victor1221

ESET Online Scanner: - No threads found.

MalwareBytes' Anti-Malware scan log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/11/2014 Scan Time: 11:13:57 PM Logfile: MB scan log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.13.03 Rootkit Database: v2014.11.12.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Victor Scan Type: Threat Scan Result: Completed Objects Scanned: 355073 Time Elapsed: 4 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Hey Valinorum, Below is the new fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014 Ran by Victor at 2014-11-07 15:01:37 Run:2 Running from C:\Users\Victor\Desktop Loaded Profiles: Victor & Vic1221 (Available profiles: Victor & Vic1221) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start Closeprocesses: Startup: C:\Users\Vic1221\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\PROGRA~3\6A868E58.cpp (No File) Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\PROGRA~3\6A868E58.cpp (No File) C:\PROGRA~3\6A868E58.cpp SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={0C94E0E3-4FBA-459C-988A-CCB4B23C62FD}&mid=f0bb80ebba47488282ab95e04f4e433c-746292e4e59e515f8fbc201d3c476da524872632〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-05 00:14:22&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms} S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X] C:\Windows\system32\PnkBstrA.exe 2014-10-25 14:14 - 2014-10-25 14:14 - 00000000 ____D () C:\Users\Victor\AppData\Roaming\TuneUp Software 2014-10-11 23:26 - 2013-04-09 21:32 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-10-11 23:26 - 2013-04-01 02:43 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-10-11 23:26 - 2013-04-01 02:43 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 AlternateDataStreams: C:\Users\Victor\Desktop\H220 RMA form.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Victor\Desktop\PTG.jpeg:3or4kl4x13tuuug3Byamue2s4b Reboot: End ***************** Processes closed successfully. C:\Users\Vic1221\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully. C:\PROGRA~3\6A868E58.cpp not found. C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully. C:\PROGRA~3\6A868E58.cpp not found. "C:\PROGRA~3\6A868E58.cpp" => File/Directory not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. "HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. PnkBstrA => Service deleted successfully. "C:\Windows\system32\PnkBstrA.exe" => File/Directory not found. C:\Users\Victor\AppData\Roaming\TuneUp Software => Moved successfully. C:\Windows\SysWOW64\PnkBstrB.xtr => Moved successfully. C:\Windows\SysWOW64\PnkBstrB.exe => Moved successfully. C:\Windows\SysWOW64\PnkBstrB.ex0 => Moved successfully. "C:\Users\Victor\Desktop\H220 RMA form.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found. "C:\Users\Victor\Desktop\PTG.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found. The system needed a reboot. ==== End of Fixlog ==== The error messages are no longer appearing. Regards, Victor L.

I am a little occupied at the moment but I will give you the results of the log today.

Recently one of my computers got infected with a "Interpol" ransom virus, and I had to use a USB drive to download some removal tools to tackle the situation. A file contained in the USB drive got contaminated with the virus, and I would like to now completely format the drive. The small amount of files that are on the drive are not important. From what I've read, Autorun is, by default, disabled for Windows 7. The system has Windows 7 Ultimate with the latest updates. I am wondering if it is safe to format the drive using a Windows 7 PC. I won't even bother to open the USB drive to view the contents -- I know what is exactly in there. Again, none of the content are important. It will literally be plug the USB thumb drive in, right-clock, format, uncheck the "quick format" box, click the "Format" button. Rinse and repeat a few times. Would it be safe to do it using this method, or better to use....a Linux operating system, or other forms of software? Thanks. Regards, Victor L.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014 Ran by Victor at 2014-11-05 00:17:39 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark (HKLM-x32\...\{38f32cea-14ce-4349-882e-8779bcd45e5c}) (Version: 1.2.362.0 - Futuremark) 3DMark (Version: 1.2.362.0 - Futuremark) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Profiles (HKLM-x32\...\{148971EC-8755-A666-D384-8F2E9E8B0DC8}) (Version: 2.0.4854.34117 - Advanced Micro Devices, Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology) ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.14 - ASUSTeK Computer Inc.) Atollic TrueSTUDIO for ARM Lite 4.0.1 (HKLM-x32\...\Atollic TrueSTUDIO for ARM Lite 4.0.1) (Version: 4.0.1 - Atollic AB) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies) AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB) BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) CPUID ROG CPU-Z 1.65 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.65 - CPUID, Inc.) Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts) Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts) DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version: - id Software) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts) File Association Helper (HKLM\...\{572D0504-2C67-4016-801F-D70879A3026A}) (Version: 1.1.6.53763 - WinZip Computing International, LLC) Futuremark SystemInfo (HKLM-x32\...\{EF7EA37B-C009-4D53-AE2A-FF7C6AEC35CE}) (Version: 4.26.386 - Futuremark) Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) HeroesLand MuOnline Season6 7.00 (HKLM-x32\...