-07 16:44 - 00009510 _____ () C:\Users\Samantha\Downloads\FRST.txt
2015-01-07 16:42 - 2015-01-07 16:43 - 00000000 ____D () C:\FRST
2015-01-07 16:42 - 2015-01-07 16:42 - 02124288 _____ (Farbar) C:\Users\Samantha\Downloads\FRST64.exe
2015-01-07 12:26 - 2015-01-07 12:26 - 00000000 ____D () C:\Users\Samantha\Documents\Banished
2015-01-07 12:19 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-07 12:19 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-07 12:19 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-07 12:19 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-07 12:19 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-07 12:19 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-07 12:19 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-07 12:19 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-07 12:19 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-07 12:19 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-07 12:19 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-07 12:19 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-07 12:19 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-07 12:19 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-07 12:19 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-07 12:19 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-07 12:19 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-07 12:19 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-07 12:19 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-07 12:19 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-07 12:19 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-07 12:19 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-07 12:19 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-07 12:19 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-07 12:19 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-07 12:19 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-07 12:19 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-07 12:19 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-07 12:19 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-07 12:19 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-07 12:19 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-07 12:19 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-01-07 12:19 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-07 12:19 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-01-07 12:19 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-07 12:19 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-07 12:19 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-07 12:19 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-07 12:19 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-07 12:19 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-07 12:19 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-07 12:19 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-07 12:19 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-07 12:19 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-07 12:19 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-07 12:19 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-07 12:19 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-07 12:19 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-07 12:19 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-07 12:19 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-07 12:19 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-07 12:19 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-07 12:19 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-07 12:19 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-07 12:19 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-07 12:19 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-07 12:19 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-07 12:19 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-07 12:19 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-07 12:19 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-07 12:19 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-07 12:19 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-07 12:19 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-07 12:19 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-07 12:19 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-07 12:19 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-07 12:19 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-07 12:19 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-07 12:19 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-07 12:19 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-07 12:19 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-07 12:19 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-07 12:19 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-07 12:19 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-07 12:19 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-07 12:19 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-07 12:19 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-07 12:19 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-07 12:19 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-07 12:19 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-07 12:19 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-07 12:19 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-07 12:19 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-07 12:19 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-07 12:19 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-07 12:19 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-07 12:19 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-07 12:19 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-07 12:19 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-07 12:19 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-07 12:19 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-07 12:19 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-07 12:19 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-07 12:19 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-07 12:19 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-07 12:19 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-07 12:19 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-07 12:19 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-07 12:19 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-07 12:19 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-07 12:19 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-07 12:19 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-07 12:19 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-07 12:19 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-07 12:19 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-07 12:19 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-07 12:19 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-07 