Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't run MSE [Solved]


  • This topic is locked This topic is locked

#1
gomyr

gomyr

    Member

  • Member
  • PipPipPip
  • 240 posts

Hello, I am (regrettably) a GeekU dropout.  Though I do not have the time necessary to complete my training, I still am the person my family comes to for help with their computer problems.  This computer belongs to my sister.  She complained of popups and slow response.  I updated and ran MBAM, which found 103 problems, mostly trojans.  I used MBAM to fix all the problems it found.  Then I went to run Microsoft Security Essentials (MSE).  it opened and immediately closed.  I tried it several times, and got the same result every time.  I went to Action Center and found that the Windows Security Service was turned off.  When I tried to turn it on via the Action Center, it gave me a message that it can't be started.  I typed "services" into the run command and security center was indeed, disabled.  I set it for automatic, and then turned it on.  It stayed on for a while, but when I tried to turn on MSE, it turned off again. 

 

I then tried to run the Kaspersky online scan, but it reported no threats.

 

I then noticed that upon shutdown it needed some updates.  I restarted and went to Windows Update and it needed 157 updates.  The first time I tried to run it, it failed.  The next time I tried to run it, it installed all but 7 updates.  After restart I tried it again and it installed the remaining updates.

 

I am sure the system is still infected, but this is beyond my experience.  Still cannot run MSE, and can't keep the Security Service from becoming disabled.

 

The computer is a Toshiba Portege Z935-P300 ultrabook running W7-Home Premium 64 bit.

 

Please help?  Thank You!

 

I am including the MBAM report of all the infections below:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.06.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Susan :: SUSAN-PC [administrator]

6/12/2014 8:02:47 PM
mbam-log-2014-06-12 (20-02-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250239
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 17
C:\Windows\SysWOW64\dikinyxeuf.exe (Trojan.Agent.ED) -> 2168 -> Delete on reboot.
C:\Windows\SysWOW64\irxuloxyo.exe (Spyware.Zbot.ED) -> 2232 -> Delete on reboot.
C:\Windows\SysWOW64\towisaigk.exe (Spyware.Zbot.ED) -> 2308 -> Delete on reboot.
C:\Windows\SysWOW64\giebarna.exe (Spyware.Password) -> 2384 -> Delete on reboot.
C:\Windows\SysWOW64\qikoatraud.exe (Trojan.PolyCrypt.Gen) -> 2456 -> Delete on reboot.
C:\Windows\SysWOW64\izowez.exe (Trojan.FakeMS) -> 2512 -> Delete on reboot.
C:\Windows\SysWOW64\yvavers.exe (Trojan.PolyCrypt.Gen) -> 2588 -> Delete on reboot.
C:\Windows\SysWOW64\noigutr.exe (Spyware.Password) -> 2644 -> Delete on reboot.
C:\Windows\SysWOW64\vepakagi.exe (Spyware.Password) -> 2696 -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Izitof\osanec.exe (Spyware.Zbot.ED) -> 4856 -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Eqylduxo\ryonixk.exe (Spyware.Zbot.ED) -> 4904 -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Edbeno\ahbyy.exe (Trojan.Agent.ED) -> 5000 -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Xeegsuav\ugypryk.exe (Trojan.PolyCrypt.Gen) -> 5036 -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Ywcunu\ewehubg.exe (Trojan.FakeMS) -> 5056 -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Emagmoh\xoipi.exe (Spyware.Password) -> 5064 -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Media Center Programs\WINE85B.exe (Trojan.Agent.TMSGen) -> 5740 -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Media Center Programs\WIN9DC4.exe (Trojan.Agent.TMSGen) -> 5824 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1470521988 (Trojan.Agent.ED) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer168683205 (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2258656659 (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2448866346 (Spyware.Password) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2485500670 (Trojan.PolyCrypt.Gen) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2681357725 (Trojan.FakeMS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2769469837 (Trojan.PolyCrypt.Gen) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3080394134 (Spyware.Password) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer795143617 (Spyware.Password) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Re-Markable (PUP.Optional.ReMarkable.A) -> Quarantined and deleted successfully.

Registry Values Detected: 17
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apariwdogun (Spyware.Zbot.ED) -> Data: C:\Users\Susan\AppData\Roaming\Izitof\osanec.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apariwdogun (Spyware.Zbot.ED) -> Data: C:\Users\Susan\AppData\Roaming\Izitof\osanec.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ofoxsyidorcei (Spyware.Zbot.ED) -> Data: C:\Users\Susan\AppData\Roaming\Eqylduxo\ryonixk.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ofoxsyidorcei (Spyware.Zbot.ED) -> Data: C:\Users\Susan\AppData\Roaming\Eqylduxo\ryonixk.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Obevzebyb (Trojan.Agent.ED) -> Data: C:\Users\Susan\AppData\Roaming\Edbeno\ahbyy.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Obevzebyb (Trojan.Agent.ED) -> Data: C:\Users\Susan\AppData\Roaming\Edbeno\ahbyy.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ympyopmuehyho (Trojan.PolyCrypt.Gen) -> Data: C:\Users\Susan\AppData\Roaming\Xeegsuav\ugypryk.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ympyopmuehyho (Trojan.PolyCrypt.Gen) -> Data: C:\Users\Susan\AppData\Roaming\Xeegsuav\ugypryk.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yfomihymolsu (Trojan.FakeMS) -> Data: C:\Users\Susan\AppData\Roaming\Ywcunu\ewehubg.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yfomihymolsu (Trojan.FakeMS) -> Data: C:\Users\Susan\AppData\Roaming\Ywcunu\ewehubg.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Unzavoc (Spyware.Password) -> Data: C:\Users\Susan\AppData\Roaming\Emagmoh\xoipi.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Unzavoc (Spyware.Password) -> Data: C:\Users\Susan\AppData\Roaming\Emagmoh\xoipi.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ozhougihylra (Trojan.PolyCrypt.Gen) -> Data: "C:\Users\Susan\AppData\Roaming\Yqgexy\ucgygi.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Gyixzeamfel (Spyware.Password) -> Data: "C:\Users\Susan\AppData\Roaming\Owirzofe\yzgui.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Axalavru (Spyware.Password) -> Data: "C:\Users\Susan\AppData\Roaming\Avorhaap\eminul.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GameServer70B (Trojan.Agent.TMSGen) -> Data: "C:\Users\Susan\AppData\Roaming\Media Center Programs\WINE85B.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GameServer70C (Trojan.Agent.TMSGen) -> Data: "C:\Users\Susan\AppData\Roaming\Media Center Programs\WIN9DC4.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Susan\AppData\Local\Temp\PowerfulBrowse (PUP.Optional.PowerfulBrowse.A) -> Quarantined and deleted successfully.