\HeroesLand MuOnline Season6 7.00) (Version: 7.00 - HeroesLand) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel® Network Connections 16.4.68.0 (HKLM\...\PROSetDX) (Version: 16.4.68.0 - Intel) iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.) LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe) Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.) Lost Planet: Extreme Condition - Colonies Edition (HKLM-x32\...\Steam App 45720) (Version: - CAPCOM CO., LTD.) LTspice IV (HKLM-x32\...\LTspice IV) (Version: - ) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{47749e7f-777f-49b2-9890-d690cb376be9}) (Version: - Nero AG) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.) P&E GDB Server for Kinetis (HKLM-x32\...\gdb_server_kinetis) (Version: - ) Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.) Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version: - ) SiSoftware Sandra Lite 2014.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.21.2014.3 - SiSoftware) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Sound Blaster X-Fi MB 2 (HKLM-x32\...\{89F922D6-E3E0-4303-AF8E-CE18412E3A18}) (Version: 1.0 - Creative Technology Limited) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) STLinkDriver (HKLM-x32\...\{8D95C42C-6853-441A-9F8E-A6C856D0E5F3}) (Version: 1.04.0000 - STMicroelectronics) TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WhoCrashed 4.01 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {028EFF3B-4A0E-4FDA-B7F6-D398CEEC92FE} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-29] () Task: {F08F09CA-C7FE-4D45-B40D-DEB35F092B2E} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2010-11-23] () ==================== Loaded Modules (whitelisted) ============= 2013-12-06 15:06 - 2013-12-06 15:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-07-26 04:59 - 2013-07-26 04:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-07-26 04:59 - 2013-07-26 04:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2011-06-13 00:36 - 2011-06-13 00:36 - 00922240 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe 2010-12-01 18:15 - 2010-12-01 18:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe 2013-03-29 19:57 - 2010-10-21 01:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe 2009-03-29 22:32 - 2009-03-29 22:32 - 00032768 ____R () C:\Windows\DAODx.exe 2013-03-29 19:57 - 2011-05-03 08:50 - 01384064 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe 2013-12-06 15:06 - 2013-12-06 15:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-11-05 00:14 - 2014-11-05 00:14 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe 2014-11-05 00:14 - 2014-11-05 00:14 - 03060248 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe 2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-03-29 19:58 - 2014-11-05 00:12 - 00037376 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\PEbiosinterface32.dll 2013-03-29 19:58 - 2010-06-28 18:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.14\ATKEX.dll 2011-03-04 11:02 - 2011-03-04 11:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2011-03-04 11:02 - 2011-03-04 11:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2011-03-04 11:02 - 2011-03-04 11:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2013-03-29 19:57 - 2010-08-09 20:23 - 00175616 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\ASUSSERVICE.DLL 2013-03-29 19:57 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\pngio.dll 2013-03-29 20:01 - 2009-12-29 15:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL 2013-03-29 20:01 - 2010-06-08 12:22 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL 2014-11-05 00:14 - 2014-11-05 00:14 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll 2014-11-05 00:14 - 2014-11-05 00:14 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll 2014-11-05 00:14 - 2014-11-05 00:14 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Victor\Desktop\H220 RMA form.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Victor\Desktop\PTG.jpeg:3or4kl4x13tuuug3Byamue2s4b ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-698355639-1338027857-1838867820-500 - Administrator - Disabled) Guest (S-1-5-21-698355639-1338027857-1838867820-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-698355639-1338027857-1838867820-1011 - Limited - Enabled) Vic1221 (S-1-5-21-698355639-1338027857-1838867820-1012 - Administrator - Enabled) => C:\Users\Vic1221 Victor (S-1-5-21-698355639-1338027857-1838867820-1000 - Administrator - Enabled) => C:\Users\Victor ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (10/25/2014 02:54:21 PM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY) Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C} Error: (10/25/2014 02:07:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: 6A868E58.cpp, version: 1.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x00005d20 Faulting process id: 0xe70 Faulting application start time: 0xrundll32.exe0 Faulting application path: rundll32.exe1 Faulting module path: rundll32.exe2 Report Id: rundll32.exe3 Error: (10/25/2014 01:59:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17041 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1764 Start Time: 01cff09beda60b84 Termination Time: 303 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (10/25/2014 03:23:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4 Faulting module name: SteadyVideo.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f39573b Exception code: 0xc0000005 Fault offset: 0x74731cd8 Faulting process id: 0x24fc Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (10/25/2014 02:18:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002defe Faulting process id: 0x17d8 Faulting application start time: 0xrundll32.exe0 Faulting application path: rundll32.exe1 Faulting module path: rundll32.exe2 Report Id: rundll32.exe3 Error: (10/25/2014 02:13:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4 Faulting module name: SteadyVideo.