Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need a FRST64 fixlist.txt please


  • This topic is locked This topic is locked
30 replies to this topic

#1 shazain

shazain

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 24 October 2014 - 12:17 PM

This is my last resort hopefully This will work. I have tried everything I can think of. basically when I after logging in even in safe mode I get a black screen. no explorer.exe. tried run explorer.exe it comes up in task manager, then consent.exe pops up then both close. same with msconfig. Have done chkdsk and sfc /scannow from command prompt. nothing is working. was able to run malwarebytes from task manager, scanned and quarentined all rebooted and still same thing. Any and all help would be apprciated. Thank you

Attached Files

  • Attached File  FRST.txt   36.32KB   10 downloads


BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 29 October 2014 - 10:09 AM

Hello shazain, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Due to the nature of one of the infections present on your machine, I must ensure you are aware of the following. Please read the warning below, let me know what you think and how you wish to proceed. 
 

goGMWSt.gifBACKDOOR WARNING
 
------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker remote control over the machine. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, this decision is personal, and down to you and what you're most comfortable with. Please let me know how you wish to proceed, and if you have any questions.

Posted Image

#3 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 31 October 2014 - 06:30 PM

Hello, 

 

Do you still require assistance?


Posted Image

#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 01 November 2014 - 07:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image

#5 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 04 November 2014 - 10:45 AM

Hello, 

 

There is a backup method we can try that does not involve cleaning the infection(s) present. 

 

If your intention is to backup your data, and reformat straight after, I would suggest trying the method mentioned above first. Or, we can clean the machine, and hopefully get it booting normally if that is what you wish. 

 

Let me know what you think.


Posted Image

#6 shazain

shazain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 05 November 2014 - 09:03 AM

Thank you for your response. I'm not sure where or what they want backed up. This is my mother and brothers computer I am just trying to help them get it fixed, so probably best to see if we can clean it or at least get it to where it can boot. Save the stuff they need, then I can do a reformat.

#7 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 05 November 2014 - 02:58 PM

Please be aware that there are no guarantees with malware removal. 

 

Lets start with the following. 

 

xlK5Hdb.png FRST Recovery Environment Script

  • Using your clean PC, press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM-x32\...\RunOnce: [CleanSetup] => C:\Users\POOP SOUP\AppData\Local\Temp\nro.tmp [0 2014-10-17] ()
    HKLM-x32\...\Run: [] => [X]
    HKU\POOP SOUP\...\Run: [Otics] => C:\Users\POOP SOUP\AppData\Local\Otics\tmp4B71.exe
    Folder: C:\Users\POOP SOUP\AppData\Local\Otics
    HKU\POOP SOUP\...\Run: [Unmedia] => regsvr32.exe "C:\Users\POOP SOUP\AppData\Local\Unmedia\BRIBFLM00.DLL" <===== ATTENTION
    C:\Users\POOP SOUP\AppData\Local\Unmedia
    HKU\POOP SOUP\...\Run: [Ryyzbenyzosesa] => "C:\Users\POOP SOUP\AppData\Roaming\Owipizy\xevaavh.exe"
    C:\Users\POOP SOUP\AppData\Roaming\Owipizy
    Startup: C:\Users\POOP SOUP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk
    ShortcutTarget: bootcfg.lnk ->  (No File)
    S2 NMSAccessU; C:\Users\POOP SOUP\AppData\Local\Temp\{493992BF-635B-437C-8071-2924BCEFE99E}\NMSAccessU.exe [X]
    C:\Users\Guest\AppData\Local\Temp\tmp60EB.exe
    C:\Users\POOP SOUP\AppData\Local\Temp\c_scou84.dll
    C:\Users\POOP SOUP\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\POOP SOUP\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\POOP SOUP\AppData\Local\Temp\oi_{E289FD77-D73B-4B64-9FCB-89DCED3132F6}.exe
    C:\Users\POOP SOUP\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\POOP SOUP\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\POOP SOUP\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\POOP SOUP\AppData\Local\Temp\UpdateFlashPlayer_c3cb6e0c.exe
    C:\Users\POOP SOUP\AppData\Local\Temp\UpdateFlashPlayer_f92009be.exe
    C:\Users\POOP SOUP\AppData\Local\Temp\wbx-pkh_.dll
    Folder: C:\daefa4e4e8d0ca12b477d8
    end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Save the file to your USB drive.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Enter the Recovery Environment just as you did before.
  • Run FRST just as you did before.
  • Click the Fix button once.
  • A log (Fixlog.txt) will be created on your USB drive.
  • Can you boot into Windows normally? 
  • Copy the contents of Fixlog.txt and paste in your next reply (either using the infected PC or clean PC).