Files Detected: 58
C:\Windows\SysWOW64\dikinyxeuf.exe (Trojan.Agent.ED) -> Delete on reboot.
C:\Windows\SysWOW64\irxuloxyo.exe (Spyware.Zbot.ED) -> Delete on reboot.
C:\Windows\SysWOW64\towisaigk.exe (Spyware.Zbot.ED) -> Delete on reboot.
C:\Windows\SysWOW64\giebarna.exe (Spyware.Password) -> Delete on reboot.
C:\Windows\SysWOW64\qikoatraud.exe (Trojan.PolyCrypt.Gen) -> Delete on reboot.
C:\Windows\SysWOW64\izowez.exe (Trojan.FakeMS) -> Delete on reboot.
C:\Windows\SysWOW64\yvavers.exe (Trojan.PolyCrypt.Gen) -> Delete on reboot.
C:\Windows\SysWOW64\noigutr.exe (Spyware.Password) -> Delete on reboot.
C:\Windows\SysWOW64\vepakagi.exe (Spyware.Password) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Izitof\osanec.exe (Spyware.Zbot.ED) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Eqylduxo\ryonixk.exe (Spyware.Zbot.ED) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Edbeno\ahbyy.exe (Trojan.Agent.ED) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Xeegsuav\ugypryk.exe (Trojan.PolyCrypt.Gen) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Ywcunu\ewehubg.exe (Trojan.FakeMS) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Emagmoh\xoipi.exe (Spyware.Password) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Yqgexy\ucgygi.exe (Trojan.PolyCrypt.Gen) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Owirzofe\yzgui.exe (Spyware.Password) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Avorhaap\eminul.exe (Spyware.Password) -> Delete on reboot.
C:\Windows\System32\dikinyxeuf.exe (Trojan.Agent.ED) -> Delete on reboot.
C:\Windows\System32\giebarna.exe (Spyware.Password) -> Delete on reboot.
C:\Windows\System32\irxuloxyo.exe (Spyware.Zbot.ED) -> Delete on reboot.
C:\Windows\System32\izowez.exe (Trojan.FakeMS) -> Delete on reboot.
C:\Windows\System32\noigutr.exe (Spyware.Password) -> Delete on reboot.
C:\Windows\System32\qikoatraud.exe (Trojan.PolyCrypt.Gen) -> Delete on reboot.
C:\Windows\System32\towisaigk.exe (Spyware.Zbot.ED) -> Delete on reboot.
C:\Windows\System32\vepakagi.exe (Spyware.Password) -> Delete on reboot.
C:\Windows\System32\yvavers.exe (Trojan.PolyCrypt.Gen) -> Delete on reboot.
C:\Users\Susan\AppData\Local\Temp\air49C8.exe (PUP.Optional.PowerfulBrowse.A) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\setup.exe (PUP.Optional.AirAdInstaller) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_1f3c734d.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_2eecff44.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_3009d992.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_3afb691c.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_4188a1c9.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_5f6b1a5e.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_66def16a.exe (Trojan.PolyCrypt.Gen) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_8d2d6b56.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_a3cea457.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_b6840210.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_bf6783ef.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_cf23af34.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_d30a10a7.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_da486541.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_e6e42301.exe (Trojan.PolyCrypt.Gen) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Local\Temp\UpdateFlashPlayer_f840f999.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\Susan\Downloads\DTLite4454-0315.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 1470521988.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 168683205.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 2258656659.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 2448866346.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 2485500670.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 2681357725.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 2769469837.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 3080394134.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 795143617.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Users\Susan\AppData\Roaming\Media Center Programs\WINE85B.exe (Trojan.Agent.TMSGen) -> Delete on reboot.
C:\Users\Susan\AppData\Roaming\Media Center Programs\WIN9DC4.exe (Trojan.Agent.TMSGen) -> Delete on reboot.
C:\Users\Susan\AppData\Local\Temp\PowerfulBrowse\7za.exe (PUP.Optional.PowerfulBrowse.A) -> Quarantined and deleted successfully.

(end)
 

 

 


  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is a Backdoor Trojan/Password Harvester, plus undoubtedly other comprising malware!

Since we are dealing with the aforementioned infection(s) I would be providing your good self and Sister with a disservice if I did not make you aware of the ramifications below:

Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

I would counsel you to disconnect this PC from the Internet immediately. If your Sister has used the machine for online banking or other financial transactions on the PC or if it should contain any other sensitive information, please advise she get's to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of the situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine(anything I try may not be successful) but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#3
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

I appreciate your comments.  This is her (7 year old) daughter's machine, and is has never (to my knowledge) been used for online transactions.  However I will still counsel her to change her passwords from a clean machine.  I forgot that I also tried to reformat back to factory settings by hitting f8 on startup, but when I tried to do that, it hung on the "loading windows files" portion of the Windows Repair process. 

 

Since this computer has no CDRom drive, I am left only with contacting the manufacturer for an OS recovery on USB media unless we can recover this machine enough to get Windows Repair to work.  She wants to use it for work, so do you think we can get it working enough to use Windows Recovery, or would you recommend just buying the USB recovery software from Toshiba?


  • 0

#4
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

I saved some documents and photos from the infected computer to an external hard drive with the intention of running MSE and MBAM on them before reinstalling them on the repaired system.  Is it safe to connect that external HD to my computer in order to scan it?


  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)
 

so do you think we can get it working enough to use Windows Recovery


By all means I will try.
 

or would you recommend just buying the USB recovery software from Toshiba?


Might be a option to consider and or purchase say a type USB CD/DVD for example then in turn follow this tutorial of mine here. As having a Startup Repair Disk is better than nothing.
 

I saved some documents and photos from the infected computer to an external hard drive with the intention of running MSE and MBAM on them before reinstalling them on the repaired system. Is it safe to connect that external HD to my computer in order to scan it?


It would be prudent to secure both the external drive and your machine as follows...

Download/Install & Run Panda USB Vaccine:

Please download the installer for Panda USB Vaccine from here to the desktop.
  • Right-click on USBVaccineSetup.exe and and select Run as Administrator(if you are using Vista & above) >> follow the prompts in the installation wizard.
  • At the configuration screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> click on Finish.
  • Connect your USB External Hard-Drive to your machine...it will be automatically vaccinated.
Scan your USB External Hard-Drive:

Click on My Computer and or Computer for example >> locate your USB External Hard-Drive >> right click on it and scan with your presently installed security software as you mentioned prior etc.

Then safely remove the USB External Hard-Drive from your machine via right-clicking on the Safely Remove Hardware and Eject Media system tray icon and then select Eject USB Mass Storage Device.

Next:

The below pertains your Niece's machine...Please take note of the below:
  • I will start working on the Malware issues, this may or may not, solve other issues you have with the machine.
  • The fixes are specific to this problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you the machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • The presently installed security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Scan with aswMBR:

Please download aswMBR to the desktop.
  • Right-click on aswMBR.exe and select Run as Administrator to launch the application
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select Yes
  • The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
  • Now click on the Scan button to start the scan.
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
  • Click on Exit.
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to the desktop.
  • Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Next:

When completed the above, please post back the following in the order asked for:
  • How is the computer performing now, any further symptoms and or problems encountered ?
  • aswMBR Log.
  • Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#6
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

I noticed somewhere, possibly on your profile that you may not be available on weekens, so thank you for your time and your help thus far.  I live in Las Vegas, NV and it's a little after 5:30am, and I'm getting ready for bed.  I'll be getting up around 2 in the afternoon, so it will be a while until my next reply.

I will NOT do anything without your express instruction, however I intend to scan these log results and see if I can anticipate which entries need attention.  Since I have never used either of these tools, I don't know what to do once something is identified, but I still can use this as a learning experience.

Again, Thank you!  I will work on my own computer in a moment, but here are the results from my Niece's computer:

ASWmbr log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-14 05:08:21
-----------------------------
05:08:21.592    OS Version: Windows x64 6.1.7601 Service Pack 1
05:08:21.592    Number of processors: 4 586 0x3A09
05:08:21.593    ComputerName: SUSAN-PC  UserName: Susan
05:08:21.742    Initialize success
05:11:22.686    AVAST engine defs: 14061400
05:12:07.941    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
05:12:07.943    Disk 0 Vendor: TOSHIBA_ TA2A Size: 122104MB BusType: 3
05:12:07.951    Disk 0 MBR read successfully
05:12:07.953    Disk 0 MBR scan
05:12:07.961    Disk 0 Windows VISTA default MBR code
05:12:07.964    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
05:12:08.001    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       103621 MB offset 3074048
05:12:08.040    Disk 0 Partition 3 00     84 OS/2 hidden C:              4096 MB offset 215289856
05:12:08.047    Disk 0 Partition 4 00     17 Hidd HPFS/NTFS NTFS        12886 MB offset 223678464
05:12:08.125    Disk 0 scanning C:\windows\system32\drivers
05:12:17.923    Service scanning
05:12:38.923    Modules scanning
05:12:38.931    Disk 0 trace - called modules:
05:12:38.940    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys >>UNKNOWN [0xfffffa8006c899f8]<<>>UNKNOWN [0xfffffa8006e35168]<<hal.dll
05:12:38.945    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c75060]
05:12:38.950    3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa80044d7620]
05:12:38.955    5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80044d8050]
05:12:39.179    AVAST engine scan C:\windows
05:12:40.903    AVAST engine scan C:\windows\system32
05:14:41.984    AVAST engine scan C:\windows\system32\drivers
05:14:50.816    AVAST engine scan C:\Users\Susan
05:16:24.331    AVAST engine scan C:\ProgramData
05:17:20.037    Scan finished successfully
05:17:38.843    Disk 0 MBR has been saved successfully to "C:\Users\Susan\Desktop\MBR.dat"
05:17:38.850    The log file has been saved successfully to "C:\Users\Susan\Desktop\aswMBR.txt"