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f39573b Exception code: 0xc0000005 Fault offset: 0x73a11cd8 Faulting process id: 0x2440 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (10/25/2014 01:42:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4 Faulting module name: SteadyVideo.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f39573b Exception code: 0xc0000005 Fault offset: 0x73a11cd8 Faulting process id: 0x18e8 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (10/25/2014 01:40:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4 Faulting module name: SteadyVideo.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f39573b Exception code: 0xc0000005 Fault offset: 0x73a11cd8 Faulting process id: 0x22ec Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (10/24/2014 10:27:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4 Faulting module name: atidxx32.dll, version: 8.17.10.525, time stamp: 0x52a23862 Exception code: 0xc0000005 Fault offset: 0x0041cd9a Faulting process id: 0x10b4 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (10/13/2014 00:12:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4 Faulting module name: atidxx32.dll, version: 8.17.10.525, time stamp: 0x52a23862 Exception code: 0xc0000005 Fault offset: 0x0041cd9a Faulting process id: 0xc74 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 System errors: ============= Error: (11/05/2014 00:23:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:23:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:22:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:22:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:21:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:21:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:20:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:20:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:19:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Error: (11/05/2014 00:19:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Management Instrumentation service terminated with the following error: %%126 Microsoft Office Sessions: ========================= Error: (10/25/2014 02:54:21 PM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY) Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}(NULL)(NULL)(NULL)(NULL)(NULL) Error: (10/25/2014 02:07:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: rundll32.exe6.1.7600.163854a5bc6376A868E58.cpp1.0.0.02a425e19c000000500005d20e7001cff09a6072e03aC:\Windows\SysWOW64\rundll32.exeC:\PROGRA~3\6A868E58.cpp411040f8-5c93-11e4-8444-5404a627f0f8 Error: (10/25/2014 01:59:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.17041176401cff09beda60b84303C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (10/25/2014 03:23:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4SteadyVideo.dll_unloaded0.0.0.04f39573bc000000574731cd824fc01cff04604daf88bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXESteadyVideo.dll46d6a242-5c39-11e4-9942-5404a627f0f8 Error: (10/25/2014 02:18:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.18247521ea8e7c00000050002defe17d801cff03bf07d8055C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dll3a98a967-5c30-11e4-9942-5404a627f0f8 Error: (10/25/2014 02:13:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4SteadyVideo.dll_unloaded0.0.0.04f39573bc000000573a11cd8244001cff03c422b9698C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXESteadyVideo.dll8565b3fb-5c2f-11e4-9942-5404a627f0f8 Error: (10/25/2014 01:42:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4SteadyVideo.dll_unloaded0.0.0.04f39573bc000000573a11cd818e801cff03803f02a84C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXESteadyVideo.dll4635aef3-5c2b-11e4-9942-5404a627f0f8 Error: (10/25/2014 01:40:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4SteadyVideo.dll_unloaded0.0.0.04f39573bc000000573a11cd822ec01cff037a40bb46aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXESteadyVideo.dlle5a84e2a-5c2a-11e4-9942-5404a627f0f8 Error: (10/24/2014 10:27:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4atidxx32.dll8.17.10.52552a23862c00000050041cd9a10b401cfefaf31aa02b2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dll70e17164-5bab-11e4-9797-5404a627f0f8 Error: (10/13/2014 00:12:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4atidxx32.dll8.17.10.52552a23862c00000050041cd9ac7401cfe6616416eef5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dllb3084f92-52b0-11e4-87de-5404a627f0f8 CodeIntegrity Errors: =================================== Date: 2014-02-17 17:48:19.969 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 17:48:19.909 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 17:48:18.909 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 17:48:18.859 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-15 16:04:16.637 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-15 16:04:16.577 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-15 16:04:15.607 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-15 16:04:15.557 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-14 06:41:28.672 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-14 06:41:28.622 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX-8350 Eight-Core Processor Percentage of memory in use: 36% Total physical RAM: 8152.26 MB Available physical RAM: 5162.36 MB Total Pagefile: 10198.44 MB Available Pagefile: 6827.05 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:33.49 GB) NTFS Drive d: (SSD2) (Fixed) (Total:111.66 GB) (Free:51.09 GB) NTFS Drive e: (HDD1) (Fixed) (Total:931.51 GB) (Free:851.