Posted Image

#8 shazain

shazain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 06 November 2014 - 10:50 AM

Ran the fix, after reboot still black screen after log in. Here is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2014
Ran by SYSTEM at 2014-11-06 07:32:16 Run:1
Running from I:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\RunOnce: [CleanSetup] => C:\Users\POOP SOUP\AppData\Local\Temp\nro.tmp [0 2014-10-17] ()
HKLM-x32\...\Run: [] => [X]
HKU\POOP SOUP\...\Run: [Otics] => C:\Users\POOP SOUP\AppData\Local\Otics\tmp4B71.exe
Folder: C:\Users\POOP SOUP\AppData\Local\Otics
HKU\POOP SOUP\...\Run: [Unmedia] => regsvr32.exe "C:\Users\POOP SOUP\AppData\Local\Unmedia\BRIBFLM00.DLL" <===== ATTENTION
C:\Users\POOP SOUP\AppData\Local\Unmedia
HKU\POOP SOUP\...\Run: [Ryyzbenyzosesa] => "C:\Users\POOP SOUP\AppData\Roaming\Owipizy\xevaavh.exe"
C:\Users\POOP SOUP\AppData\Roaming\Owipizy
Startup: C:\Users\POOP SOUP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk
ShortcutTarget: bootcfg.lnk ->  (No File)
S2 NMSAccessU; C:\Users\POOP SOUP\AppData\Local\Temp\{493992BF-635B-437C-8071-2924BCEFE99E}\NMSAccessU.exe [X]
C:\Users\Guest\AppData\Local\Temp\tmp60EB.exe
C:\Users\POOP SOUP\AppData\Local\Temp\c_scou84.dll
C:\Users\POOP SOUP\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\POOP SOUP\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\POOP SOUP\AppData\Local\Temp\oi_{E289FD77-D73B-4B64-9FCB-89DCED3132F6}.exe
C:\Users\POOP SOUP\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\POOP SOUP\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\POOP SOUP\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\POOP SOUP\AppData\Local\Temp\UpdateFlashPlayer_c3cb6e0c.exe
C:\Users\POOP SOUP\AppData\Local\Temp\UpdateFlashPlayer_f92009be.exe
C:\Users\POOP SOUP\AppData\Local\Temp\wbx-pkh_.dll
Folder: C:\daefa4e4e8d0ca12b477d8
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\CleanSetup => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\POOP SOUP\Software\Microsoft\Windows\CurrentVersion\Run\\Otics => value deleted successfully.

========================= Folder: C:\Users\POOP SOUP\AppData\Local\Otics ========================

2014-09-18 16:06 - 2014-09-18 16:06 - 0000000 _____ () C:\Users\POOP SOUP\AppData\Local\Otics\{C8EDA0AB-08F8-A6BD-BC7D-D604CFA33455}

====== End of Folder: ======

HKU\POOP SOUP\Software\Microsoft\Windows\CurrentVersion\Run\\Unmedia => value deleted successfully.
C:\Users\POOP SOUP\AppData\Local\Unmedia => Moved successfully.
HKU\POOP SOUP\Software\Microsoft\Windows\CurrentVersion\Run\\Ryyzbenyzosesa => value deleted successfully.
C:\Users\POOP SOUP\AppData\Roaming\Owipizy => Moved successfully.
C:\Users\POOP SOUP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootcfg.lnk => Moved successfully.
ShortcutTarget: bootcfg.lnk ->  (No File) not found.
NMSAccessU => Service deleted successfully.
C:\Users\Guest\AppData\Local\Temp\tmp60EB.exe => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\c_scou84.dll => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\oi_{E289FD77-D73B-4B64-9FCB-89DCED3132F6}.exe => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\UpdateFlashPlayer_c3cb6e0c.exe => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\UpdateFlashPlayer_f92009be.exe => Moved successfully.
C:\Users\POOP SOUP\AppData\Local\Temp\wbx-pkh_.dll => Moved successfully.

