First signs of this was my CDROM/DVD player/burner was ghost activating, and then it was robbing windows explorer of resources causing it to hang and crash.
I disabled the CDROM by unhooking the wire harness(s) that supply it. That enabled windows to stop from hanging.
I then installed a spy bot search and destroy and it found a few minor issues, I ran a whole scan and quarantined all threats.
I have a shared computer, and my better half needed help viewing a video file from her mother and it was in mp4 platform, my computer would not play it, I forgot I disabled flash player, and installed a mp4 down load Cole2kmedia-Codec pack (advanced) 8.0.2.
After un-installing the Cole2kmedia program the dbghelp.dll error message arrived at boot up on reboot, and would not allow the computer to boot up.
I ran a "run as admin." command line prompt using sfc/scannow, it replaced the dbghelp.dll file, and I was able to boot up.
So every time I try to un-install the Cole2kmedia program I receive the dbghelp.dll file is missing or corrupted error message on reboot every time.
Every time I hook back up the CDROM it hangs windows as all the data is going there and is ghost running, now my printer is turning on and off and is printing out ink cartridge realignment pages until I turn it off manually.
Before any of that happened above my CPU usage was way over and the cooling fans would run at full speed until they went down to 0-5%. I cracked the computer case and did a thorough vacuum cleaning, removing years of dust, that helped with the CPU usage and fan speed operation is normal again.
I noticed several items installed on my system that we did not approve of or was tricked to installing them through bundled software the free stuff 99% of the time.
So if you think my system is wasted and not worth the time and effort of checking it for malware I'll understand completely.
If you decide to take on this system, I'll pray for you.
Best regards Roger l Reid.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16696 BrowserJavaVersion: 11.45.2
Run by roger at 11:54:35 on 2015-09-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1249 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware2\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Program Files\AVG\AVG2015\avgrsx.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\loggingserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVG Web TuneUp\avgcefrend.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\roger\Desktop\CCleaner\CCleaner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqKYGRP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqKYGRP.exe
C:\Program Files\HP\Digital Imaging\Bin\hpqdstcp.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVG Web TuneUp\avgcefrend.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
mSearch Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
mSearch Page = hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
uSearchAssistant = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg web tuneup\4.1.6.294\AVG Web TuneUp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [Malwarebytes Anti-Exploit] c:\program files\malwarebytes anti-exploit\mbae.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [vProt] "c:\program files\avg web tuneup\vprot.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{5A7565AE-22B9-469D-B456-2F2EAD521EBD} : DHCPNameServer = 192.168.254.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: SDWinLogon - SDWinLogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware2\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {981b174d-7733-4e7f-b89d-6545a7c21838} - c:\program files\amazon\amazon1buttonapp\Amazon1ButtonTaskbarApp.exe /pin:
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\roger\appdata\roaming\mozilla\firefox\profiles\6f1mdaf5.default-1426000468977\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_232.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-5-12 190944]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-5-7 290272]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-6-10 170464]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-3-20 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-3-11 132576]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-6-26 231856]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-5-14 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-6-16 207328]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-5-12 213984]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\malwarebytes anti-exploit\mbae.sys [2015-5-24 47928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware2\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware2\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware2\SASCORE.EXE [2013-5-23 142648]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2015-7-7 3518376]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2015-7-7 314304]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\malwarebytes anti-exploit\mbae-svc.exe [2015-5-24 713016]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2015-8-31 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2015-8-31 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2015-8-31 171928]
R2 vToolbarUpdater40.1.6;vToolbarUpdater40.1.6;c:\program files\common files\avg secure search\vtoolbarupdater\40.1.6\ToolbarUpdater.exe [2015-9-9 1874320]
R2 WtuSystemSupport;WtuSystemSupport;c:\program files\avg web tuneup\WtuSystemSupport.exe [2015-9-9 1205136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2015-6-25 349728]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2015-6-25 209952]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2015-8-31 27192]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2014-3-27 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2014-4-11 772296]
.
=============== Created Last 30 ================
.