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: A2A1F1EC) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 35D4209C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AD5E0134) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Hey Valinorum, The following are the .txt log files that you requested. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014 Ran by Victor (administrator) on VICTOR-PC on 05-11-2014 00:17:12 Running from E:\ Loaded Profiles: Victor & Vic1221 (Available profiles: Victor & Vic1221) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (TomTom) D:\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Windows\DAODx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (TomTom) D:\TomTom HOME 2\TomTomHOMERunner.exe (Skype Technologies S.A.) E:\Skype\Phone\Skype.exe () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (Apple Inc.) E:\iTunes\iTunesHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.10\ScriptHelper.exe (AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe (AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-27] (Logitech Inc.) HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC) HKLM-x32\...\Run: [GPU TweakIt Server Execute] => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe [1384064 2011-05-03] () HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1349632 2010-06-11] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-05] () HKU\S-1-5-21-698355639-1338027857-1838867820-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\S-1-5-21-698355639-1338027857-1838867820-1000\...\Run: [steam] => E:\Steam\Steam.exe [1753280 2014-07-15] (Valve Corporation) HKU\S-1-5-21-698355639-1338027857-1838867820-1000\...\Run: [TomTomHOME.exe] => D:\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom) HKU\S-1-5-21-698355639-1338027857-1838867820-1000\...\Run: [skype] => E:\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-698355639-1338027857-1838867820-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe [540336 2014-09-09] (Adobe Systems Incorporated) HKU\S-1-5-21-698355639-1338027857-1838867820-1012\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-29] (Microsoft Corporation) Startup: C:\Users\Vic1221\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\PROGRA~3\6A868E58.cpp (No File) Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\PROGRA~3\6A868E58.cpp (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x96A4EE5E1C82CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={0C94E0E3-4FBA-459C-988A-CCB4B23C62FD}&mid=f0bb80ebba47488282ab95e04f4e433c-746292e4e59e515f8fbc201d3c476da524872632〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-05 00:14:22&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1 FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed] R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] () R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-03-29] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-03-29] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed] S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-02-28] (Futuremark) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1a\RpcAgentSrv.exe [72344 2008-02-17] (SiSoftware) [File not signed] R2 TomTomHOMEService; D:\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom) R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-05] (AVG Secure Search) S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] () R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-05] (AVG Technologies) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-22] () R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo) S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X] S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4 C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72 C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\amd_sata.sys A4947E035B441D946422BD9A5D411C98 C:\Windows\System32\DRIVERS\amd_xata.sys 7A0E0CE7AECEE3F175CB2DAC81694499 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys E8CCB797DAF80779C768BD3A9FC8FCAF C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\AsIO.sys FEF9DD9EA587F8886ADE43C1BEFBDAFE C:\Windows\System32\DRIVERS\asmthub3.sys 6D9C024AA8F24065A6DBEAB1F431D854 C:\Windows\System32\DRIVERS\asmtxhci.sys ECAD22F15D8F17CC04F24E9A6FB00F2F C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3 C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72 C:\Windows\System32\DRIVERS\avgdiska.sys 54FE1CAFA3B3029B282E6A05EA672031 C:\Windows\System32\DRIVERS\avgidsdrivera.sys 7F6BE4B64811AFECE52FBAD85E31E378 C:\Windows\System32\DRIVERS\avgidsha.sys 17C34C4B42C8B2EFCF2C065178BF4806 C:\Windows\System32\DRIVERS\avgldx64.sys 7C9E8FD2BFCE60BDF9B5944C0BE47C87 C:\Windows\System32\DRIVERS\avgloga.sys 734DCC05A7F327FDCE43A18BA011FD4E C:\Windows\System32\DRIVERS\avgmfx64.sys B4D589C734D796B5B76E0A0E5DA50397 C:\Windows\System32\DRIVERS\avgrkx64.sys 3CE824D46BA1871713ABF147E6BAD556 C:\Windows\System32\DRIVERS\avgtdia.sys 0BB7ECAC81554D83A66A0B9F961BB9D0 C:\Windows\system32\drivers\avgtpx64.sys 68430AD3FB0FADBFA5D1677617D1E1F5 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868 C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\e1q62x64.sys CCB844D8E540D6BC7A0A98584AEBD479 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0 C:\Windows\System32\DRIVERS\LGSHidFilt.Sys CDDC07D414B08FECD48E4940C29F483F C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 