========================= Folder: C:\daefa4e4e8d0ca12b477d8 ========================

2014-10-24 07:01 - 2014-10-20 02:37 - 0934830 _____ () C:\daefa4e4e8d0ca12b477d8\mpasbase.vdm._p
2014-10-24 07:01 - 2014-10-24 00:13 - 0343288 _____ (Microsoft Corporation) C:\daefa4e4e8d0ca12b477d8\mpasdlta.vdm
2014-10-24 07:01 - 2014-10-20 02:37 - 11136397 _____ () C:\daefa4e4e8d0ca12b477d8\mpavbase.vdm._p
2014-10-24 07:01 - 2014-10-24 00:13 - 1364736 _____ (Microsoft Corporation) C:\daefa4e4e8d0ca12b477d8\mpavdlta.vdm
2014-10-24 07:01 - 2014-10-20 02:37 - 2793033 _____ () C:\daefa4e4e8d0ca12b477d8\mpengine.dll._p

====== End of Folder: ======


==== End of Fixlog ====

 

Thank you for all your time and help it is very appriciated.



#9 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 06 November 2014 - 02:27 PM

Please enter the Recovery Environment again, and rerun FRST. 

 

Copy/paste or attach FRST.txt. 


Edited by LiquidTension, 06 November 2014 - 02:28 PM.

Posted Image

#10 shazain

shazain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 06 November 2014 - 08:40 PM