12:19 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-07 12:19 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-07 12:19 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-07 12:19 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-07 12:19 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-07 12:19 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-07 12:19 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-07 12:19 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-07 12:19 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-07 12:19 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-07 12:19 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-07 12:19 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-07 12:19 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-07 12:19 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-07 12:19 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-07 12:19 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-07 12:19 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-07 12:18 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-07 12:18 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-07 12:18 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-07 12:18 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-07 12:18 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-07 12:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-07 12:18 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-07 12:18 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-07 12:18 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-07 12:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-07 12:18 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-07 12:18 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-07 12:18 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-07 12:18 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-07 12:18 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-07 12:18 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-07 12:18 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-07 12:18 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-07 12:18 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-07 12:18 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-07 12:18 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-07 12:18 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-07 12:18 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-07 12:18 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-07 12:18 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-07 12:18 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-07 12:18 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-07 12:18 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-07 12:18 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-07 12:18 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-07 12:18 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-07 12:18 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-07 12:18 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-07 12:18 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-07 12:18 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-07 12:18 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-07 12:18 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-07 12:18 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-07 12:18 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-07 12:18 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-07 12:13 - 2015-01-07 12:19 - 00011182 _____ () C:\Windows\DirectX.log
2015-01-07 12:13 - 2015-01-07 12:13 - 00315624 _____ (Microsoft Corporation) C:\Users\Samantha\Downloads\dxwebsetup.exe
2015-01-07 12:13 - 2015-01-07 12:13 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-07 11:41 - 2015-01-07 11:41 - 00000000 ____D () C:\ProgramData\ATI
2015-01-07 11:40 - 2015-01-07 15:41 - 00000000 ____D () C:\Users\Samantha\AppData\Roaming\Raptr
2015-01-07 11:40 - 2015-01-07 11:40 - 00000000 ____D () C:\Users\Samantha\AppData\Roaming\library_dir
2015-01-07 11:40 - 2015-01-07 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-01-07 11:40 - 2015-01-07 11:40 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-07 11:40 - 2015-01-07 11:40 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-07 11:39 - 2015-01-07 11:39 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201501071139557690.log
2015-01-07 11:39 - 2015-01-07 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-07 11:37 - 2015-01-07 11:37 - 00000000 ____D () C:\Windows\LastGood
2015-01-07 11:36 - 2015-01-07 11:36 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-07 11:35 - 2015-01-07 11:35 - 00000000 ____D () C:\AMD
2015-01-07 11:33 - 2015-01-07 11:33 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Samantha\Downloads\autodetectutility.exe
2015-01-07 09:28 - 2015-01-07 09:28 - 00007014 _____ () C:\Users\Samantha\Downloads\ESETPoweliksCleaner.exe_20150107.092815.4320.log
2015-01-07 09:22 - 2015-01-07 09:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 09:22 - 2015-01-07 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-07 09:22 - 2015-01-07 09:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 09:22 - 2015-01-07 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 09:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-07 09:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 09:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 09:21 - 2015-01-07 09:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Samantha\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-06 22:16 - 2015-01-06 22:16 - 00000000 ____D () C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-06 22:13 - 2015-01-07 09:20 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-01-06 22:13 - 2015-01-07 09:17 - 00000000 ____D () C:\Users\Samantha\AppData\Local\AVG Web TuneUp
2015-01-06 22:12 - 2015-01-06 22:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-01-06 22:12 - 2015-01-06 22:12 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-01-06 22:12 - 2015-01-06 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-01-06 22:12 - 2015-01-06 22:11 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2015-01-06 21:59 - 2015-01-06 21:59 - 00000000 ____D () C:\Users\Samantha\AppData\Roaming\AVG2015
2015-01-06 21:58 - 2015-01-06 21:58 - 00000000 ____D () C:\Users\Samantha\AppData\Roaming\TuneUp Software
2015-01-06 21:58 - 2015-01-06 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-06 21:58 - 2015-01-06 21:58 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-06 21:57 - 2015-01-06 21:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-06 21:56 - 2015-01-07 09:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-06 21:56 - 2015-01-06 22:11 - 00000000 ____D () C:\Users\Samantha\AppData\Local\Avg2015
2015-01-06 21:56 - 2015-01-06 21:56 - 00000000 ____D () C:\Users\Samantha\AppData\Local\MFAData