Farbar Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Susan at 2014-06-14 05:20:48
Running from C:\Users\Susan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.03(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1022 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® AT Service signup (HKLM-x32\...\{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}) (Version: 2.0.0.3 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0875 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keeper Password & Data Vault (HKLM-x32\...\Keeper Password & Data Vault) (Version: 5.0.5 - Keeper Security, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SRS Premium Sound Control Panel (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.21.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.22.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.4.01 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.10 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.3.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0024.000101 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0027.640202 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.0027.640202 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.0027.640202 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.1 - TOSHIBA)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

14-06-2014 07:43:06 Windows Update
14-06-2014 08:45:07 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {249720A6-F8AC-4D3C-B5BF-6A2278E5A991} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {2FE37995-8D2D-4A57-8FB7-274103B5CA9E} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {72A5E658-E40E-48BB-B59A-9E3F6E64CDF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20] (Google Inc.)
Task: {7CEA8A9D-9C6C-4F05-889B-C9590387C445} - \AutoKMS No Task File <==== ATTENTION
Task: {8885DA74-FF49-4BD1-BE59-51018FD1BCED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9952CDC4-2B51-4805-9928-79242A613759} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {AF266F92-3EE6-4933-BF74-9A31D3BDDE43} - System32\Tasks\rostk => Rundll32.exe "C:\windows\SysWOW64\attrib9.dll",TYFZUOE
Task: {E9AF86CA-76FD-4D23-B58E-5EF6E5F4D896} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F1BF1AA4-F7F4-4B40-9654-180F5A43E58C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\rostk.job => C:\windows\SysWOW64\attrib9.dll

==================== Loaded Modules (whitelisted) =============

2012-06-20 18:56 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-03-26 17:33 - 2012-03-26 17:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-22 15:19 - 2011-08-22 15:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-08-12 14:57 - 2011-08-12 14:57 - 00437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2012-04-11 17:05 - 2012-04-11 17:05 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-26 21:29 - 2012-07-13 17:17 - 02003424 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-20 18:55 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Susan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Susan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 6600 (Network).lnk => C:\windows\pss\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk.Startup
MSCONFIG\startupreg: Apariwdogun => "C:\Users\Susan\AppData\Roaming\Izitof\osanec.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Best Buy pc app => C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DelayTSS => "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
MSCONFIG\startupreg: Driver Detective => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Obevzebyb => "C:\Users\Susan\AppData\Roaming\Edbeno\ahbyy.exe"
MSCONFIG\startupreg: Ofoxsyidorcei => "C:\Users\Susan\AppData\Roaming\Eqylduxo\ryonixk.exe"
MSCONFIG\startupreg: TOSDCR => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
MSCONFIG\startupreg: Unzavoc => "C:\Users\Susan\AppData\Roaming\Emagmoh\xoipi.exe"
MSCONFIG\startupreg: Yfomihymolsu => "C:\Users\Susan\AppData\Roaming\Ywcunu\ewehubg.exe"
MSCONFIG\startupreg: Ympyopmuehyho => "C:\Users\Susan\AppData\Roaming\Xeegsuav\ugypryk.exe"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2014 05:19:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7601.17568, time stamp: 0x4d6c79f3
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x1958
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/14/2014 05:07:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wininit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc50f
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x2e8
Faulting application start time: 0xwininit.exe0
Faulting application path: wininit.exe1
Faulting module path: wininit.exe2
Report Id: wininit.exe3

Error: (06/14/2014 05:03:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 02:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wininit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc50f
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x5a0
Faulting application start time: 0xwininit.exe0
Faulting application path: wininit.exe1
Faulting module path: wininit.exe2
Report Id: wininit.exe3

Error: (06/14/2014 02:22:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 01:13:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0xef0
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (06/14/2014 01:03:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x1a38
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (06/14/2014 00:57:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 00:56:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7601.17568, time stamp: 0x4d6c79f3
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0x1bcc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/14/2014 00:45:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/14/2014 05:21:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (06/14/2014 05:21:00 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{369C49AB-F5E9-4BC5-9E19-CC43E98AE782}.
The backup browser is stopping.

Error: (06/14/2014 05:20:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (06/14/2014 05:20:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (06/14/2014 05:20:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (06/14/2014 05:19:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (06/14/2014 05:19:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (06/14/2014 05:18:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (06/14/2014 05:18:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (06/14/2014 05:18:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{0358B920-0AC7-461F-98F4-58E32CD89148}{3EB3C877-1F16-487C-9050-104DBCD66683}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (06/14/2014 05:19:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7601.175684d6c79f3Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d195801cf87c9f4767f7cC:\windows\SysWOW64\svchost.exeC:\windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx2b474cc9-f3be-11e3-bcd9-e8e0b7b7215f

Error: (06/14/2014 05:07:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wininit.exe6.1.7600.163854a5bc50fFlash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d2e801cf87c8e4458436C:\windows\SysWOW64\wininit.exeC:\windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx7a1318d2-f3bc-11e3-bcd9-e8e0b7b7215f

Error: (06/14/2014 05:03:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 02:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wininit.exe6.1.7600.163854a5bc50fFlash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d5a001cf87b2c4d270b7C:\windows\SysWOW64\wininit.exeC:\windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxe0122a3c-f3a6-11e3-a843-e8e0b7b7215f

Error: (06/14/2014 02:22:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 01:13:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1def001cf87a7ab79806cC:\windows\SysWOW64\dllhost.exeC:\windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxc6be0d06-f39b-11e3-a6fc-e8e0b7b7215f

Error: (06/14/2014 01:03:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d1a3801cf87a6869918f6C:\windows\SysWOW64\dllhost.exeC:\windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx5a96bd60-f39a-11e3-a6fc-e8e0b7b7215f

Error: (06/14/2014 00:57:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 00:56:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7601.175684d6c79f3Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d1bcc01cf87a4d3608de1C:\windows\SysWOW64\svchost.exeC:\windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx692b15f8-f399-11e3-861c-e8e0b7b7215f

Error: (06/14/2014 00:45:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3990.17 MB
Available physical RAM: 2302.91 MB
Total Pagefile: 7978.52 MB
Available Pagefile: 5760.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106424W0F) (Fixed) (Total:101.19 GB) (Free:49.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: 0CF514B3)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4 GB) - (Type=84)
Partition 4: (Not Active) - (Size=13 GB) - (Type=17)

==================== End Of Log ============================

Farbar FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Susan (administrator) on SUSAN-PC on 14-06-2014 05:20:09
Running from C:\Users\Susan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [286632 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2012-04-04] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Intel AT Service signup] => C:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe [382976 2012-02-16] (Intel Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3807464017-2434585226-1365397131-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3807464017-2434585226-1365397131-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3807464017-2434585226-1365397131-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3807464017-2434585226-1365397131-1001\...\MountPoints2: {bfb9c0d1-d820-11e1-bdc7-e8e0b7b7215f} - D:\SETUP.EXE
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKCU - DefaultScope {81DD3F7D-B161-4082-9FFD-80DDE8FD7E8D} URL = http://www.google.co...1I7TSNO_enUS494
SearchScopes: HKCU - {81DD3F7D-B161-4082-9FFD-80DDE8FD7E8D} URL = http://www.google.co...1I7TSNO_enUS494
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {B8E73359-3422-4384-8D27-4EA1B4C01232} https://portal.mshq....COL /cscopf.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\85rx6ovw.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\85rx6ovw.default\user.js