Here is what I got:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014 (ATTENTION: ====> FRST version is 14 days old and could be outdated)
Ran by SYSTEM on MININT-0HMSRTU on 06-11-2014 16:54:03
Running from G:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2014-08-18] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
HKU\POOP SOUP\...\Run: [Reasonable NoClone] => "C:\Program Files (x86)\Reasonable NoClone 2013\NoClone.exe" null /startup
HKU\POOP SOUP\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\POOP SOUP\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\POOP SOUP\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\POOP SOUP\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\POOP SOUP\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-05-22] ((주)마크애니)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cisco VUSB.lnk
ShortcutTarget: Cisco VUSB.lnk -> C:\Program Files\CiscoVUSB\CiscoVUSB.exe (Cisco Consumer Products LLC)
Startup: C:\Users\POOP SOUP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cisco VUSB.lnk
ShortcutTarget: Cisco VUSB.lnk -> C:\Program Files\CiscoVUSB\CiscoVUSB.exe (Cisco Consumer Products LLC)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
S3 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
S2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-24] (F-Secure Corporation)
S2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S2 HPSLPSVC; C:\Users\POOP SOUP\AppData\Local\Temp\7zS368B\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202792 2014-11-05] (F-Secure Corporation)
S1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation)
S0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-14] ()
S0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2013-02-23] ()
S3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [86056 2014-06-19] (F-Secure Corporation)
S1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2014-11-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [304480 2013-01-11] (silex technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 09:48 - 2014-11-06 16:54 - 00000000 ____D () C:\FRST
2014-10-24 07:01 - 2014-10-24 08:11 - 00000000 ____D () C:\daefa4e4e8d0ca12b477d8
2014-10-15 11:41 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 11:41 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 11:41 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 11:41 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-15 11:41 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-10-15 11:41 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-10-15 11:41 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-10-15 11:41 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 11:41 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 11:41 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 11:41 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-10-15 11:41 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 11:41 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 11:41 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 11:40 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-15 11:40 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-15 11:40 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 11:40 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 11:40 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 11:40 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-15 11:40 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-10-15 11:40 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 11:40 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-15 11:40 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-15 11:40 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-10-15 11:40 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-15 11:40 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-15 11:40 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-15 11:40 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-10-15 11:40 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 11:40 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-10-15 11:40 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector(26).exe
2014-10-15 11:40 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 11:40 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-15 11:40 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 11:40 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 11:40 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-15 11:40 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 11:40 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-15 11:40 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 11:40 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 11:40 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 11:40 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 11:40 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-15 11:40 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia(27).dll
2014-10-15 11:40 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-15 11:40 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 11:40 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 11:40 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-15 11:40 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 11:40 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-10-15 11:40 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 11:39 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-15 11:39 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-10-15 11:39 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility(28).exe
2014-10-15 11:39 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-10-15 11:24 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-15 11:24 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-15 11:22 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2014-10-15 11:22 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2014-10-15 11:22 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2014-10-15 11:22 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2014-10-15 11:22 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2014-10-15 11:22 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-10-15 11:22 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2014-10-15 11:22 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2014-10-15 11:22 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 11:22 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 11:22 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 11:22 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2014-10-15 11:22 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2014-10-15 11:22 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2014-10-15 11:21 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2014-10-15 11:21 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2014-10-15 11:21 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2014-10-15 11:21 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2014-10-15 11:21 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2014-10-15 11:21 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2014-10-15 11:21 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2014-10-15 11:21 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 11:21 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 11:21 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2014-10-15 11:21 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2014-10-15 11:21 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-10-15 11:21 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller(29).exe