2015-01-06 21:55 - 2015-01-06 21:56 - 04637504 _____ (AVG Technologies) C:\Users\Samantha\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-06 21:47 - 2015-01-06 21:47 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-06 21:44 - 2015-01-06 21:44 - 00066505 _____ () C:\Windows\SysWOW64\CCCInstall_201501062144168786.log
2015-01-06 21:44 - 2015-01-06 21:44 - 00000000 ____D () C:\Users\Samantha\AppData\Roaming\ATI
2015-01-06 21:44 - 2015-01-06 21:44 - 00000000 ____D () C:\Users\Samantha\AppData\Local\ATI
2015-01-06 21:44 - 2015-01-06 21:44 - 00000000 ____D () C:\Users\Samantha\AppData\Local\AMD
2015-01-06 21:43 - 2015-01-07 11:40 - 00000000 ____D () C:\ProgramData\AMD
2015-01-06 21:42 - 2015-01-07 11:39 - 00000000 ____D () C:\Program Files\AMD
2015-01-06 21:42 - 2015-01-06 21:42 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-06 21:42 - 2013-12-06 13:38 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2015-01-06 21:42 - 2013-12-06 13:38 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2015-01-06 21:42 - 2013-12-06 13:38 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2015-01-06 21:42 - 2013-12-06 13:38 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2015-01-06 21:42 - 2013-12-06 12:39 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2015-01-06 21:42 - 2013-12-06 12:39 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2015-01-06 21:42 - 2013-12-06 12:39 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2015-01-06 21:42 - 2013-12-06 12:39 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2015-01-06 21:42 - 2013-09-30 12:48 - 00047887 _____ () C:\Windows\atiogl.xml
2015-01-06 21:42 - 2011-09-12 14:06 - 00003917 _____ () C:\Windows\SysWOW64\atipblag.dat
2015-01-06 21:42 - 2011-09-12 14:06 - 00003917 _____ () C:\Windows\system32\atipblag.dat
2015-01-06 21:39 - 2015-01-06 21:39 - 00757660 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-06 21:36 - 2015-01-06 21:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-06 21:35 - 2015-01-07 12:20 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-06 21:35 - 2015-01-07 11:38 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-01-06 21:35 - 2015-01-06 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-06 21:35 - 2015-01-06 21:35 - 00000000 ____D () C:\Program Files\ATI
2015-01-06 21:33 - 2015-01-06 21:33 - 01142128 _____ () C:\Users\Samantha\Downloads\SteamSetup.exe
2015-01-06 19:40 - 2015-01-06 19:40 - 00007014 _____ () C:\Users\Samantha\Downloads\ESETPoweliksCleaner.exe_20150106.194056.2260.log
2015-01-06 19:36 - 2015-01-06 19:36 - 00688992 ____R (Swearware) C:\Users\Samantha\Downloads\dds.com
2015-01-06 19:30 - 2015-01-06 19:30 - 00007080 _____ () C:\Users\Samantha\Downloads\ESETPoweliksCleaner.exe_20150106.193006.300.log
2015-01-06 19:30 - 2015-01-06 19:30 - 00007014 _____ () C:\Users\Samantha\Downloads\ESETPoweliksCleaner.exe_20150106.193016.2544.log
2015-01-06 19:28 - 2015-01-06 19:28 - 02347384 _____ (ESET) C:\Users\Samantha\Downloads\esetsmartinstaller_enu.exe
2015-01-06 19:28 - 2015-01-06 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-06 19:26 - 2015-01-06 19:26 - 00186568 _____ (ESET) C:\Users\Samantha\Downloads\ESETPoweliksCleaner.exe
2015-01-06 19:26 - 2015-01-06 19:26 - 00007080 _____ () C:\Users\Samantha\Downloads\ESETPoweliksCleaner.exe_20150106.192639.2544.log
2015-01-06 18:28 - 2015-01-06 20:34 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-06 18:28 - 2015-01-06 18:28 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-06 18:12 - 2015-01-06 18:28 - 18423384 _____ () C:\Users\Samantha\Downloads\RogueKillerX64.exe
2015-01-06 18:04 - 2015-01-07 16:09 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 18:04 - 2015-01-06 21:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 18:04 - 2015-01-06 18:04 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-06 18:04 - 2015-01-06 18:04 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-06 18:04 - 2015-01-06 18:04 - 00000000 ____D () C:\Users\Samantha\AppData\Local\Google
2015-01-06 18:04 - 2015-01-06 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-06 18:04 - 2015-01-06 18:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-06 18:03 - 2015-01-06 18:04 - 00000000 ____D () C:\Users\Samantha\AppData\Local\Deployment
2015-01-06 18:03 - 2015-01-06 18:03 - 00057560 _____ () C:\Users\Samantha\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-06 18:03 - 2015-01-06 18:03 - 00000000 ____D () C:\Users\Samantha\AppData\Local\Apps\2.0
2015-01-06 18:02 - 2015-01-06 18:02 - 00001447 _____ () C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-06 18:02 - 2015-01-06 18:02 - 00001413 _____ () C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-06 18:02 - 2015-01-06 18:02 - 00000020 ___SH () C:\Users\Samantha\ntuser.ini
2015-01-06 18:02 - 2015-01-06 18:02 - 00000000 ____D () C:\Users\Samantha\AppData\Local\VirtualStore
2015-01-06 18:02 - 2015-01-06 18:02 - 00000000 ____D () C:\Users\Samantha
2015-01-06 18:02 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-06 18:02 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 17:42 - 2015-01-06 17:42 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-06 17:42 - 2015-01-06 17:42 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-01-06 17:42 - 2015-01-06 17:42 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-01-06 17:41 - 2015-01-07 09:17 - 00017504 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 17:35 - 2015-01-06 18:02 - 00000000 ____D () C:\Windows\Panther
2015-01-06 17:22 - 2015-01-06 17:22 - 00000000 ____D () C:\Windows.old
2015-01-06 10:25 - 2015-01-06 10:25 - 00000000 ___HD () C:\$AVG
2015-01-06 09:49 - 2015-01-06 18:13 - 00000000 ____D () C:\AdwCleaner
2014-12-24 17:44 - 2015-01-06 17:49 - 00000000 __SHD () C:\Recovery
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 15:17 - 2009-07-13 20:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 15:17 - 2009-07-13 20:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 11:40 - 2009-07-13 21:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 11:37 - 2009-07-13 20:51 - 00024019 _____ () C:\Windows\setupact.log
2015-01-06 21:47 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 21:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-06 21:36 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-06 18:16 - 2010-11-20 19:47 - 00005090 _____ () C:\Windows\PFRO.log
2015-01-06 18:02 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-06 18:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-06 17:59 - 2009-07-13 20:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 17:52 - 2009-07-13 20:51 - 00000268 _____ () C:\Windows\setuperr.log
2015-01-06 17:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-06 17:42 - 2009-07-13 20:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-06 17:42 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-06 17:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-06 17:39 - 2011-04-12 00:28 - 00000000 ____D () C:\Windows\CSC
2015-01-06 17:35 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-06 17:35 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
 
