Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows repair problem signature


  • This topic is locked This topic is locked
10 replies to this topic

#1 Pilot49

Pilot49

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 25 October 2015 - 09:15 AM

Hi, I am new here and in need of help. My PC has been constantly filling my C flash memory drive with unknown fies, seems to be a lot of Windows stuff. It failed to start, and I ran system repair and this is the message I recieved:

 

Problem Event Name: StartupRepairOffline
  Problem Signature 01: 6.1.7600.16385
  Problem Signature 02: 6.1.7600.16385
  Problem Signature 03: unknown
  Problem Signature 04: 21201040
  Problem Signature 05: SystemDisk
  Problem Signature 06: 4
  Problem Signature 07: NoRootCause
  OS Version: 6.1.7600.2.0.0.256.1
  Locale ID: 1033
 
I read one of the posts here and ran the Farbar Recovery Scan Tool and this is the text log file:
 

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 01
Ran by SYSTEM on MININT-DHNOPPU (25-10-2015 08:44:12)
Running from h:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [911160 2009-10-26] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1069008 2015-04-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3778472 2015-10-05] (AVG Technologies CZ, s.r.o.)
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Steven Banker\...\Run: [Dropbox Update] => C:\Users\Steven Banker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-22] (Dropbox, Inc.)
HKU\Steven Banker\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\Steven Banker\...\Run: [Google Update] => C:\Users\Steven Banker\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\Steven Banker\...\Run: [MusicManager] => C:\Users\Steven Banker\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
Startup: C:\Users\Steven Banker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-14]
ShortcutTarget: Dropbox.lnk ->  (No File)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1563664 2015-10-05] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-05] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-05] (AVG Technologies CZ, s.r.o.)
S2 gupdate1ca7a1c8e2a6f35; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-19] (Google Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 TPCHSrv; C:\Program Files (x86)\TOSHIBA\TPHM\TPCHSrv.exe [636272 2009-06-23] (TOSHIBA Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
S2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] ()
S3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
S3 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
S2 HPSLPSVC; C:\Users\STEVEN~1\AppData\Local\Temp\7zS5FBE\hpslpsvc64.dll [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314800 2015-10-05] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 JeppDrive; C:\Windows\System32\Drivers\JeppDrive.sys [28472 2012-01-27] (SMART Modular)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S4 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-02-18] (Acronis)
S3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] ()
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 TMAgent; no ImagePath
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys 27DABFB4A6B0140C34DBEC713469592B
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 52BD95CAA9CAE8977FE043E9AD6D2D0E
C:\Windows\System32\DRIVERS\avgdiska.sys E7C8FBDCB1C079C332F962DD1C075E5E
C:\Windows\System32\DRIVERS\avgfwd6a.sys F5C6FDB62261A7CF9E5BC59BA2D91A43
C:\Windows\System32\DRIVERS\avgidsdrivera.sys D462B199243533D5DA4EA32AD8CFA3C2
C:\Windows\System32\DRIVERS\avgidsha.sys 87AC702B45501609BE76F703A73FD558
C:\Windows\System32\DRIVERS\avgldx64.sys 0CFB17D66DC1D76214F50E33C41CC8B6
C:\Windows\System32\DRIVERS\avgloga.sys 7EC2B7BBA7A30691D2E0D8478F219B90
C:\Windows\System32\DRIVERS\avgmfx64.sys 93B6EF1B73E7AF384F2574F7FB4282F5
C:\Windows\System32\DRIVERS\avgrkx64.sys 719EF00B1C5BED9CF5675274A4F774B9
C:\Windows\System32\DRIVERS\avgtdia.sys 3D295116030186FC6A014CA5388A4A55
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\Dot4Scan.sys 488669CD1CD3BDCFDD9A5FDA72209069
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fltsrv.sys E94E042BC24BB301767A8125D529B705
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\System32\DRIVERS\FwLnk.sys 6D06B5EEBBA23C16789EFC820EE1F253
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\Drivers\JeppDrive.sys BF32EB174F8786955191B7E9D168A378
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys A405647429DE231CD954D93F792CFBA2
C:\Windows\System32\Drivers\ksecpkg.sys E4DC0909B5EACB5BF50F6252095BCFF2
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 43E1F4B0EFDC244D2A83995CCD7846F7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 62CEA59FF56B66154E08BD51D87392C2
C:\Windows\System32\DRIVERS\mrxsmb20.sys 7D65B5E9573A26C204AA547457DBF544
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s64.sys 39EDE676D17F37AF4573C2B33EC28ACA
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\pneteth.sys A010F13D27C1033A8BE09D5FA9BF348B
C:\Windows\System32\DRIVERS\pnetmdm64.sys 06841F5CD8410B6BDC0B5A631B8F8787
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rimspe64.sys E20B1907FC72A3664ECE21E3C20FC63D
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys C903D49655B4AAE46673F0AAA6BE0F58
C:\Windows\System32\DRIVERS\risdpe64.sys 7DDA2E5CF452DAD24B1BE704225C18EE
C:\Windows\System32\DRIVERS\rixdpe64.sys 6A1CD4674505E6791390A1AB71DA1FBE
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 57D63DB8BC5C3D9A1F2E2BBDAE8492B6
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\thpdrv.sys C013F6ACAA9761F571BD28DADA7C157D
C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38
C:\Windows\System32\DRIVERS\tosporte.sys 8021F63311797085949FA387F7C83583
C:\Windows\System32\DRIVERS\tosrfbd.sys 71BB669BFCADE1580FDCE010ABC76310
C:\Windows\System32\Drivers\tosrfbnp.sys 62512B5277D88600F8BD4B7AEC43569D
C:\Windows\System32\Drivers\tosrfcom.sys C523A9186C39D65CC9ADEBB2E1B93CCD
C:\Windows\System32\DRIVERS\tosrfec.sys 11699D47B3491D86249C168496D55C92
C:\Windows\System32\DRIVERS\Tosrfhid.sys 451B8C1815C6CC39650AF916C2A382CD
C:\Windows\System32\DRIVERS\tosrfnds.sys B6FDC3C76FFE9C5171EEA9C37EA367C2
C:\Windows\System32\drivers\tosrfsnd.sys E1E045240C1184FA6628F3C7E7FF85D8