Chrome:
=======
CHR HomePage: hxxp://start.toshiba.com/?cid=C001B2Y
CHR StartupUrls: "hxxp://start.toshiba.com/?cid=C001B2Y"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-26]
CHR Extension: (Google Search) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-26]
CHR Extension: (Google Wallet) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-26]

==================== Services (Whitelisted) =================

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [524288 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [192856 2012-02-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [135608 2011-11-30] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [524288 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [568600 2011-11-29] () [File not signed]
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-22] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Tosrfcom; No ImagePath
R1 {ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64; C:\Windows\System32\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys [61128 2014-05-28] (StdLib)
U3 aswMBR; \??\C:\Users\Susan\AppData\Local\Temp\aswMBR.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1c62x64.sys 2E83CF60759CAEA3F0CEB26D58208CAB
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys C804D8F257A9C695E69F113C385F9E68
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 3FB253E8059A1AAC3A8B83A31D094CC5
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys CADDF0927DAC63EDAE48F5C35A61D87D
C:\Windows\System32\drivers\RTKVHD64.sys 21F54139C93FC595902B58ED947D47D5
C:\Windows\System32\DRIVERS\IntcDAud.sys 6C9FFFECA9FED31347D211C5D1FFBD2D
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\irstrtdv.sys 6DC22BDAA595BE00F19696E72F2F3312
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys 846354992EBB373F452EB9182D501B08
C:\Windows\System32\DRIVERS\iusb3hub.sys 1D88A23853387D34D52CC8F9DDBFC56C
C:\Windows\System32\DRIVERS\iusb3xhc.sys FC5EFD7C797DF19DFB999F0605A7924E
C:\Windows\System32\DRIVERS\iwdbus.sys 716F66336F10885D935B08174DC54242
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 6B01B7414A105B9E51652089A03027CF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 9EB89625A82AC961F25E7C865947BF9A
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Netwsw00.sys 079F133C8BF1CF5DE310DEB467CA6AA6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys C3E0696C3B42F694C5822776AA6FFFDF
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\risdxc64.sys 5A227511ED22DDFEDF7EF7323C8F7D2F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 772493A8945495F1A287BF6C4CA25B48
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tosrfec.sys A4DDAD3BF13F370EC392BE243E334EBA
C:\Windows\System32\DRIVERS\tos_sps64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ.SYS EFFCE6E033EBDD0F3C0F14A413558F65
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys AF678D20874BD4573132253A17E61E8A