Some content of TEMP:
====================
C:\Users\Samantha\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
C:\Users\Samantha\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Samantha\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Samantha\AppData\Local\Temp\Quarantine.exe
C:\Users\Samantha\AppData\Local\Temp\raptrpatch.exe
C:\Users\Samantha\AppData\Local\Temp\raptr_stub.exe
C:\Users\Samantha\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-06 21:01
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Samantha at 2015-01-07 16:44:26
Running from C:\Users\Samantha\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
06-01-2015 21:36:06 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
06-01-2015 21:41:22 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
06-01-2015 21:57:38 Installed AVG 2015
06-01-2015 21:57:59 Installed AVG 2015
07-01-2015 12:17:50 Installed DirectX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {DBD09FCD-DF4E-40BB-B683-E37A5ACBD6F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F923AF56-7FE3-4087-B584-8115FD936E59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-06 22:12 - 2015-01-06 22:11 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2015-01-06 22:12 - 2015-01-06 22:11 - 03081752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-06 22:12 - 2015-01-06 22:11 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-01-06 22:12 - 2015-01-06 22:11 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2015-01-06 22:12 - 2015-01-06 22:11 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-01-06 21:37 - 2014-11-11 10:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-06 21:37 - 2014-11-11 10:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-06 21:37 - 2014-11-11 10:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-06 21:37 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-06 21:37 - 2014-11-18 12:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-06 21:37 - 2014-11-11 10:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-06 21:37 - 2014-11-11 10:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-06 21:37 - 2014-11-18 12:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-06 21:37 - 2014-11-11 10:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-06 21:37 - 2014-11-11 10:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-13 16:37 - 2014-08-13 16:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 16:37 - 2014-08-13 16:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 16:05 - 2013-11-20 16:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2014-12-08 11:17 - 2014-12-08 11:17 - 02519808 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL
2010-11-22 14:57 - 2010-11-22 14:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 16:56 - 2014-06-17 16:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 15:06 - 2010-11-22 15:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-01-06 18:04 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-06 18:04 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-06 18:04 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-06 18:04 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2149776902-1545478763-3826053741-500 - Administrator - Disabled)
Guest (S-1-5-21-2149776902-1545478763-3826053741-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2149776902-1545478763-3826053741-1002 - Limited - Enabled)
Samantha (S-1-5-21-2149776902-1545478763-3826053741-1001 - Administrator - Enabled) => C:\Users\Samantha
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Coprocessor
Description: Coprocessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2015 10:06:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/07/2015 09:28:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/06/2015 10:10:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/06/2015 10:10:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/06/2015 10:10:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/06/2015 10:10:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/06/2015 10:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/06/2015 09:49:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/06/2015 09:01:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/06/2015 07:30:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (01/06/2015 10:49:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (01/06/2015 09:39:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/06/2015 09:39:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (01/07/2015 10:06:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (01/07/2015 09:28:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Samantha\Downloads\esetsmartinstaller_enu.exe
 