C:\Windows\System32\DRIVERS\tosrfusb.sys DA7AA562448E29CA895895920BFF8946
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys DB3C912A851FCA6358FED4D53DAA7E91
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 758A5B01242CB5660F0103CD2E9595FA
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsflt61.sys 2DFD1EB9DE564460003DE1605A275E8D
C:\Windows\System32\DRIVERS\vncmirror.sys 93F279A2C172562050700A18FA84BE2E
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vuhub.sys E07D31EE76EE18BFCA49AD9A89782D43
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\system32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-25 08:25 - 2015-10-25 08:44 - 00000000 ___DC C:\FRST
2015-10-25 04:24 - 2015-10-25 04:24 - 00443368 _____ C:\Windows\System32\FNTCACHE.DAT
2015-10-25 04:24 - 2015-10-25 04:24 - 00000316 _____ C:\Windows\PFRO.log
2015-10-24 15:20 - 2015-10-25 03:42 - 00000448 _____ C:\Windows\setupact.log
2015-10-24 15:20 - 2015-10-24 15:20 - 00000000 _____ C:\Windows\setuperr.log
2015-10-24 15:01 - 2015-10-24 15:01 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-20 17:32 - 2015-09-18 11:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-10-20 17:32 - 2015-09-18 11:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-10-20 17:32 - 2015-09-18 11:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-10-20 17:32 - 2015-09-18 11:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-10-20 17:32 - 2015-09-18 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-10-20 17:32 - 2015-09-18 11:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-10-20 17:32 - 2015-09-18 11:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-10-20 17:32 - 2015-06-03 12:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-10-20 17:13 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-10-20 17:13 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-10-20 17:13 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-10-20 17:13 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-10-20 17:13 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-10-20 17:13 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-10-20 17:13 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-10-20 17:13 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-20 17:13 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-10-20 17:09 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2015-10-20 17:09 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2015-10-20 16:56 - 2015-08-05 09:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-10-20 16:56 - 2015-08-05 09:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2015-10-20 16:56 - 2015-08-05 09:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-10-18 07:44 - 2015-10-18 07:44 - 00000000 _RHDC C:\MSOCache
2015-10-15 17:19 - 2009-07-28 12:48 - 00140632 _____ (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
2015-10-14 18:53 - 2015-10-14 18:53 - 00003584 _____ C:\Users\Steven Banker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-10 05:08 - 2015-07-14 19:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\basesrv.dll
2015-10-10 05:03 - 2015-04-27 11:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-10-10 05:03 - 2015-04-27 11:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-10-10 05:03 - 2015-04-27 11:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-10-10 05:03 - 2015-04-27 11:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2015-10-10 05:03 - 2015-04-27 11:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-10-10 05:03 - 2015-04-27 11:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-10-10 05:03 - 2015-04-27 11:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-10-10 05:03 - 2015-04-27 11:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-10-10 04:58 - 2015-07-04 10:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2015-10-10 04:58 - 2015-07-04 09:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-10-10 04:57 - 2015-08-26 10:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-10-10 04:57 - 2015-08-26 10:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-10-10 04:57 - 2015-08-26 10:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-10-10 04:57 - 2015-08-26 10:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-10-10 04:57 - 2015-08-26 10:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-10-10 04:57 - 2015-08-26 10:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-10-10 04:57 - 2015-08-26 10:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-10-10 04:57 - 2015-08-26 10:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-10-10 04:57 - 2015-08-26 10:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-10-10 04:57 - 2015-08-26 10:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-10-10 04:57 - 2015-08-26 10:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-10-10 04:57 - 2015-08-26 09:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-10 04:57 - 2015-08-26 09:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-10 04:57 - 2015-08-26 09:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-10 04:57 - 2015-08-26 09:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-10 04:57 - 2015-08-26 09:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-10 00:40 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2015-10-10 00:40 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-10-10 00:40 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-10-10 00:11 - 2015-07-30 05:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-10-10 00:11 - 2015-07-30 05:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-09 16:54 - 2015-10-09 16:54 - 00000000 __HDC C:\$Windows.~WS
2015-10-09 10:32 - 2015-06-01 16:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\System32\cewmdm.dll