2014-10-15 11:21 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2014-10-15 11:21 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2014-10-15 11:21 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2014-10-15 11:21 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2014-10-15 11:21 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2014-10-15 11:21 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2014-10-15 11:21 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 11:21 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 11:21 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 11:21 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 11:21 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 11:21 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 11:19 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-10-15 11:19 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-10-15 11:19 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-10-15 11:16 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-10-15 11:15 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 11:14 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-10-15 11:14 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2014-10-15 11:13 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-10-15 11:13 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-10-15 11:13 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 11:13 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 11:13 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 11:13 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 11:13 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 11:13 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 11:13 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2014-10-15 11:12 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2014-10-15 11:08 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-15 11:08 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 07:34 - 2014-04-10 20:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-06 07:34 - 2012-09-30 03:28 - 00000434 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-11-06 07:33 - 2014-08-12 08:11 - 00001624 _____ () C:\Windows\setupact.log
2014-11-06 07:33 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 07:27 - 2010-07-22 13:12 - 02036615 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 07:03 - 2014-02-08 19:03 - 00000306 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-06 07:00 - 2012-03-30 17:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 17:46 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 17:46 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 16:49 - 2009-07-13 21:13 - 00786420 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-30 03:25 - 2011-01-07 09:43 - 00275080 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-10-24 08:41 - 2014-05-15 22:54 - 00046722 _____ () C:\Windows\PFRO.log
2014-10-24 08:41 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup
2014-10-24 08:34 - 2013-11-19 23:00 - 00000000 ____D () C:\users\Guest
2014-10-24 08:34 - 2011-01-07 10:03 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2014-10-24 08:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-24 08:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-24 07:55 - 2014-04-10 20:32 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 07:55 - 2014-04-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 07:36 - 2011-01-02 10:08 - 00000000 ____D () C:\users\POOP SOUP
2014-10-22 12:26 - 2013-06-26 08:32 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA22DAC3-F35D-47DB-93AE-4BA4EF7E5DA9}
2014-10-17 14:23 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-10-17 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-17 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-10-17 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-10-17 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:22 - 2014-08-02 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-17 14:22 - 2013-11-21 19:45 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Local\Garmin
2014-10-17 14:22 - 2013-08-03 17:52 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Local\Samsung
2014-10-17 14:22 - 2013-05-31 12:10 - 00000000 ____D () C:\Program Files (x86)\Reasonable NoClone 2013
2014-10-17 14:22 - 2012-04-24 01:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-17 14:22 - 2011-07-10 16:44 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\uTorrent
2014-10-17 14:22 - 2010-07-09 03:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-17 14:22 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-17 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-17 14:16 - 2014-03-11 20:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-17 14:16 - 2012-04-23 19:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-17 14:16 - 2011-10-17 10:47 - 00000000 ____D () C:\ProgramData\Apple
2014-10-17 13:58 - 2014-08-12 06:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-17 13:58 - 2010-07-09 03:36 - 00000000 ____D () C:\ProgramData\Nero
2014-10-17 13:50 - 2014-02-28 11:43 - 00000000 ____D () C:\ProgramData\Nitro
2014-10-17 13:50 - 2011-10-17 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-17 13:05 - 2012-01-17 14:43 - 00028521 _____ () C:\Users\POOP SOUP\.mysync.log
2014-10-17 13:05 - 2012-01-17 14:43 - 00024576 _____ () C:\Users\POOP SOUP\.mysync_settings
2014-10-17 13:03 - 2013-08-03 17:17 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-17 13:02 - 2012-09-05 13:57 - 00000000 ____D () C:\ProgramData\Garmin
2014-10-17 11:17 - 2011-07-29 19:07 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Local\Newsbin
2014-10-17 11:08 - 2012-11-23 14:41 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\Samsung
2014-10-17 11:05 - 2010-07-09 03:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-17 10:43 - 2012-11-23 14:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-10-17 09:58 - 2013-11-21 19:47 - 00000000 ____D () C:\Users\POOP SOUP\Documents\Garmin
2014-10-17 09:58 - 2012-04-23 17:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-17 09:57 - 2012-09-04 18:52 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\Garmin
2014-10-17 09:56 - 2011-01-02 10:34 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\Adobe
2014-10-17 09:51 - 2013-05-07 09:59 - 00000048 _____ () C:\RB.rdat
2014-10-17 09:51 - 2013-05-07 09:59 - 00000048 _____ () C:\License_Time.rdat
2014-10-17 09:49 - 2011-10-17 10:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-17 07:40 - 2012-03-18 23:15 - 01996800 ___SH () C:\Users\POOP SOUP\Desktop\Thumbs.db
2014-10-16 02:57 - 2009-07-13 20:45 - 00385584 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-16 02:25 - 2012-04-23 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:12 - 2013-07-22 21:48 - 00000000 ____D () C:\Windows\System32\MRT
2014-10-16 02:01 - 2011-01-07 10:34 - 103265616 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-10-07 18:07 - 2012-02-29 18:21 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\HpUpdate