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 05:20 - 2014-06-14 05:20 - 00035940 _____ () C:\Users\Susan\Desktop\FRST.txt
2014-06-14 05:19 - 2014-06-14 05:20 - 00000000 ____D () C:\FRST
2014-06-14 05:17 - 2014-06-14 05:17 - 00002177 _____ () C:\Users\Susan\Desktop\aswMBR.txt
2014-06-14 05:17 - 2014-06-14 05:17 - 00000512 _____ () C:\Users\Susan\Desktop\MBR.dat
2014-06-14 05:06 - 2014-06-14 05:06 - 02081792 _____ (Farbar) C:\Users\Susan\Desktop\FRST64.exe
2014-06-14 05:05 - 2014-06-14 05:05 - 04745728 _____ (AVAST Software) C:\Users\Susan\Desktop\aswmbr.exe
2014-06-14 00:49 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-06-14 00:49 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-06-14 00:49 - 2013-02-26 23:02 - 00111448 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-06-14 00:49 - 2013-02-26 22:47 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-06-14 00:49 - 2013-02-14 23:08 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-06-14 00:49 - 2013-02-14 23:06 - 03717632 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-14 00:49 - 2013-02-14 23:02 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-06-14 00:49 - 2013-02-14 21:37 - 03217408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-14 00:49 - 2013-02-14 21:34 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-06-14 00:49 - 2013-02-14 20:25 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-06-14 00:48 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-06-14 00:48 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-06-14 00:48 - 2012-10-09 11:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2014-06-14 00:48 - 2012-10-09 11:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2014-06-14 00:48 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2014-06-14 00:48 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2014-06-14 00:44 - 2012-11-01 22:59 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll
2014-06-14 00:44 - 2012-11-01 22:11 - 00376832 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnet.dll
2014-06-14 00:43 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-06-14 00:43 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-06-14 00:43 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-06-14 00:43 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-06-14 00:43 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-06-14 00:43 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-06-14 00:43 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-06-14 00:43 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-06-14 00:43 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-06-14 00:43 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-06-14 00:43 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-06-14 00:43 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-06-14 00:43 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-06-14 00:43 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-06-14 00:43 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-06-14 00:43 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-06-14 00:43 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-06-14 00:43 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-06-14 00:43 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-06-14 00:43 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-06-14 00:43 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-06-14 00:43 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-06-14 00:43 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-06-14 00:43 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-06-14 00:43 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-06-14 00:43 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-06-14 00:43 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-06-14 00:43 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-06-14 00:43 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-06-14 00:43 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-06-14 00:43 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-06-14 00:43 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-06-14 00:43 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2014-06-14 00:43 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2014-06-14 00:43 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2014-06-14 00:43 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2014-06-14 00:43 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-06-14 00:37 - 2014-06-14 00:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-14 00:28 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-06-14 00:28 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-06-14 00:28 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-06-14 00:28 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-06-14 00:02 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-06-13 23:58 - 2014-06-13 23:58 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-13 23:58 - 2014-06-13 23:58 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-13 23:58 - 2014-06-13 23:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-13 23:58 - 2014-06-13 23:58 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-13 23:58 - 2014-06-13 23:58 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-06-13 23:58 - 2014-06-13 23:58 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-06-13 23:58 - 2014-06-13 23:58 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-06-13 23:58 - 2014-06-13 23:58 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-06-13 23:58 - 2014-06-13 23:58 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00266456 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00240856 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-06-13 23:58 - 2014-06-13 23:58 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-06-13 23:58 - 2014-06-13 23:58 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 02776576 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 02284544 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01988096 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01682432 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01238528 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01175552 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01158144 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01080832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00648192 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00604160 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00522752 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00363008 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00293376 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00249856 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1core.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecsExt.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10core.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecsExt.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00194560 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00010752 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00010752 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00009728 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00009728 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00005632 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00005632 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00002560 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00002560 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-13 23:53 - 2014-06-14 00:02 - 00011687 _____ () C:\windows\IE11_main.log
2014-06-13 23:37 - 2012-07-25 21:55 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-06-13 23:37 - 2012-07-25 19:36 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2014-06-13 23:37 - 2012-06-02 07:35 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-06-13 23:02 - 2012-07-25 20:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2014-06-13 23:02 - 2012-07-25 20:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2014-06-13 23:02 - 2012-07-25 20:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2014-06-13 23:02 - 2012-07-25 20:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2014-06-13 23:02 - 2012-07-25 20:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2014-06-13 23:02 - 2012-07-25 19:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2014-06-13 23:02 - 2012-07-25 19:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2014-06-13 23:02 - 2012-06-02 07:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-06-13 22:51 - 2014-06-13 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-13 22:49 - 2014-06-13 22:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-13 22:49 - 2014-06-13 22:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-13 22:06 - 2014-06-13 22:06 - 00000000 ____D () C:\windows\pss
2014-06-13 18:24 - 2014-06-13 21:44 - 00000000 ____D () C:\b9ae1df7b3ca3ad0ce4e
2014-06-13 00:49 - 2014-06-13 00:49 - 00000000 ____D () C:\Users\Myer\AppData\Local\VirtualStore
2014-06-13 00:41 - 2014-06-13 00:41 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Adobe
2014-06-13 00:41 - 2014-06-13 00:41 - 00000000 ____D () C:\Users\Myer\AppData\Local\Macromedia
2014-06-13 00:28 - 2014-06-13 00:28 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Mozilla
2014-06-13 00:28 - 2014-06-13 00:28 - 00000000 ____D () C:\Users\Myer\AppData\Local\Mozilla
2014-06-13 00:25 - 2014-06-13 00:25 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Toshiba
2014-06-13 00:24 - 2014-06-13 00:24 - 00108840 _____ () C:\Users\Myer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Malwarebytes
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Apple Computer
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\TOSHIBA
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\SRS Labs
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\Intel_Corporation
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\Deployment
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\Apps\2.0
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 _____ () C:\Users\Myer\agent.log
2014-06-13 00:23 - 2014-06-13 21:46 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-13 00:23 - 2014-06-13 21:46 - 00000000 ____D () C:\Users\Myer
2014-06-13 00:23 - 2014-06-13 00:52 - 00000000 ____D () C:\Users\Myer\AppData\Local\Temp
2014-06-13 00:23 - 2014-06-13 00:24 - 00000000 ___RD () C:\Users\Myer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-13 00:23 - 2014-06-13 00:23 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Intel
2014-06-13 00:23 - 2014-06-13 00:23 - 00000000 ____D () C:\Users\Myer\AppData\Local\Google
2014-06-13 00:23 - 2012-07-27 23:17 - 00000000 ____D () C:\Users\Myer\AppData\Local\Microsoft Help
2014-06-13 00:23 - 2012-05-11 18:42 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Macromedia
2014-06-13 00:12 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-06-13 00:12 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-06-13 00:12 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-06-13 00:12 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-06-13 00:12 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-06-13 00:12 - 2013-03-18 22:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2014-06-13 00:11 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-13 00:11 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-13 00:11 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-06-13 00:11 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-06-13 00:10 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-13 00:10 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 00:10 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-13 00:10 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-13 00:10 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-13 00:10 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-13 00:10 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-13 00:10 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-13 00:10 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-13 00:10 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-13 00:10 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-06-13 00:10 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-06-13 00:10 - 2013-12-31 16:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-06-13 00:10 - 2013-12-31 16:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-06-13 00:10 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-06-13 00:10 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-06-13 00:10 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-06-13 00:10 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-06-13 00:10 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-06-13 00:10 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-06-13 00:10 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-06-13 00:10 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-06-13 00:10 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-06-13 00:09 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-13 00:09 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-06-13 00:09 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-06-13 00:09 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-06-13 00:09 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-06-13 00:09 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-06-13 00:09 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-06-13 00:09 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-06-13 00:09 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-06-13 00:09 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-06-13 00:09 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-06-13 00:09 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-06-13 00:09 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-06-13 00:09 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-06-13 00:09 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-06-13 00:09 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-06-13 00:09 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-06-13 00:09 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-06-13 00:09 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-13 00:09 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-06-13 00:09 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-06-13 00:09 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-06-13 00:09 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-06-13 00:09 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-06-13 00:09 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-06-13 00:09 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-06-13 00:09 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2014-06-13 00:09 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2014-06-13 00:09 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-06-13 00:09 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-06-13 00:09 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2014-06-13 00:09 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-06-13 00:09 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2014-06-13 00:09 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-06-13 00:09 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-06-13 00:09 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2014-06-13 00:09 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-06-13 00:09 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-06-13 00:09 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-06-13 00:09 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-06-13 00:09 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-06-13 00:09 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2014-06-13 00:09 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2014-06-13 00:09 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2014-06-13 00:09 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-06-13 00:09 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2014-06-13 00:09 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2014-06-13 00:09 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2014-06-13 00:09 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-06-13 00:09 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-06-13 00:09 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-06-13 00:09 - 2013-04-25 16:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-06-13 00:09 - 2013-03-31 15:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-06-13 00:09 - 2013-02-11 21:12 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2014-06-13 00:09 - 2012-10-03 10:44 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2014-06-13 00:09 - 2012-10-03 10:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2014-06-13 00:09 - 2012-10-03 10:44 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2014-06-13 00:09 - 2012-10-03 10:44 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2014-06-13 00:09 - 2012-10-03 10:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2014-06-13 00:09 - 2012-10-03 10:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-06-13 00:09 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2014-06-13 00:09 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2014-06-13 00:09 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
2014-06-13 00:09 - 2012-10-03 09:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2014-06-13 00:09 - 2012-08-22 11:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-06-13 00:09 - 2012-07-04 13:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2014-06-13 00:09 - 2012-01-13 00:12 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2014-06-13 00:08 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-06-13 00:08 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-06-13 00:08 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-06-13 00:08 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-06-13 00:01 - 2014-06-13 00:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-12 23:56 - 2014-06-13 00:00 - 140151736 _____ () C:\Users\Susan\Downloads\setup_11.0.1.1245.x01_2014_06_13_09_24.exe
2014-06-12 23:55 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-06-12 23:55 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-06-12 23:55 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-06-12 23:55 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-06-12 23:55 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-06-12 23:55 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-06-12 23:55 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2014-06-12 23:55 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-06-12 23:55 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2014-06-12 23:55 - 2012-12-07 06:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2014-06-12 23:55 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2014-06-12 23:55 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
2014-06-12 23:55 - 2012-12-07 04:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2014-06-12 23:55 - 2012-12-07 04:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2014-06-12 23:55 - 2012-12-07 04:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2014-06-12 23:55 - 2012-12-07 04:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2014-06-12 23:55 - 2012-12-07 04:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2014-06-12 23:55 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2014-06-12 23:55 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2014-06-12 23:55 - 2012-12-07 04:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2014-06-12 23:55 - 2012-12-07 04:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2014-06-12 23:55 - 2012-12-07 04:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2014-06-12 23:55 - 2012-12-07 04:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2014-06-12 23:55 - 2012-12-07 04:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2014-06-12 23:55 - 2012-12-07 04:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2014-06-12 23:55 - 2012-12-07 04:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
2014-06-12 23:55 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
2014-06-12 23:55 - 2012-08-21 14:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2014-06-12 23:54 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-06-12 23:54 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-06-12 23:54 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-06-12 23:54 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-06-12 23:54 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-06-12 23:54 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-06-12 23:21 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-06-12 23:21 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-06-12 23:21 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-06-12 23:21 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-06-12 23:21 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-06-12 23:21 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-06-12 23:21 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-06-12 23:21 - 2012-09-25 15:47 - 00078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\synceng.dll
2014-06-12 23:21 - 2012-09-25 15:46 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\synceng.dll
2014-06-12 23:20 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-12 23:20 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-12 23:20 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-06-12 23:20 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-06-12 23:20 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-06-12 23:20 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-06-12 23:20 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-06-12 23:20 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-06-12 23:20 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-06-12 23:20 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-06-12 23:20 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-06-12 23:20 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-06-12 23:20 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-06-12 23:20 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-06-12 23:20 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-06-12 23:20 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-06-12 23:20 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-06-12 23:20 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-06-12 23:20 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-06-12 23:20 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-06-12 23:20 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-06-12 23:20 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-06-12 23:20 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-06-12 23:20 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-06-12 23:20 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-12 23:20 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-12 23:20 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-06-12 23:20 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-12 23:20 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-12 23:20 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-12 23:20 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-12 23:20 - 2013-05-12 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2014-06-12 23:20 - 2013-05-12 20:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-06-12 23:20 - 2013-05-12 20:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-06-12 23:20 - 2013-05-12 20:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2014-06-12 23:20 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-06-12 23:20 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-06-12 23:20 - 2013-04-25 22:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-06-12 23:20 - 2013-04-25 21:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2014-06-12 23:20 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-06-12 23:20 - 2012-11-22 20:13 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2014-06-12 23:19 - 2014-06-12 23:19 - 04748896 _____ (Piriform Ltd) C:\Users\Susan\Downloads\ccsetup414.exe
2014-06-12 23:19 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-06-12 23:19 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-06-12 23:19 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-06-12 23:19 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-06-12 23:19 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-06-12 23:19 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-06-12 23:19 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-06-12 23:19 - 2013-04-09 23:01 - 00265064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-06-12 23:17 - 2014-06-12 23:17 - 00000000 ____S () C:\windows\system32\tdvvfon.vqw
2014-06-12 20:26 - 2014-06-13 21:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-12 20:26 - 2014-06-13 21:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-12 20:26 - 2014-06-12 20:26 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-12 20:25 - 2014-06-12 20:25 - 13829304 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\mseinstall(1).exe
2014-06-11 20:35 - 2014-06-11 20:35 - 00315743 ____S () C:\windows\system32\gpyxq.wki
2014-06-11 20:35 - 2014-06-11 20:35 - 00029184 _____ (Microsoft Corporation) C:\Users\Susan\AppData\Roaming\azrul.dll
2014-06-04 15:44 - 2014-05-28 14:39 - 00061128 _____ (StdLib) C:\windows\system32\Drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys
2014-05-28 20:24 - 2014-06-12 23:14 - 00000258 __RSH () C:\ProgramData\ntuser.pol