2015-10-09 10:32 - 2015-06-01 15:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-10-09 10:31 - 2015-04-17 19:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2015-10-09 10:31 - 2015-04-17 18:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-10-09 10:30 - 2015-06-17 09:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-10-09 10:30 - 2015-06-17 09:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-10-09 10:30 - 2015-06-15 13:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-10-09 10:30 - 2015-06-15 13:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-10-09 10:29 - 2015-07-30 10:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-10-09 10:29 - 2015-07-30 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-10-09 10:29 - 2015-07-30 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-10-09 10:29 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-10-09 10:29 - 2015-07-30 09:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-10-09 10:29 - 2015-06-15 13:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2015-10-09 10:29 - 2015-06-15 13:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2015-10-09 10:29 - 2015-06-15 13:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\System32\msiexec.exe
2015-10-09 10:29 - 2015-06-15 13:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-10-09 10:29 - 2015-06-15 13:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\msimsg.dll
2015-10-09 10:29 - 2015-06-15 13:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-10-09 10:28 - 2015-07-22 16:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-10-09 10:28 - 2015-07-22 16:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-10-09 10:28 - 2015-07-22 16:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-10-09 10:28 - 2015-07-22 16:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-10-09 10:28 - 2015-07-22 16:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-10-09 10:28 - 2015-07-22 16:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-10-09 10:28 - 2015-07-22 16:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-10-09 10:28 - 2015-07-22 16:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-10-09 10:28 - 2015-07-22 16:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-10-09 10:28 - 2015-07-22 16:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-10-09 10:28 - 2015-07-22 16:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-10-09 10:28 - 2015-07-22 16:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-10-09 10:28 - 2015-07-22 16:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-10-09 10:28 - 2015-07-22 16:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-10-09 10:28 - 2015-07-22 15:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-10-09 10:28 - 2015-07-22 15:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 15:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-10-09 10:28 - 2015-07-22 09:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-09 10:28 - 2015-07-22 09:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-09 10:28 - 2015-07-22 09:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-09 10:28 - 2015-07-22 09:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-09 10:28 - 2015-07-22 09:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-09 10:28 - 2015-07-22 09:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-09 10:28 - 2015-07-22 09:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-09 10:28 - 2015-07-22 09:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-09 10:28 - 2015-07-22 09:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-09 10:28 - 2015-07-22 09:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-09 10:28 - 2015-07-22 09:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-09 10:28 - 2015-07-22 09:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-09 10:28 - 2015-07-22 09:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
2015-10-09 10:28 - 2015-07-22 08:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-10-09 10:28 - 2015-07-22 08:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-10-09 10:28 - 2015-07-22 08:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-10-09 10:28 - 2015-07-22 08:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-09 10:28 - 2015-07-22 08:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-09 10:28 - 2015-07-22 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-09 10:28 - 2015-07-22 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-09 10:09 - 2015-10-09 12:35 - 00000000 ____D C:\Windows\Panther
2015-10-09 10:08 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2015-10-09 10:08 - 2015-06-25 02:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2015-10-09 10:08 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2015-10-09 10:08 - 2015-06-25 01:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-10-09 10:06 - 2015-08-27 10:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-10-09 10:06 - 2015-08-27 10:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-10-09 10:06 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2015-10-09 10:06 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-10-09 10:06 - 2015-08-27 09:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-09 10:06 - 2015-08-27 09:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-09 10:06 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-10-09 10:06 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-10-09 08:47 - 2015-07-01 12:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2015-10-09 08:47 - 2015-07-01 12:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2015-10-09 08:47 - 2015-07-01 12:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-10-09 08:47 - 2015-07-01 12:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-10-09 08:43 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2015-10-09 08:37 - 2015-06-09 10:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2015-10-09 08:37 - 2015-06-09 10:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-10-09 08:30 - 2015-07-10 09:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-10-09 08:30 - 2015-07-10 09:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-09 08:27 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-10-09 08:27 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-10-09 08:27 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-10-09 08:27 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-10-09 08:27 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-10-09 08:27 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-10-09 08:27 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-10-09 08:27 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-10-09 08:27 - 2015-09-01 17:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-10-09 08:27 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-10-09 08:27 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-10-09 07:43 - 2015-04-29 10:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2015-10-09 07:43 - 2015-04-29 10:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2015-10-09 07:43 - 2015-04-29 10:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2015-10-09 07:43 - 2015-04-29 10:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2015-10-09 07:43 - 2015-04-29 10:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2015-10-09 07:43 - 2015-04-29 10:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-10-09 07:43 - 2015-04-29 10:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-10-09 07:43 - 2015-04-29 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-10-09 07:43 - 2015-04-29 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-10-09 07:43 - 2015-04-29 10:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-10-09 07:42 - 2015-05-25 10:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\System32\sechost.dll
2015-10-09 07:42 - 2015-05-25 10:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\System32\tracerpt.exe
2015-10-09 07:42 - 2015-05-25 10:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\logman.exe
2015-10-09 07:42 - 2015-05-25 10:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\typeperf.exe
2015-10-09 07:42 - 2015-05-25 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\relog.exe
2015-10-09 07:42 - 2015-05-25 10:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\diskperf.exe
2015-10-09 07:42 - 2015-05-25 10:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-10-09 07:42 - 2015-05-25 10:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-10-09 07:42 - 2015-05-25 10:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-10-09 07:42 - 2015-05-25 10:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-10-09 07:42 - 2015-05-25 10:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-10-09 07:42 - 2015-05-25 10:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-10-09 07:41 - 2015-04-24 10:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2015-10-09 07:41 - 2015-04-24 09:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-10-09 07:08 - 2015-10-09 07:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-05 08:14 - 2015-10-05 08:14 - 00314800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\Program Files (x86)\GUM6CD0.tmp
2015-09-11 15:03 - 2015-09-11 15:03 - 00000000 ____D C:\Program Files (x86)\GUM7C3B.tmp
2015-08-19 08:53 - 2015-08-19 08:53 - 00297904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsha.sys
2015-08-04 08:32 - 2015-08-04 08:32 - 00300464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2015-08-04 08:32 - 2015-08-04 08:32 - 00250800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2015-07-29 02:12 - 2015-07-29 02:12 - 00000000 ____D C:\Users\Steven Banker\AppData\Roaming\Mozilla
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-25 03:51 - 2013-11-18 05:01 - 01736880 _____ C:\Windows\WindowsUpdate.log
2015-10-25 03:48 - 2014-12-05 20:20 - 00000000 ____D C:\ProgramData\MFAData
2015-10-25 03:48 - 2009-07-13 20:45 - 00023072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-25 03:48 - 2009-07-13 20:45 - 00023072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-25 03:43 - 2015-05-22 05:36 - 00000950 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3770473405-2825206043-462295273-1001UA.job
2015-10-25 03:43 - 2013-01-02 13:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-25 03:43 - 2011-11-02 19:47 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3770473405-2825206043-462295273-1001UA.job
2015-10-25 03:43 - 2011-11-02 19:47 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3770473405-2825206043-462295273-1001Core.job
2015-10-25 03:43 - 2009-12-10 20:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-25 03:43 - 2009-12-10 20:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-24 15:01 - 2009-12-09 19:38 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-24 14:53 - 2015-05-22 05:36 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3770473405-2825206043-462295273-1001Core.job
2015-10-24 14:29 - 2012-02-04 18:02 - 00000000 ____D C:\Users\Steven Banker\AppData\Roaming\Dropbox
2015-10-24 14:28 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-23 06:12 - 2015-02-17 15:13 - 00000000 ____D C:\Users\Steven Banker\Desktop\Resume
2015-10-23 04:15 - 2014-12-13 18:00 - 00000000 ____D C:\Windows\System32\appraiser
2015-10-23 04:15 - 2014-05-06 15:16 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-10-23 04:15 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-22 17:31 - 2009-07-13 21:13 - 00836474 _____ C:\Windows\System32\PerfStringBackup.INI
2015-10-15 17:19 - 2009-12-05 16:39 - 00000000 ____D C:\Program Files\TOSHIBA
2015-10-15 17:19 - 2009-12-05 16:38 - 00000000 ____D C:\Program Files (x86)\Toshiba
2015-10-13 17:09 - 2009-07-13 21:08 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-12 17:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-10 00:29 - 2015-04-05 20:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-10 00:29 - 2015-04-05 20:17 - 00000000 ___SD C:\Windows\System32\GWX
2015-10-10 00:11 - 2013-08-16 04:00 - 00000000 ____D C:\Windows\System32\MRT
2015-10-09 12:17 - 2009-12-26 10:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-10-09 12:05 - 2010-05-02 11:59 - 00000000 ____D C:\Users\Steven Banker\AppData\Roaming\Seattle Avionics
2015-10-09 11:28 - 2009-12-16 09:31 - 00000000 ____D C:\Users\Steven Banker\AppData\Local\H&R Block
2015-10-09 05:33 - 2013-08-09 11:10 - 00000000 ____D C:\Users\Steven Banker\Desktop\Shortcuts
2015-10-09 04:03 - 2014-02-13 17:13 - 00000610 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3770473405-2825206043-462295273-1001.job
2015-10-09 03:32 - 2014-02-13 17:13 - 00003654 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3770473405-2825206043-462295273-1001
2015-10-09 03:32 - 2012-03-15 20:00 - 00003632 _____ C:\Windows\System32\Tasks\Launch HTC Sync Loader
2015-10-08 16:57 - 2013-08-08 16:26 - 00000000 ____D C:\Users\Steven Banker\AppData\Local\Citrix
2015-10-04 12:10 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
 