2015-09-09 15:50:14 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-09-09 15:50:14 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-09-09 15:49:36 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-09 15:49:36 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-09 15:47:53 985600 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-09-09 15:47:53 967680 ----a-w- c:\program files\windows journal\JNWDRV.dll
2015-09-09 15:47:53 940032 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2015-09-09 15:47:53 1850880 ----a-w- c:\program files\windows journal\Journal.exe
2015-09-09 15:47:53 1220608 ----a-w- c:\program files\windows journal\NBDoc.DLL
2015-09-09 15:47:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-09 15:47:34 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-09-09 15:47:34 2067456 ----a-w- c:\windows\system32\win32k.sys
2015-09-09 15:47:12 602112 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-09 12:46:57 -------- d-----w- c:\users\roger\appdata\local\AVG Web TuneUp
2015-09-09 07:51:56 -------- d-----w- c:\programdata\AVG Security Toolbar
2015-09-09 07:51:39 -------- d-----w- c:\programdata\AVG Secure Search
2015-09-09 07:51:39 -------- d-----w- c:\program files\common files\AVG Secure Search
2015-09-09 07:51:33 -------- d-----w- c:\programdata\AVG Web TuneUp
2015-09-08 12:25:51 -------- d-----w- c:\users\roger\appdata\roaming\TuneUp Software
2015-09-06 02:55:00 -------- d-----w- c:\windows\system32\C2MP
2015-09-06 02:52:07 -------- d-----w- c:\program files\mp4player_setup
2015-08-31 18:10:31 2048 ----a-w- c:\windows\system32\tzres.dll
2015-08-31 16:30:48 -------- d-----w- c:\program files\common files\AV
2015-08-31 16:13:31 18968 ----a-w- c:\windows\system32\sdnclean.exe
2015-08-31 16:13:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-08-31 16:13:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-08-31 06:06:15 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-08-31 06:06:15 -------- d-----w- c:\programdata\VS Revo Group
2015-08-31 02:00:55 -------- d-----w- c:\programdata\VIPRE
2015-08-31 01:37:51 -------- d-----w- c:\users\roger\appdata\roaming\ParetoLogic
2015-08-31 01:37:38 -------- d-----w- c:\programdata\ParetoLogic
2015-08-28 18:10:14 -------- d-----w- c:\users\roger\appdata\roaming\Business Logic
2015-08-28 18:10:10 -------- d-----w- c:\program files\Business Logic Corporation
2015-08-23 05:03:12 -------- d-----w- c:\program files\Coupons
2015-08-16 14:40:56 36568 ----a-w- c:\windows\system32\uxtuneup.dll
2015-08-13 07:04:08 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-13 07:04:08 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-13 07:04:08 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-13 07:04:07 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-13 07:04:07 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-13 07:04:07 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-13 07:04:07 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-13 07:04:06 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-13 07:03:44 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 07:03:15 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-08-13 07:02:30 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-13 07:01:08 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-13 07:01:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-13 07:01:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-13 07:01:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-13 07:01:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-13 07:01:07 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-13 07:01:07 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-13 07:01:07 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-13 07:01:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
.
==================== Find3M ====================
.
2015-09-07 16:42:45 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 17:18:19 1814016 ----a-w- c:\windows\system32\jscript9.dll
2015-08-17 17:14:56 367616 ----a-w- c:\windows\system32\html.iec
2015-08-17 17:12:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-08-17 17:11:04 422400 ----a-w- c:\windows\system32\vbscript.dll
2015-08-17 17:11:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-08-17 17:10:36 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-08-17 17:10:08 11776 ----a-w- c:\windows\system32\mshta.exe
2015-08-17 17:09:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-12 17:49:18 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 17:49:18 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-05 04:03:08 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-05 04:03:08 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-08-04 12:25:52 37080 ----a-w- c:\windows\system32\TURegOpt.exe
2015-08-04 12:25:42 25816 ----a-w- c:\windows\system32\authuitu.dll
2015-07-09 14:25:55 151040 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 14:25:55 151040 ----a-w- c:\windows\notepad.exe
2015-07-03 16:04:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 15:57:27 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-06-27 16:03:22 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02:55 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02:34 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01:58 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21:13 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21:10 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-26 13:49:36 231856 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-06-18 12:41:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 12:41:42 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 12:41:36 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 16:50:20 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09:17 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-16 19:54:52 207328 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 11:55:23.76 ===============