Error: (01/06/2015 10:10:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/06/2015 10:10:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/06/2015 10:10:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/06/2015 10:10:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/06/2015 10:10:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/06/2015 09:49:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/06/2015 09:01:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (01/06/2015 07:30:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Samantha\Downloads\esetsmartinstaller_enu.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 965 Processor
Percentage of memory in use: 26%
Total physical RAM: 8191.18 MB
Available physical RAM: 6007.08 MB
Total Pagefile: 16380.56 MB
Available Pagefile: 9982.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:596.07 GB) (Free:506.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 AM

Posted 07 January 2015 - 05:02 PM

Your system appears to be clean. What's your problem? :)
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2149776902-1545478763-3826053741-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={490599CB-7C16-466B-8157-31E803F4AF76}&mid=0aa77360883047cdb062f18676760376-77951e45332c68f3b04186a986a7e014732107ae&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-06 22:12:43&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Barbarictoaster

Barbarictoaster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 07 January 2015 - 05:06 PM

Programs like Steam are freezing up, websites are freezing up and everytime I open chrome I have 4+ copies that say chrome.exe *32 and some of my other running processes have a *32 after them now.

 

I will do what you suggested in your last post now.



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 AM

Posted 07 January 2015 - 05:12 PM

Hey,
look here: http://www.bilder-upload.eu/show.php?file=9eb32d-1420668784.png

That's on my system. The *32 means that it is 32bit program (or it runs in 32bit mode). No need to worry about it. It is completely normal. :)

Can you give me your system specs?

Cheers

PS: I'm waiting for the Fixlog.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Barbarictoaster

Barbarictoaster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 07 January 2015 - 05:24 PM

But is it normal for them all to be using between 12k & 74k memory each? (see picture)

 

QKtgZ18.png

 

Here is the fixlog and system specs?

 

9Bpol67.png

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Samantha at 2015-01-07 17:08:35 Run:1
Running from C:\Users\Samantha\Desktop
Loaded Profile: Samantha (Available profiles: Samantha)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2149776902-1545478763-3826053741-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={490599CB-7C16-466B-8157-31E803F4AF76}&mid=0aa77360883047cdb062f18676760376-77951e45332c68f3b04186a986a7e014732107ae&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-06 22:12:43&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
EmptyTemp:
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2149776902-1545478763-3826053741-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
EmptyTemp: => Removed 726 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:08:57 ====


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 AM

Posted 07 January 2015 - 05:35 PM

Hi,

On the Second Picture please click on "Your Windows Experience Index needs to be refreshed" , then follow the onscreen instructions.

But is it normal for them all to be using between 12k & 74k memory each? (see picture)

Depends on what you are doing. ;) For me it looks quite similar to mine.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Barbarictoaster

Barbarictoaster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 07 January 2015 - 05:41 PM

Depends on what you are doing. ;) For me it looks quite similar to mine.

 

 

I have 1 tab open and it's for this post when it's like that.

 

 

Here is the updated performance score:

yJJmOZ3.png


Edited by Barbarictoaster, 07 January 2015 - 05:47 PM.


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 AM

Posted 07 January 2015 - 05:46 PM

For example one tab needs for me nearly 120 MB ... so don't worry. :)

chkdsk /f

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
  • Click on the Start Start%20Orb.jpg button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    chkdsk C: /f

  • Reboot
  • Download ListChkdskResult.exe (by SleepyDude) from the link below:

    https://dl.dropboxusercontent.com/u/12354842/My%20Tools/ListChkdskResult.exe
  • Double click on it to run it. It will take a few seconds to scan, then it will open a Notepad window with the log. Copy and paste the contents of this into your next post please!

Edited by Machiavelli, 07 January 2015 - 05:47 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Barbarictoaster

Barbarictoaster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 07 January 2015 - 05:57 PM

Here you go :)

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 1/7/2015 5:57:35 PM >------
Category: 0
Computer Name: Batgirl
Event Code: 1001
Record Number: 1162
Source Name: Microsoft-Windows-Wininit
Time Written: 01-08-2015 @ 01:54:58
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
 
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 3)...
  255744 file records processed.                                         
 
File verification completed.
  397 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  4 EA records processed.                                           
 
  91 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
  337374 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  255744 file SDs/SIDs processed.                                        
 
Cleaning up 1528 unused index entries from index $SII of file 0x9.
Cleaning up 1528 unused index entries from index $SDH of file 0x9.
Cleaning up 1528 unused security descriptors.
Security descriptor verification completed.
  40816 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  34906368 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
 
 625027071 KB total disk space.
  93442036 KB in 211936 files.
    141844 KB in 40817 indexes.
         0 KB in bad sectors.
    376675 KB in use by the system.
     65536 KB occupied by the log file.
 531066516 KB available on disk.
 
      4096 bytes in each allocation unit.
 156256767 total allocation units on disk.
 132766629 allocation units available on disk.
 
Internal Info:
00 e7 03 00 5b db 03 00 88 7a 07 00 00 00 00 00  ....[....z......
7e a1 00 00 5b 00 00 00 00 00 00 00 00 00 00 00  ~...[...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
-----------------------------------------------------------------------


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 AM

Posted 07 January 2015 - 06:05 PM

Looks good. Does your system behave better now? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 Barbarictoaster

Barbarictoaster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 07 January 2015 - 06:07 PM

It seems to be... nothing is moving slow or freezing... thank you for your time!


Edited by Barbarictoaster, 07 January 2015 - 06:07 PM.


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 AM

Posted 07 January 2015 - 06:12 PM

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users