==================== One Month Modified Files and Folders =======

2014-06-14 05:20 - 2014-06-14 05:20 - 00035940 _____ () C:\Users\Susan\Desktop\FRST.txt
2014-06-14 05:20 - 2014-06-14 05:19 - 00000000 ____D () C:\FRST
2014-06-14 05:20 - 2012-07-26 20:32 - 00000000 ____D () C:\Users\Susan\AppData\Local\Temp
2014-06-14 05:17 - 2014-06-14 05:17 - 00002177 _____ () C:\Users\Susan\Desktop\aswMBR.txt
2014-06-14 05:17 - 2014-06-14 05:17 - 00000512 _____ () C:\Users\Susan\Desktop\MBR.dat
2014-06-14 05:11 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 05:11 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 05:08 - 2009-07-13 22:13 - 00786622 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-14 05:07 - 2012-06-20 18:56 - 01412485 _____ () C:\windows\WindowsUpdate.log
2014-06-14 05:06 - 2014-06-14 05:06 - 02081792 _____ (Farbar) C:\Users\Susan\Desktop\FRST64.exe
2014-06-14 05:05 - 2014-06-14 05:05 - 04745728 _____ (AVAST Software) C:\Users\Susan\Desktop\aswmbr.exe
2014-06-14 05:04 - 2012-06-20 19:12 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 05:04 - 2012-06-20 18:56 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-06-14 05:03 - 2013-08-17 17:34 - 00000306 _____ () C:\windows\Tasks\rostk.job
2014-06-14 05:03 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-14 05:03 - 2009-07-13 21:51 - 00065928 _____ () C:\windows\setupact.log
2014-06-14 02:42 - 2012-05-11 18:42 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 02:38 - 2012-06-20 19:12 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 02:23 - 2012-07-26 20:33 - 00000000 ___RD () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-14 02:23 - 2012-07-26 20:32 - 00000000 ___RD () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-14 02:22 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-14 02:22 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-14 01:26 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration
2014-06-14 00:57 - 2010-11-20 20:47 - 00656270 _____ () C:\windows\PFRO.log
2014-06-14 00:40 - 2012-07-26 20:33 - 00109296 _____ () C:\Users\Susan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-14 00:40 - 2009-07-13 22:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-14 00:39 - 2012-07-26 20:33 - 00001428 _____ () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-14 00:39 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-14 00:38 - 2012-05-11 18:18 - 00000000 ____D () C:\windows\Panther
2014-06-14 00:38 - 2009-07-13 21:45 - 00416688 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-14 00:37 - 2014-06-14 00:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-14 00:37 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-14 00:37 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\zh-HK
2014-06-14 00:37 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\tr-TR
2014-06-14 00:37 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\zh-HK
2014-06-14 00:37 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\tr-TR
2014-06-14 00:37 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-06-14 00:32 - 2012-07-26 21:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-14 00:14 - 2012-06-20 19:17 - 00779236 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-06-14 00:02 - 2014-06-13 23:53 - 00011687 _____ () C:\windows\IE11_main.log
2014-06-13 23:58 - 2014-06-13 23:58 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-13 23:58 - 2014-06-13 23:58 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-13 23:58 - 2014-06-13 23:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-13 23:58 - 2014-06-13 23:58 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-13 23:58 - 2014-06-13 23:58 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-06-13 23:58 - 2014-06-13 23:58 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-06-13 23:58 - 2014-06-13 23:58 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-06-13 23:58 - 2014-06-13 23:58 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-06-13 23:58 - 2014-06-13 23:58 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00266456 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00240856 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-06-13 23:58 - 2014-06-13 23:58 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-06-13 23:58 - 2014-06-13 23:58 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-06-13 23:58 - 2014-06-13 23:58 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-13 23:58 - 2014-06-13 23:58 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 02776576 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 02284544 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01988096 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01682432 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01238528 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01175552 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01158144 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 01080832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00648192 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00604160 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00522752 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00363008 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00293376 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00249856 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1core.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecsExt.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10core.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecsExt.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00194560 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00010752 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00010752 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00009728 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00009728 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00005632 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00005632 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00002560 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-13 23:55 - 2014-06-13 23:55 - 00002560 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-13 23:36 - 2009-07-13 19:34 - 00000607 _____ () C:\windows\win.ini
2014-06-13 22:51 - 2014-06-13 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-13 22:49 - 2014-06-13 22:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-13 22:49 - 2014-06-13 22:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-13 22:07 - 2012-07-28 14:47 - 00000000 ___RD () C:\Users\Susan\Dropbox
2014-06-13 22:06 - 2014-06-13 22:06 - 00000000 ____D () C:\windows\pss
2014-06-13 22:03 - 2014-05-02 15:21 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\DropboxMaster
2014-06-13 22:03 - 2012-07-28 14:46 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Dropbox
2014-06-13 21:46 - 2014-06-13 00:23 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-13 21:46 - 2014-06-13 00:23 - 00000000 ____D () C:\Users\Myer
2014-06-13 21:46 - 2014-06-12 20:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-13 21:46 - 2012-07-26 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-13 21:46 - 2012-07-26 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-13 21:46 - 2012-07-26 20:32 - 00000000 ____D () C:\Users\Susan
2014-06-13 21:44 - 2014-06-13 18:24 - 00000000 ____D () C:\b9ae1df7b3ca3ad0ce4e
2014-06-13 21:44 - 2014-06-12 20:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-13 21:44 - 2013-01-09 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-13 21:44 - 2012-09-14 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-13 21:44 - 2012-09-14 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keeper Security
2014-06-13 21:44 - 2012-08-04 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2014-06-13 21:44 - 2012-07-26 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-06-13 21:44 - 2012-07-26 21:33 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\DAEMON Tools Lite
2014-06-13 21:44 - 2012-06-20 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-13 21:44 - 2012-06-20 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2014-06-13 21:44 - 2012-06-20 19:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-06-13 21:44 - 2012-06-20 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs
2014-06-13 21:44 - 2012-06-20 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-06-13 21:44 - 2012-05-11 18:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-13 21:44 - 2012-05-11 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-06-13 21:44 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-13 21:44 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-13 21:44 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-13 21:44 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-13 21:44 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-13 21:44 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-13 21:44 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-13 21:44 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Msdtc
2014-06-13 21:44 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\L2Schemas
2014-06-13 00:52 - 2014-06-13 00:23 - 00000000 ____D () C:\Users\Myer\AppData\Local\Temp
2014-06-13 00:49 - 2014-06-13 00:49 - 00000000 ____D () C:\Users\Myer\AppData\Local\VirtualStore
2014-06-13 00:41 - 2014-06-13 00:41 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Adobe
2014-06-13 00:41 - 2014-06-13 00:41 - 00000000 ____D () C:\Users\Myer\AppData\Local\Macromedia
2014-06-13 00:28 - 2014-06-13 00:28 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Mozilla
2014-06-13 00:28 - 2014-06-13 00:28 - 00000000 ____D () C:\Users\Myer\AppData\Local\Mozilla
2014-06-13 00:25 - 2014-06-13 00:25 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Toshiba
2014-06-13 00:24 - 2014-06-13 00:24 - 00108840 _____ () C:\Users\Myer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Malwarebytes
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Apple Computer
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\TOSHIBA
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\SRS Labs
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\Intel_Corporation
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\Deployment
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 ____D () C:\Users\Myer\AppData\Local\Apps\2.0
2014-06-13 00:24 - 2014-06-13 00:24 - 00000000 _____ () C:\Users\Myer\agent.log
2014-06-13 00:24 - 2014-06-13 00:23 - 00000000 ___RD () C:\Users\Myer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-13 00:23 - 2014-06-13 00:23 - 00000000 ____D () C:\Users\Myer\AppData\Roaming\Intel
2014-06-13 00:23 - 2014-06-13 00:23 - 00000000 ____D () C:\Users\Myer\AppData\Local\Google
2014-06-13 00:01 - 2014-06-13 00:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-13 00:00 - 2014-06-12 23:56 - 140151736 _____ () C:\Users\Susan\Downloads\setup_11.0.1.1245.x01_2014_06_13_09_24.exe
2014-06-12 23:19 - 2014-06-12 23:19 - 04748896 _____ (Piriform Ltd) C:\Users\Susan\Downloads\ccsetup414.exe
2014-06-12 23:17 - 2014-06-12 23:17 - 00000000 ____S () C:\windows\system32\tdvvfon.vqw
2014-06-12 23:14 - 2014-05-28 20:24 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-12 20:26 - 2014-06-12 20:26 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-12 20:26 - 2012-07-26 21:58 - 00001945 _____ () C:\windows\epplauncher.mif
2014-06-12 20:25 - 2014-06-12 20:25 - 13829304 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\mseinstall(1).exe
2014-06-12 20:00 - 2012-07-26 23:11 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 20:00 - 2012-07-26 23:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-12 20:00 - 2012-06-20 19:13 - 00000000 ____D () C:\Program Files\Google
2014-06-12 20:00 - 2012-06-20 19:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-12 19:50 - 2012-07-26 21:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 19:48 - 2012-07-26 20:33 - 00000000 ____D () C:\Users\Susan\AppData\Local\Google
2014-06-12 19:48 - 2012-06-20 19:12 - 00000000 ____D () C:\ProgramData\Google
2014-06-11 20:35 - 2014-06-11 20:35 - 00315743 ____S () C:\windows\system32\gpyxq.wki
2014-06-11 20:35 - 2014-06-11 20:35 - 00029184 _____ (Microsoft Corporation) C:\Users\Susan\AppData\Roaming\azrul.dll
2014-06-08 02:13 - 2014-06-12 23:20 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 02:08 - 2014-06-12 23:20 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-01 17:17 - 2012-08-29 08:49 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-28 20:24 - 2009-07-13 20:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-05-28 20:24 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-05-28 20:21 - 2012-07-28 14:47 - 00001029 _____ () C:\Users\Susan\Desktop\Dropbox.lnk
2014-05-28 20:21 - 2012-07-28 14:46 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 14:39 - 2014-06-04 15:44 - 00061128 _____ (StdLib) C:\windows\system32\Drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys

Some content of TEMP:
====================
C:\Users\Susan\AppData\Local\Temp\air1F80.exe
C:\Users\Susan\AppData\Local\Temp\airE9DF.exe
C:\Users\Susan\AppData\Local\Temp\airEF1D.exe
C:\Users\Susan\AppData\Local\Temp\airF269.exe
C:\Users\Susan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Susan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmoiftk.dll
C:\Users\Susan\AppData\Local\Temp\hylmeefv.dll
C:\Users\Susan\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0524288 ____A (Microsoft Corporation) 4D1BDC529E9317135418A7FDF2A275A6

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-08-12 22:27

==================== End Of Log ============================
 


  • 0

#7
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

I forgot to mention that there was no noticeable change in the computer's performance or symptoms as of the last post.


  • 0

#8
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

Panda worked like a charm!  I didn't even know it existed, but thanks for the tip.  I scanned all files with both MBAM and MSE, no threats were detected in the files I saved.

 

Thank You!


  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)
 

Panda worked like a charm! I didn't even know it existed, but thanks for the tip. I scanned all files with both MBAM and MSE, no threats were detected in the files I saved.

Thank You!

Good and you're most welcome. I actually use Panda USB Vaccine myself on my machines and also on my Son's.
 

I forgot to mention that there was no noticeable change in the computer's performance or symptoms as of the last post.

OK and thank you.
 

I noticed somewhere, possibly on your profile that you may not be available on weekens, so thank you for your time and your help thus far. I live in Las Vegas, NV and it's a little after 5:30am, and I'm getting ready for bed. I'll be getting up around 2 in the afternoon, so it will be a while until my next reply.

Sometimes I have more time available at the weekends than others but I most likely will not be around this evening my time/GMT until sometime tomorrow, so please bare with myself.
 

I will NOT do anything without your express instruction, however I intend to scan these log results and see if I can anticipate which entries need attention. Since I have never used either of these tools, I don't know what to do once something is identified, but I still can use this as a learning experience.

Acknowledged.

Next:

aswMBR is reporting the machine has a Vista MBR rather than say a Windows 7 one or a custom Toshiba for example. So to err on the side of caution I would like to analyse this.

So please attach this file:-

C:\Users\Susan\Desktop\MBR.dat

In your next reply; How to add an attachment to a new topic or reply.

Java Advice:

There has been a recent severe exploration of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that it is installed Java related:-

Java 6 Update 25

So you need to uninstall the aforementioned(if still present via Uninstall a program or Programs and Features located in the Control Panel)...Your choice if you wish to go ahead and reinstall but as mentioned I advise against it and for the present I do not even have anything Java related installed on my machines.

Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.

Submit a File for Analysis:

Ensure hidden files are visible via checking as follows:-

Showing hidden files
 
Now please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-
http://www.geekstogo.com/forum/topic/339872-cant-run-mse/
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\windows\SysWOW64\attrib9.dll

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Custom FRST Scan:
  • Now right-click on FRST.exe and select Run as Administrator to start FRST.
  • Type the following in the edit box after "Search:" and or cut n paste it in.
rpcss.dll
  • Click on the Search File(s) button/radio tab.
  • Once the search is complete a notepad file named Search.txt will be saved to the desktop.
  • Post the contents of the aforementioned notepad file in your next reply.

  • 0

#10
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

OK.  I have uninstalled Java.  I suspect we'll need to install it later for my niece's games, but I'll worry about that if/when it becomes necessary.

 

MBR.dat has been attached

 

attrib9.dll has been submitted for analysis.  It took me a while to give myself permission to submit this file.  I had already set Windows Explorer to show all files before contacting you the first time.  This one was set as read only, and it would not let me uncheck that box until I had changed the permissions associated with the file.  I understand that this compromises security of the machine, but the ultimate goal here is to get the computer to a point where we'll be able to reset to factory conditions via Windows Repair, so that will be fixed when we're done, anyway.