6FA271B6816AFFAEF640808FC51AC8AF C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1a\WNt500x64\Sandra.sys 5EFBBFCC6ADAC121C8E2FE76641ED329 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2 C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\drivers\windrvr6.sys 2CB8EA7B3256FDBA51F402843E2A3617 C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 00:14 - 2014-11-05 00:15 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar 2014-11-05 00:14 - 2014-11-05 00:14 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2014-11-05 00:14 - 2014-11-05 00:14 - 00000000 ____D () C:\Users\Victor\AppData\Local\AVG Web TuneUp 2014-11-05 00:14 - 2014-11-05 00:14 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp 2014-11-05 00:14 - 2014-11-05 00:14 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-11-05 00:14 - 2014-11-05 00:14 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp 2014-10-26 09:10 - 2014-10-26 09:10 - 00114885 _____ () C:\Users\Vic1221\Desktop\Shortcut.txt 2014-10-26 09:05 - 2014-10-26 09:10 - 00060069 _____ () C:\Users\Vic1221\Desktop\FRST.txt 2014-10-26 09:05 - 2014-10-26 09:10 - 00033551 _____ () C:\Users\Vic1221\Desktop\Addition.txt 2014-10-26 09:04 - 2014-11-05 00:17 - 00000000 ____D () C:\FRST 2014-10-26 09:04 - 2014-10-31 15:13 - 02113536 _____ (Farbar) C:\Users\Vic1221\Desktop\FRST64.exe 2014-10-25 18:25 - 2014-10-25 18:26 - 00000000 ____D () C:\Users\Vic1221\AppData\Local\Avg2015 2014-10-25 18:25 - 2014-10-25 18:25 - 00000000 ____D () C:\Users\Vic1221\AppData\Roaming\AVG2015 2014-10-25 14:43 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-10-25 14:43 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-10-25 14:42 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-10-25 14:42 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-10-25 14:42 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-10-25 14:42 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-10-25 14:42 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-10-25 14:42 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-10-25 14:42 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-10-25 14:42 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-10-25 14:41 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-25 14:41 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-25 14:41 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-25 14:41 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-25 14:41 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-25 14:41 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-25 14:41 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-25 14:41 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-25 14:41 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-25 14:41 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-25 14:41 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-25 14:41 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-25 14:41 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-25 14:41 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-25 14:41 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-25 14:41 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-25 14:41 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-25 14:41 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-25 14:41 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-25 14:41 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-25 14:41 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-25 14:41 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-25 14:41 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-25 14:41 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-25 14:41 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-25 14:41 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-25 14:41 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-25 14:41 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-25 14:41 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-25 14:41 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-25 14:41 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-25 14:41 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-25 14:41 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-25 14:41 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-25 14:41 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-25 14:41 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-25 14:41 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-25 14:41 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-25 14:41 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-25 14:41 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-25 14:41 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-25 14:41 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-25 14:41 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-25 14:41 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-25 14:41 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-25 14:41 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-25 14:41 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-25 14:41 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-25 14:41 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-25 14:41 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-25 14:41 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-25 14:41 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-25 14:41 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-25 14:41 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-25 14:41 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-25 14:41 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-25 14:40 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-25 14:40 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-25 14:40 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-25 14:40 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-25 14:40 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-25 14:40 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-25 14:40 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-25 14:40 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-10-25 14:40 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-10-25 14:40 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-25 14:40 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-25 14:40 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-25 14:40 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-25 14:40 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-25 14:40 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-10-25 14:40 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-10-25 14:40 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-10-25 14:40 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-10-25 14:40 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-25 14:40 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-25 14:40 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-25 14:40 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-25 14:40 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-25 14:40 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-25 14:40 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-25 14:40 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-25 14:40 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-25 14:40 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-25 14:40 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-25 14:40 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-10-25 14:40 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-10-25 14:40 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-10-25 14:40 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-10-25 14:40 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-10-25 14:40 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-10-25 14:40 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-10-25 14:40 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-10-25 14:40 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-10-25 14:40 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-10-25 14:40 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-10-25 14:40 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-25 14:40 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-25 14:40 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-25 14:40 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-25 14:40 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-25 14:40 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-25 14:40 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-10-25 14:40 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-10-25 14:40 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-10-25 14:40 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-10-25 14:40 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-10-25 14:40 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-10-25 14:40 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-10-25 14:40 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-10-25 14:40 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-10-25 14:40 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-10-25 14:40 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-25 14:40 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-10-25 14:40 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-10-25 14:40 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-10-25 14:40 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-10-25 14:40 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-25 14:40 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-10-25 14:40 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-10-25 14:40 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-10-25 14:40 - 2014-05-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-10-25 14:40 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-10-25 14:40 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-10-25 14:40 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-10-25 14:40 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-10-25 14:40 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-10-25 14:40 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-10-25 14:40 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-10-25 14:40 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-10-25 14:40 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-10-25 14:40 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-10-25 14:40 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-10-25 14:40 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-10-25 14:14 - 2014-11-05 00:13 - 00000000 ____D () C:\ProgramData\AVG2015 2014-10-25 14:14 - 2014-10-25 14:14 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2014-10-25 14:14 - 2014-10-25 14:14 - 00000000 ___HD () C:\$AVG 2014-10-25 14:14 - 2014-10-25 14:14 - 00000000 ____D () C:\Users\Victor\AppData\Roaming\TuneUp Software 2014-10-25 14:14 - 2014-10-25 14:14 - 00000000 ____D () C:\Users\Victor\AppData\Roaming\AVG2015 2014-10-25 14:14 - 2014-10-25 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-10-25 14:14 - 2014-10-25 14:14 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-10-25 14:11 - 2014-11-05 00:15 - 00000000 ____D () C:\ProgramData\MFAData 2014-10-25 14:11 - 2014-10-25 14:20 - 00000000 ____D () C:\Users\Victor\AppData\Local\Avg2015 2014-10-25 14:11 - 2014-10-25 14:11 - 00000000 ____D () C:\Users\Victor\AppData\Local\MFAData 2014-10-21 22:05 - 2014-10-21 22:05 - 00543581 _____ () C:\Users\Victor\Desktop\Assignment2.zip 2014-10-13 22:36 - 2014-10-13 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-13 22:36 - 2014-10-13 22:36 - 00000000 ____D () C:\Program Files (x86)\Skype 2014-10-11 12:16 - 2014-10-11 12:17 - 06911390 _____ () C:\Users\Victor\Desktop\E7900v1.0.zip 2014-10-11 12:05 - 2014-10-11 12:08 - 10336512 _____ () C:\Users\Victor\Desktop\M7900v1.0_EURO.zip 2014-10-10 20:36 - 2014-10-10 20:36 - 00000000 ____D () C:\Users\Victor\Documents\BioWare 2014-10-10 20:36 - 2014-10-10 20:36 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-10-10 14:14 - 2014-10-10 14:14 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-10-07 20:43 - 2014-10-07 20:43 - 00262424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 00:15 - 2013-03-29 18:58 - 01681220 _____ () C:\Windows\WindowsUpdate.log 2014-11-05 00:13 - 2013-05-10 20:01 - 00000000 ____D () C:\Users\Victor\AppData\Roaming\Skype 2014-11-05 00:13 - 2013-03-29 19:58 - 00072127 _____ () C:\ProgramData\Gpu.log 2014-11-05 00:13 - 2009-07-13 20:51 - 00123711 _____ () C:\Windows\setupact.log 2014-11-05 00:12 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-04 08:10 - 2009-07-13 20:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-04 08:10 - 2009-07-13 20:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-25 18:42 - 2014-09-20 14:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-25 18:22 - 2009-07-13 20:45 - 00408720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-25 18:21 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-25 18:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-25 18:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-25 18:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-25 14:47 - 2013-03-29 23:05 - 00765656 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-10-25 14:47 - 2009-07-13 21:13 - 00765656 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-25 14:43 - 2013-12-17 01:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-25 02:33 - 2014-09-20 14:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-25 02:33 - 2014-09-20 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-25 02:33 - 2014-09-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-17 22:53 - 2014-08-25 22:40 - 00000000 ____D () C:\Users\Victor\AppData\Local\Battle.net 2014-10-17 19:43 - 2014-03-15 17:27 - 00000022 _____ () C:\Windows\GPU-Z.INI 2014-10-13 22:42 - 2013-12-22 01:49 - 02128896 _____ () C:\Users\Victor\AppData\Local\file__0.localstorage 2014-10-13 22:36 - 2014-04-03 18:31 - 00002475 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-10-13 22:36 - 2013-05-10 20:01 - 00000000 ____D () C:\ProgramData\Skype 2014-10-11 23:26 - 2013-04-09 21:32 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-10-11 23:26 - 2013-04-01 02:43 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-10-11 23:26 - 2013-04-01 02:43 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-10-11 21:54 - 2013-03-31 22:54 - 00000000 ____D () C:\ProgramData\Origin 2014-10-10 20:36 - 2013-04-01 02:42 - 00454810 _____ () C:\Windows\DirectX.log 2014-10-10 20:36 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-07 16:23 - 2014-08-25 22:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume3 description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {baaa87f0-b8fc-11dc-94a0-e2f485f8d88c} displayorder {current} toolsdisplayorder {memdiag} timeout 0 Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {baaa87f2-b8fc-11dc-94a0-e2f485f8d88c} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {baaa87f0-b8fc-11dc-94a0-e2f485f8d88c} nx OptIn Windows Boot Loader ------------------- identifier {baaa87f2-b8fc-11dc-94a0-e2f485f8d88c} device ramdisk=[C:]\Recovery\baaa87f2-b8fc-11dc-94a0-e2f485f8d88c\Winre.wim,{baaa87f3-b8fc-11dc-94a0-e2f485f8d88c} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\baaa87f2-b8fc-11dc-94a0-e2f485f8d88c\Winre.wim,{baaa87f3-b8fc-11dc-94a0-e2f485f8d88c} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {baaa87f0-b8fc-11dc-94a0-e2f485f8d88c} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume3 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {baaa87f3-b8fc-11dc-94a0-e2f485f8d88c} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\baaa87f2-b8fc-11dc-94a0-e2f485f8d88c\boot.sdi LastRegBack: 2014-10-17 18:10 ==================== End Of Log ============================

Thank you Valinorum! My main user account is now back and running. Only minor issue is that there are now two RunDLL errors popping up. 1) There was a problem starting 6a868e58.cpp The specified module could not be found 2)There was a problem starting C:\PROGRA~3\6A868E58.cpp The specified module could not be found 6A868E58.cpp was exactly one of the IDP.Trojans AVG AntiVrius cause hold of. I assume I just need to perform a few more scans to make sure the virus is completely gone, and may need to perform a registry clean & repair....but I'll hear form you first. Cheers, Victor L.

I don't quite see how my personal documents could be the culprit, but they got infected, then so be it. "H220 RMA form" was a copy of my Return Merchandise Authorization form I had to mail out for a defective computer hardware that I had purchased. "PTG" was my well... permission to graduate form that I had fill out and submit to my institution.

Hey Valinorum, Some good news, the secondary administrative account has yet to be affected. The below is the Fixlog.txt file after performing the "Fix." I was prompted to reboot the computer so, I did so. Upon reboot, AVG Anti-virus detected a malicious software and blocked it: IDP.Trojan.FEAEFF7BF located in C:\ProgramData\6A868E58.cpp Given the file extension, it is clearly a C++ program file. I have yet to try my main user account. I will be using different flash drives for every step to prevent any (further) infection spreads. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01 Ran by Vic1221 at 2014-10-31 16:22:10 Run:1 Running from C:\Users\Vic1221\Desktop Loaded Profiles: Victor & Vic1221 (Available profiles: Victor & Vic1221) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start Closeprocesses: Emptytemp: C:\Windows\SysWOW64\PnkBstrA.exe File: C:\Windows\SysWOW64\rundll32.exe File: C:\Windows\System32\rundll32.exe HKU\S-1-5-21-698355639-1338027857-1838867820-1000\...\MountPoints2: {9aa20c26-a016-11e2-80d3-5404a627f0f8} - G:\LaunchU3.exe AlternateDataStreams: C:\Users\Victor\Desktop\H220 RMA form.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Victor\Desktop\H220 RMA form.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Victor\Desktop\PTG.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Victor\Desktop\PTG.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} End ***************** Processes closed successfully. C:\Windows\SysWOW64\PnkBstrA.exe => Moved successfully. ========================= File: C:\Windows\SysWOW64\rundll32.exe ======================== MD5: 51138BEEA3E2C21EC44D0932C71762A8 Creation and modification date: 2009-07-13 16:41 - 2009-07-13 18:14 Size: 0044544 Attributes: ----A Company Name: Microsoft Corporation Internal Name: rundll Original Name: RUNDLL32.EXE.MUI Product Name: Microsoft® Windows® Operating System Description: Windows host process (Rundll32) File Version: 6.1.7600.16385 (win7_rtm.090713-1255) Product Version: 6.1.7600.16385 Copyright: © Microsoft Corporation. All rights reserved. ====== End Of File: ====== ========================= File: C:\Windows\System32\rundll32.exe ======================== MD5: DD81D91FF3B0763C392422865C9AC12E Creation and modification date: 2009-07-13 16:57 - 2009-07-13 18:39 Size: 0045568 Attributes: ----A Company Name: Microsoft Corporation Internal Name: rundll Original Name: RUNDLL32.EXE.MUI Product Name: Microsoft® Windows® Operating System Description: Windows host process (Rundll32) File Version: 6.1.7600.16385 (win7_rtm.090713-1255) Product Version: 6.1.7600.16385 Copyright: © Microsoft Corporation. All rights reserved. ====== End Of File: ====== "HKU\S-1-5-21-698355639-1338027857-1838867820-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9aa20c26-a016-11e2-80d3-5404a627f0f8}" => Key deleted successfully. "HKCR\CLSID\{9aa20c26-a016-11e2-80d3-5404a627f0f8}" => Key not found. "C:\Users\Victor\Desktop\H220 RMA form.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found. C:\Users\Victor\Desktop\H220 RMA form.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully. "C:\Users\Victor\Desktop\PTG.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found. C:\Users\Victor\Desktop\PTG.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully. EmptyTemp: => Removed 2.7 GB temporary data. The system needed a reboot. ==== End of Fixlog ====

Sorry Valinorum, I've just been busy for the last day or two, but I will give you an update on the situation later today. Regards, Victor L.

Hey Valinorum, I will give give this a try when I get back home. IF my alternatve account is to be also infected, is there an alternative method to get this bit of code onto notepad and into FRST.exe? My second computer is in the same situation now, and it doesn't have an alternative administrative account. This is some-what why I am asking for an alternate method. Thank you, Victor L.

I didn't try to mean FRST.exe was a virus. I was trying to say, or what it seems, like the .txt files got infected after scan, which as a result, has not infected my other PC. After the scan completed, I copied the .txt files onto the USB drive, and connected it to my second PC. I then opened up the .txt files and "copy and pasted" its contents into the reply. I attempted to use my second PC (since my main PC is down for the count) for some work I had to finish up. Hold and behold, right after Windows log-in the page now shows up on the second PC. I will not be using a different, clean USB flash drive. Thanks, Victor L.

Unfortunate that I cannot edit my posts on this forum. I scanned my computer, and copied the two .txt files back onto the USB Drive so I could "copy and paste" them on the secondary computer. Clearly, that was a great mistake. If I must, I will use another USB flash drive for the time being.

Emergency Update: The computer that I was using to download the Farbar Recovery Scan Tool is now ALSO infected with the virus. This may be a growing problem.