Files to move or delete:
====================
C:\Users\Steven Banker\A2mdlhlpx.exe
 
 
Some files in TEMP:
====================
C:\Users\Steven Banker\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv4rzyy.dll
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {97d780cc-e207-11de-97a9-9f1b59c141c1}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {97d780cc-e207-11de-97a9-9f1b59c141c1}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\97d780ce-e207-11de-97a9-9f1b59c141c1\Winre.wim,{97d780cf-e207-11de-97a9-9f1b59c141c1}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\97d780ce-e207-11de-97a9-9f1b59c141c1\Winre.wim,{97d780cf-e207-11de-97a9-9f1b59c141c1}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {97d780cc-e207-11de-97a9-9f1b59c141c1}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {97d780cf-e207-11de-97a9-9f1b59c141c1}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\97d780ce-e207-11de-97a9-9f1b59c141c1\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4093.98 MB
Available physical RAM: 3452.92 MB
Total Virtual: 4092.13 MB
Available Virtual: 3442.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:47.92 GB) (Free:0.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:298.09 GB) (Free:117.43 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:10.24 GB) (Free:10.1 GB) NTFS
Drive f: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
Drive h: (STORE'N'GO) (Removable) (Total:0.96 GB) (Free:0.92 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 436E4E87)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=47.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: F27E4E12)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 983 MB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-10-22 18:20
 
==================== End of FRST.txt ============================
 
Now what to do with this information?

Attached Files

  • Attached File  FRST.txt   71.91KB   0 downloads

Edited by hamluis, 25 October 2015 - 10:15 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 29 October 2015 - 09:20 AM

Greetings Pilot49 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
ShortcutTarget: Dropbox.lnk ->  (No File)
S2 HPSLPSVC; C:\Users\STEVEN~1\AppData\Local\Temp\7zS5FBE\hpslpsvc64.dll [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 TMAgent; no ImagePath
2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\Program Files (x86)\GUM6CD0.tmp
2015-09-11 15:03 - 2015-09-11 15:03 - 00000000 ____D C:\Program Files (x86)\GUM7C3B.tmp
C:\Users\Steven Banker\A2mdlhlpx.exe
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Diagnose Blue Screen of Death (BSOD) Errors by Disabling Automatic Restart

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Seagate Seatools for DOS

----------
  • Please download SeaTools for DOS and create a bootable CD as instructed here and save it to your desktop
  • NOTE: If you have any difficulty booting up with this version, please use one of the legacy versions of SeaTools for DOS
  • If you do not have ISO burning software on your computer download and install Active@ ISO Burner then create a bootable disk with the downloaded file
  • Boot your computer using the CD you just created. If necessary see here for instructions about how to boot to CD
  • After the program loads click I Accept
  • Left Click on your hard drive listed under Drive List (if you have a Seagate hard drive take special note of the caution below)
  • Click Basic Tests, then select Long Test
  • Allow the process to run, which may take up to 3 hours, and report the findings in your reply
  • If the results indicate your hard drive failed the test and you have a Seagate hard drive installed DO NOT follow up on the suggestion to allow the program to attempt to resolve the issue. Doing so may cause permanent loss of data
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Blue Screen information
  • Hard drive test results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Pilot49

Pilot49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 29 October 2015 - 09:00 PM

Hi Gary, thank you for getting back to me. I have completed the steps as requested. I am not able to boot the computer at this time. I am attaching the requested log files. Looks to be an AVG file corruption. I am thankful for your assistance. 

 

STOP:c000007b {Bad Image}
C:\PROGRA~2\AVG\AVG2015\avgclita.dll is euther not designed to run on windows or it contains an error.
 Try installing the program again using the original installation media or contact your system administrator
 or software vendor for support.

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 01
Ran by SYSTEM (2015-10-29 19:49:27) Run:2
Running from h:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
ShortcutTarget: Dropbox.lnk ->  (No File)
S2 HPSLPSVC; C:\Users\STEVEN~1\AppData\Local\Temp\7zS5FBE\hpslpsvc64.dll [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 TMAgent; no ImagePath
2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\Program Files (x86)\GUM6CD0.tmp
2015-09-11 15:03 - 2015-09-11 15:03 - 00000000 ____D C:\Program Files (x86)\GUM7C3B.tmp
C:\Users\Steven Banker\A2mdlhlpx.exe
*****************

HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => value restored successfully
ShortcutTarget: Dropbox.lnk ->  (No File) => not found.
HPSLPSVC => service removed successfully
WinDefend => service removed successfully
Andbus => service removed successfully
AndDiag => service removed successfully
AndGps => service removed successfully
ANDModem => service removed successfully
catchme => service removed successfully
RimUsb => service removed successfully
TMAgent => service removed successfully
C:\Program Files (x86)\GUM6CD0.tmp => moved successfully
C:\Program Files (x86)\GUM7C3B.tmp => moved successfully
C:\Users\Steven Banker\A2mdlhlpx.exe => moved successfully

==== End of Fixlog 19:49:27 ====

Attached Files


Edited by Oh My!, 29 October 2015 - 09:17 PM.


#4 Pilot49

Pilot49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 29 October 2015 - 09:12 PM

Hi Gary, I forgot to add the hard drive test log info. Both of the drives passed the short test. The C drive is a flash drive and it said it failed the long test- Long test time out. This is a SMART drive, SMART is Enabled and is Not tripped



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 29 October 2015 - 09:19 PM

Greetings. It is my pleasure to work together on this.

Just because a drive test says it "passed" it doesn't always mean that it did. Could you copy and paste the results in your reply.

Also, have you tried to boot your computer into Safe Mode? If not please try that and let me know the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Pilot49

Pilot49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 29 October 2015 - 09:53 PM

Yeah, I am able to boot into safe mode!



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 29 October 2015 - 09:57 PM

Very good.

I still would like to see the hard drive test results. Please do this in Safe Mode.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

AVG 2015

  • Attempt to reboot your computer into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Can you boot normally?
  • Hard drive test results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Pilot49

Pilot49
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 29 October 2015 - 10:33 PM

I am only able to boot into safe mode. I can't seem to copy the hard drive test log, and I can't find it in the safe mode. When running the uninstall on the AVG programs, I get the message "drive C does not have enough space". Prior to the current problems, low space on drive C has been a problem for a while and I can't seem to free up any significant amout of space. I uninstalled a number of programs and used CCleaner many times to remove unnessesary files. Windows seems to be taking over the entire C drive. I have to be up to go to work in a few hours,  hope to hear from you tomorrow.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 29 October 2015 - 10:36 PM

OK, whenever you get a chance I would like you to run another FRST scan in Safe Mode and make sure you place a check mark in Addition.txt.

Please copy and paste both reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 04 November 2015 - 09:35 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 06 November 2015 - 10:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users