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2014-10-15 11:13] - [2014-07-16 18:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-10-22 23:00:32
Restore point made on: 2014-10-24 07:24:21
Restore point made on: 2014-10-24 07:43:17
Restore point made on: 2014-11-05 17:00:50

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 2013.24 MB
Available physical RAM: 1359.84 MB
Total Pagefile: 2013.24 MB
Available Pagefile: 1347.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:450.66 GB) (Free:116.71 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.19 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:15.11 GB) (Free:1.09 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3A96399)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15.1 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=15.1 GB) - (Type=0C)


LastRegBack: 2014-11-05 18:18

==================== End Of Log ============================



#11 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 06 November 2014 - 10:35 PM

Looks like your copy of FRST is very old. Please delete FRST64.exe on your USB drive, download a fresh copy and save the file to your USB drive. 

 

Please run an FRST scan in the Recovery Environment. 


Posted Image

#12 shazain

shazain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 November 2014 - 10:42 AM

Yeah I had actually done that after I had posted, wasnt at thier house anymore so it didn't do me any good. Here is the updated one:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by SYSTEM on MININT-17OVQFA on 07-11-2014 07:24:00
Running from G:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2014-08-18] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
HKU\POOP SOUP\...\Run: [Reasonable NoClone] => "C:\Program Files (x86)\Reasonable NoClone 2013\NoClone.exe" null /startup
HKU\POOP SOUP\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\POOP SOUP\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\POOP SOUP\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\POOP SOUP\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\POOP SOUP\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-05-22] ((주)마크애니)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cisco VUSB.lnk
ShortcutTarget: Cisco VUSB.lnk -> C:\Program Files\CiscoVUSB\CiscoVUSB.exe (Cisco Consumer Products LLC)
Startup: C:\Users\POOP SOUP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cisco VUSB.lnk
ShortcutTarget: Cisco VUSB.lnk -> C:\Program Files\CiscoVUSB\CiscoVUSB.exe (Cisco Consumer Products LLC)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
S3 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
S2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-24] (F-Secure Corporation)
S2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S2 HPSLPSVC; C:\Users\POOP SOUP\AppData\Local\Temp\7zS368B\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202792 2014-11-05] (F-Secure Corporation)
S1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation)
S0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-14] ()
S0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2013-02-23] ()
S3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [86056 2014-06-19] (F-Secure Corporation)
S1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2014-11-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [304480 2013-01-11] (silex technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 09:48 - 2014-11-07 07:24 - 00000000 ____D () C:\FRST
2014-10-24 07:01 - 2014-10-24 08:11 - 00000000 ____D () C:\daefa4e4e8d0ca12b477d8
2014-10-15 11:41 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 11:41 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 11:41 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 11:41 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-15 11:41 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-10-15 11:41 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-10-15 11:41 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-10-15 11:41 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 11:41 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 11:41 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 11:41 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-10-15 11:41 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 11:41 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 11:41 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 11:40 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-15 11:40 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-15 11:40 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 11:40 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 11:40 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 11:40 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-15 11:40 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-10-15 11:40 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 11:40 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-15 11:40 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-15 11:40 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-10-15 11:40 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-15 11:40 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-15 11:40 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-15 11:40 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-10-15 11:40 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 11:40 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-10-15 11:40 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector(26).exe
2014-10-15 11:40 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 11:40 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-15 11:40 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 11:40 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 11:40 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-15 11:40 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 11:40 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-15 11:40 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 11:40 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 11:40 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 11:40 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 11:40 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-15 11:40 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia(27).dll
2014-10-15 11:40 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-15 11:40 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 11:40 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 11:40 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-15 11:40 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 11:40 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-10-15 11:40 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 11:39 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-15 11:39 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-10-15 11:39 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility(28).exe
2014-10-15 11:39 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-10-15 11:24 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-15 11:24 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 11:23 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-15 11:22 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2014-10-15 11:22 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2014-10-15 11:22 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2014-10-15 11:22 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2014-10-15 11:22 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2014-10-15 11:22 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-10-15 11:22 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2014-10-15 11:22 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2014-10-15 11:22 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2014-10-15 11:22 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 11:22 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 11:22 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 11:22 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 11:22 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2014-10-15 11:22 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2014-10-15 11:22 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2014-10-15 11:21 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2014-10-15 11:21 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2014-10-15 11:21 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2014-10-15 11:21 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2014-10-15 11:21 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2014-10-15 11:21 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2014-10-15 11:21 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2014-10-15 11:21 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 11:21 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 11:21 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2014-10-15 11:21 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2014-10-15 11:21 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-10-15 11:21 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller(29).exe
2014-10-15 11:21 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2014-10-15 11:21 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2014-10-15 11:21 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2014-10-15 11:21 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2014-10-15 11:21 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2014-10-15 11:21 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2014-10-15 11:21 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 11:21 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 11:21 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 11:21 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 11:21 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 11:21 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 11:21 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 11:19 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-10-15 11:19 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-10-15 11:19 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-10-15 11:16 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-10-15 11:15 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 11:14 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-10-15 11:14 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2014-10-15 11:13 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-10-15 11:13 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-10-15 11:13 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-10-15 11:13 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 11:13 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 11:13 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 11:13 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 11:13 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 11:13 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 11:13 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2014-10-15 11:12 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2014-10-15 11:08 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-15 11:08 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 07:34 - 2014-04-10 20:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-06 07:34 - 2012-09-30 03:28 - 00000434 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-11-06 07:33 - 2014-08-12 08:11 - 00001624 _____ () C:\Windows\setupact.log
2014-11-06 07:33 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 07:27 - 2010-07-22 13:12 - 02036615 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 07:03 - 2014-02-08 19:03 - 00000306 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-06 07:00 - 2012-03-30 17:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 17:46 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 17:46 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 16:49 - 2009-07-13 21:13 - 00786420 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-30 03:25 - 2011-01-07 09:43 - 00275080 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-10-24 08:41 - 2014-05-15 22:54 - 00046722 _____ () C:\Windows\PFRO.log
2014-10-24 08:41 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup
2014-10-24 08:34 - 2013-11-19 23:00 - 00000000 ____D () C:\users\Guest
2014-10-24 08:34 - 2011-01-07 10:03 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2014-10-24 08:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-24 08:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-24 07:55 - 2014-04-10 20:32 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 07:55 - 2014-04-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 07:36 - 2011-01-02 10:08 - 00000000 ____D () C:\users\POOP SOUP
2014-10-22 12:26 - 2013-06-26 08:32 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA22DAC3-F35D-47DB-93AE-4BA4EF7E5DA9}
2014-10-17 14:23 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-10-17 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-17 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-10-17 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-10-17 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:22 - 2014-08-02 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-17 14:22 - 2013-11-21 19:45 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Local\Garmin
2014-10-17 14:22 - 2013-08-03 17:52 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Local\Samsung
2014-10-17 14:22 - 2013-05-31 12:10 - 00000000 ____D () C:\Program Files (x86)\Reasonable NoClone 2013
2014-10-17 14:22 - 2012-04-24 01:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-17 14:22 - 2011-07-10 16:44 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\uTorrent
2014-10-17 14:22 - 2010-07-09 03:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-17 14:22 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-17 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-17 14:16 - 2014-03-11 20:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-17 14:16 - 2012-04-23 19:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-17 14:16 - 2011-10-17 10:47 - 00000000 ____D () C:\ProgramData\Apple
2014-10-17 13:58 - 2014-08-12 06:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-17 13:58 - 2010-07-09 03:36 - 00000000 ____D () C:\ProgramData\Nero
2014-10-17 13:50 - 2014-02-28 11:43 - 00000000 ____D () C:\ProgramData\Nitro
2014-10-17 13:50 - 2011-10-17 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-17 13:05 - 2012-01-17 14:43 - 00028521 _____ () C:\Users\POOP SOUP\.mysync.log
2014-10-17 13:05 - 2012-01-17 14:43 - 00024576 _____ () C:\Users\POOP SOUP\.mysync_settings
2014-10-17 13:03 - 2013-08-03 17:17 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-17 13:02 - 2012-09-05 13:57 - 00000000 ____D () C:\ProgramData\Garmin
2014-10-17 11:17 - 2011-07-29 19:07 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Local\Newsbin
2014-10-17 11:08 - 2012-11-23 14:41 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\Samsung
2014-10-17 11:05 - 2010-07-09 03:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-17 10:43 - 2012-11-23 14:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-10-17 09:58 - 2013-11-21 19:47 - 00000000 ____D () C:\Users\POOP SOUP\Documents\Garmin
2014-10-17 09:58 - 2012-04-23 17:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-17 09:57 - 2012-09-04 18:52 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\Garmin
2014-10-17 09:56 - 2011-01-02 10:34 - 00000000 ____D () C:\Users\POOP SOUP\AppData\Roaming\Adobe
2014-10-17 09:51 - 2013-05-07 09:59 - 00000048 _____ () C:\RB.rdat
2014-10-17 09:51 - 2013-05-07 09:59 - 00000048 _____ () C:\License_Time.rdat
2014-10-17 09:49 - 2011-10-17 10:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-17 07:40 - 2012-03-18 23:15 - 01996800 ___SH () C:\Users\POOP SOUP\Desktop\Thumbs.db
2014-10-16 02:57 - 2009-07-13 20:45 - 00385584 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-16 02:25 - 2012-04-23 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:12 - 2013-07-22 21:48 - 00000000 ____D () C:\Windows\System32\MRT
2014-10-16 02:01 - 2011-01-07 10:34 - 103265616 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2014-10-15 11:13] - [2014-07-16 18:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-10-22 23:00:32
Restore point made on: 2014-10-24 07:24:21
Restore point made on: 2014-10-24 07:43:17
Restore point made on: 2014-11-05 17:00:50

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 2013.24 MB
Available physical RAM: 1359.89 MB
Total Pagefile: 2013.24 MB
Available Pagefile: 1347.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:450.66 GB) (Free:116.71 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.19 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:15.11 GB) (Free:1.09 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3A96399)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15.1 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=15.1 GB) - (Type=0C)


LastRegBack: 2014-11-05 18:18

==================== End Of Log ============================



#13 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 07 November 2014 - 11:33 PM

Hello, 
 
Try this. 
 
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to a USB drive.
  • Insert the USB drive into the infected machine. 
  • Bring up the Task Manager just as you did before, and create a new task. 
  • Enter the path of TDSSKiller (eg. G:\TDSSKiller.exe) and press the Enter key. 
  • Follow the prompts to run the programme. 
  • Click Change parameters. Place a checkmark next to:
    • Detect TDLFS file system
    • Verify file digital signatures
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to your USB drive. Attach the log in your next reply.

Posted Image

#14 shazain

shazain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 08 November 2014 - 02:45 PM

I ran it didn't leave a log file though. It did say no objects found though.

#15 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 08 November 2014 - 04:20 PM

Hello,

 

Can you tell me exactly when this issue first occurred? 


Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users