 

FRST search.txt contents:

 

Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Susan at 2014-06-14 13:22:34
Running from C:\Users\Susan\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 20:24][2010-11-20 20:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2010-11-20 20:24][2010-11-20 20:24] 0524288 ____A (Microsoft Corporation) 4D1BDC529E9317135418A7FDF2A275A6

====== End Of Search ======

Attached Files

  • Attached File  MBR.dat   512bytes   140 downloads

  • 0

Advertisements


#11
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

I forgot to mention, your link about how to add an attachment returns a "404 not found" message.


  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)
 

I have uninstalled Java. I suspect we'll need to install it later for my niece's games, but I'll worry about that if/when it becomes necessary.


Acknowledged.
 

MBR.dat has been attached

I have analysed that and all appears fine so no further action is required. PLus I am of the mind if something is not broke why fix it.
 

attrib9.dll has been submitted for analysis. It took me a while to give myself permission to submit this file. I had already set Windows Explorer to show all files before contacting you the first time. This one was set as read only, and it would not let me uncheck that box until I had changed the permissions associated with the file. I understand that this compromises security of the machine


Fair play and we will be eradicating the file in question as it turns out it is indeed malicious.
 

ultimate goal here is to get the computer to a point where we'll be able to reset to factory conditions via Windows Repair, so that will be fixed when we're done, anyway.


We may not have to resort to that if the overall malware removal process is successful. Also for interest sake the methodology for resetting the machine is slightly different than per the norm for Toshiba machines according to my research.
 

I forgot to mention, your link about how to add an attachment returns a "404 not found" message.


My apologies about that, I have rectified that and thank you for bringing it to my attention.

MSConfig Advice:

It is far from ideal to use the System Configuration Utility upon malicious entries to be honest but not a problem however and we will address those shortly...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
TCRB-1.jpg
  • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-
TBRB-2.jpg
  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

  • Now right-click on FRST.exe and select Run as Administrator to start FRST.
  • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
  • Reboot the machine(ensure you do this) when prompted to do so and post the contents of the newly created Fixlog in your next reply.
Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • 0

#13
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

Hi, sorry for the late reply, we went out late last night and never checked mail when I got home.

 

Happy Father's Day, if it applies to you.

 

OK, backed up the registry, here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014
Ran by Susan at 2014-06-15 15:33:34 Run:1
Running from C:\Users\Susan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKCU - {81DD3F7D-B161-4082-9FFD-80DDE8FD7E8D} URL = http://www.google.co...1I7TSNO_enUS494
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [135608 2011-11-30] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
2014-06-12 23:17 - 2014-06-12 23:17 - 00000000 ____S () C:\windows\system32\tdvvfon.vqw
2014-06-11 20:35 - 2014-06-11 20:35 - 00315743 ____S () C:\windows\system32\gpyxq.wki
C:\Users\Susan\AppData\Local\Temp\air1F80.exe
C:\Users\Susan\AppData\Local\Temp\airE9DF.exe
C:\Users\Susan\AppData\Local\Temp\airEF1D.exe
C:\Users\Susan\AppData\Local\Temp\airF269.exe
C:\Users\Susan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Susan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmoiftk.dll
C:\Users\Susan\AppData\Local\Temp\hylmeefv.dll
C:\Program Files (x86)\Java
C:\Program Files (x86)\Norton PC Checkup
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Task: {7CEA8A9D-9C6C-4F05-889B-C9590387C445} - \AutoKMS No Task File <==== ATTENTION
Task: {AF266F92-3EE6-4933-BF74-9A31D3BDDE43} - System32\Tasks\rostk => Rundll32.exe "C:\windows\SysWOW64\attrib9.dll",TYFZUOE
Task: C:\windows\Tasks\rostk.job => C:\windows\SysWOW64\attrib9.dll
C:\windows\SysWOW64\attrib9.dl
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Reboot:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}' => Key deleted successfully.
'HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{81DD3F7D-B161-4082-9FFD-80DDE8FD7E8D}' => Key deleted successfully.
'HKCR\CLSID\{81DD3F7D-B161-4082-9FFD-80DDE8FD7E8D}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}' => Key deleted successfully.
'HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin'=> Key not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
Norton PC Checkup Application Launcher => Unable to stop service
Norton PC Checkup Application Launcher => Service deleted successfully.
PCCUJobMgr => Service deleted successfully.
C:\windows\system32\tdvvfon.vqw => Moved successfully.
Could not move "C:\windows\system32\gpyxq.wki" => Scheduled to move on reboot.
C:\Users\Susan\AppData\Local\Temp\air1F80.exe => Moved successfully.
C:\Users\Susan\AppData\Local\Temp\airE9DF.exe => Moved successfully.
C:\Users\Susan\AppData\Local\Temp\airEF1D.exe => Moved successfully.
C:\Users\Susan\AppData\Local\Temp\airF269.exe => Moved successfully.
C:\Users\Susan\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Susan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmoiftk.dll => Moved successfully.
C:\Users\Susan\AppData\Local\Temp\hylmeefv.dll => Moved successfully.
"C:\Program Files (x86)\Java" => File/Directory not found.
C:\Program Files (x86)\Norton PC Checkup => Moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7CEA8A9D-9C6C-4F05-889B-C9590387C445}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CEA8A9D-9C6C-4F05-889B-C9590387C445}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AF266F92-3EE6-4933-BF74-9A31D3BDDE43}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF266F92-3EE6-4933-BF74-9A31D3BDDE43}' => Key deleted successfully.
C:\Windows\System32\Tasks\rostk => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rostk' => Key deleted successfully.
C:\windows\Tasks\rostk.job => Moved successfully.
"C:\windows\SysWOW64\attrib9.dl" => File/Directory not found.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-15 15:34:59)<=

C:\windows\system32\gpyxq.wki => Is moved successfully.

==== End of Fixlog ====


  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)
 

sorry for the late reply, we went out late last night and never checked mail when I got home.


Not a problem I assure you.
 

Happy Father's Day, if it applies to you.


Thank you and likewise!
 

backed up the registry


Acknowledged, lets proceed as follows shall we...

TFC(Temp File Cleaner):
  • Please download TFC to the desktop,
  • Right-click on TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of the GUI(graphical user interface)'
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes Anti-Malware:

Please uninstall the version presently installed:-

Malwarebytes Anti-Malware version 1.75.0.1300 via Uninstall a program or Programs and Features located in the Control Panel.

As it is out of date now and we ill be replacing it shortly...

The please download a new installer for Malwarebytes' Anti-Malware to the desktop.
  • Right-click on mbam-setup-2.0.2.1012.exe and select Run as Administrator, then follow the prompts to install the program.
  • Select the language and click OK >> Accept the agreement.
  • Deselect the check-mark next to Enable the Free Trial(you may enable this when I give the all clear if yo so wish) and then ensure Launch Malwarebytes' Anti-Malware is selected, then click on finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click on Quarantine All
  • When disinfection is completed, a dialogue will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History >> Application Logs.
  • Double click on the last scan done, then on Copy to Clipboard.
  • To submit your reply, click on Add Reply, then right click on the window and select Paste.
  • Submit your reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with FSS:

Please download Farbar Service Scanner and save to the desktop.
  • Right-click on FSS.exe and select Run as Administrator to start the program.
  • Select all available options.
  • Then click on the Scan tab.
  • When the scan is complete, it will produce a log named FSS.txt.
  • Post the contents in your next reply.
Next:

When completed the above, please post back the following in the order asked for:
  • Malwarebytes Anti-Malware Log.
  • Farbar Service Scanner Log.

  • 0

#15
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

OK, here it is.  MBAM only found one problem.  That seems suspicious.

 

MBAM report:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/16/2014
Scan Time: 4:04:30 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.16.03
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Susan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351163
Time Elapsed: 8 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.ReMarkable.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re-Markable, Quarantined, [53d031488bf01a1c8c34c5ef52b032ce],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

FSS report:

 

Farbar Service Scanner Version: 10-06-2014
Ran by Susan (administrator) on 16-06-2014 at 04:18:18
Running from "C:\Users\Susan\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP