Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected through Ccleaner, FarBar log


  • This topic is locked This topic is locked
32 replies to this topic

#1 Rumpunch

Rumpunch

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 14 May 2015 - 11:37 PM

Heres the Farbar log you requested

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by SYSTEM on MININT-JJPNNAD on 15-05-2015 12:19:57
Running from G:\
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6452256 2008-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-07] (Webroot)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6137432 2011-12-19] (Telstra)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Dermott\...\Policies\system: [DisableCMD] 0
HKU\Dermott\...\Policies\system: [NoDispAppearancePage] 0
HKU\Dermott\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Dermott\...\Policies\system: [NoDispSettingsPage] 0
HKU\Dermott\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Dermott\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Dermott\...\Policies\Explorer: [NoControlPanel] 0
HKU\Dermott\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Dermott\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Dermott\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Dermott\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Dermott\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Dermott\...\Policies\Explorer: [NoFind] 0
HKU\Dermott\...\Policies\Explorer: [NoFile] 0
HKU\Dermott\...\Policies\Explorer: [HideClock] 0
HKU\Dermott\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Dermott\...\Policies\Explorer: [NoSetFolders] 0
HKU\Dermott\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Dermott\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Dermott\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Dermott\...\Policies\Explorer: [NoDFSTab] 0
HKU\Dermott\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoLogoff] 0
HKU\Dermott\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Dermott\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Dermott\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Dermott\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Dermott\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Dermott\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Dermott\...\Policies\Explorer: [NoStartMenuSubFolders] 0

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2008-12-08] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-07-26] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-07-26] ()
S2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-23] (Sierra Wireless, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-07] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2011-10-03] (HandSet Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-04] (Duplex Secure Ltd.)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-07] (Webroot)
S3 zgdcat; C:\Windows\System32\DRIVERS\zgdcat.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\System32\DRIVERS\zgdcdiag.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\System32\DRIVERS\zgdcmdm.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\System32\DRIVERS\zgdcnet.sys [169496 2011-12-19] (ZTE Incorporated)
S0 SR; No ImagePath
S2 srservice; No ImagePath
S0 wRejYbrd; System32\drivers\wRejYbrd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 12:19 - 2015-05-15 12:19 - 00000000 ____D () C:\FRST
2015-05-12 12:13 - 2015-05-12 12:13 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\One System Care
2015-05-12 12:12 - 2015-05-12 12:22 - 00000280 _____ () C:\Windows\Tasks\One System CareStartUp.job
2015-05-12 12:12 - 2015-05-12 12:20 - 00000280 _____ () C:\Windows\Tasks\One System CarePeriod.job
2015-05-12 12:12 - 2015-05-12 12:12 - 00003256 _____ () C:\Windows\System32\Tasks\One System Care Monitor
2015-05-12 12:12 - 2015-05-12 12:12 - 00002860 _____ () C:\Windows\System32\Tasks\One System CarePeriod
2015-05-12 12:12 - 2015-05-12 12:12 - 00002558 _____ () C:\Windows\System32\Tasks\One System CareStartUp
2015-05-12 12:12 - 2015-05-12 12:12 - 00001105 _____ () C:\Users\Public\Desktop\Launch One System Care.lnk
2015-05-12 12:12 - 2015-05-12 12:12 - 00000000 ____D () C:\Program Files (x86)\OneSystemCare
2015-05-12 12:11 - 2015-05-12 12:11 - 00001271 _____ () C:\Users\Public\Desktop\Driver Sweeper.lnk
2015-05-12 12:11 - 2015-05-12 12:11 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\OpenCandy
2015-05-12 12:11 - 2015-05-12 12:11 - 00000000 ____D () C:\Program Files (x86)\Phyxion.net
2015-05-12 12:09 - 2015-05-12 12:09 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-12 12:09 - 2015-05-12 12:09 - 00000860 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-12 12:09 - 2015-05-12 12:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-12 12:06 - 2015-05-12 12:07 - 05429372 _____ (Phyxion.net ) C:\Users\Dermott\Downloads\DriverSweeper_3.2.0.exe
2015-05-12 12:05 - 2015-05-12 12:06 - 06484352 _____ (Piriform Ltd) C:\Users\Dermott\Downloads\ccsetup505.exe
2015-05-12 11:20 - 2015-05-12 11:20 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\AMD
2015-05-12 10:06 - 2015-05-12 10:06 - 00000000 ____D () C:\ProgramData\ATI
2015-05-12 10:05 - 2015-05-12 10:05 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201505130205219679.log
2015-05-12 10:05 - 2015-05-12 10:05 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-05-12 10:04 - 2015-05-12 10:04 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-05-12 09:46 - 2015-05-12 09:50 - 00000000 ____D () C:\Program Files\AMD
2015-05-12 09:30 - 2015-05-12 09:31 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Dermott\Downloads\autodetectutility.exe
2015-05-12 08:41 - 2015-05-12 08:41 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{C6153AA8-9D4B-4372-86E7-B833105ABF7D}
2015-05-12 05:37 - 2015-05-12 05:37 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-05-12 05:37 - 2015-05-12 05:37 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-05-12 05:32 - 2015-02-02 19:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-05-12 05:32 - 2015-02-02 19:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-05-12 05:32 - 2015-02-02 19:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-05-12 05:32 - 2015-02-02 19:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2015-05-12 05:32 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2015-05-12 05:32 - 2015-02-02 19:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2015-05-12 05:32 - 2015-02-02 19:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2015-05-12 05:32 - 2015-02-02 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2015-05-12 05:32 - 2015-02-02 19:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2015-05-12 05:32 - 2015-02-02 19:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-05-12 05:32 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-05-12 05:32 - 2015-02-02 19:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-05-12 05:32 - 2015-02-02 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-05-12 05:32 - 2015-02-02 19:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-05-12 05:32 - 2015-02-02 19:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-05-12 05:32 - 2015-02-02 18:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-05-12 05:32 - 2014-10-31 14:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-05-12 05:32 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-05-12 05:32 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-05-12 05:31 - 2015-03-24 19:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-05-12 05:31 - 2015-03-24 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-05-12 05:31 - 2015-03-24 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-12 05:31 - 2015-03-24 19:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-12 05:31 - 2015-03-16 21:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-05-12 05:31 - 2015-03-16 21:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-05-12 05:31 - 2015-03-16 21:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-05-12 05:31 - 2015-03-16 21:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-05-12 05:31 - 2015-03-16 21:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-05-12 05:31 - 2015-03-16 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-05-12 05:31 - 2015-03-16 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-05-12 05:31 - 2015-03-16 21:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-05-12 05:31 - 2015-03-16 21:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-05-12 05:31 - 2015-03-16 21:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-05-12 05:31 - 2015-03-16 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 05:31 - 2015-03-16 21:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 05:31 - 2015-03-16 20:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 05:31 - 2015-03-16 20:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 05:31 - 2015-03-16 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 05:31 - 2015-03-16 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 05:31 - 2015-03-16 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 05:31 - 2015-03-16 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 05:31 - 2015-03-16 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 05:31 - 2015-03-09 19:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-05-12 05:31 - 2015-03-09 19:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-05-12 05:31 - 2015-03-09 19:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-12 05:31 - 2015-03-09 19:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-12 05:31 - 2015-03-04 21:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-05-12 05:31 - 2015-03-04 20:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-12 05:31 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2015-05-12 05:31 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2015-05-12 05:31 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-12 05:31 - 2015-02-25 19:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-05-12 05:31 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2015-05-12 05:31 - 2015-02-19 20:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-05-12 05:31 - 2015-02-19 20:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-05-12 05:31 - 2015-02-19 19:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-05-12 05:31 - 2015-02-19 19:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-05-12 05:31 - 2015-02-12 21:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-12 05:31 - 2015-02-12 21:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-05-12 05:31 - 2015-02-02 19:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-05-12 05:31 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2015-05-12 05:31 - 2015-02-02 19:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-12 05:31 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-05-12 05:31 - 2015-01-30 15:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-05-12 05:31 - 2015-01-16 18:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-05-12 05:31 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-12 05:31 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-05-12 05:31 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-05-12 05:31 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-05-12 05:31 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-05-12 05:31 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-12 05:31 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-05-12 05:31 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-05-12 05:31 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-05-12 05:31 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2015-05-12 05:31 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-12 05:31 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2015-05-12 05:31 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-05-12 05:31 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2015-05-12 05:31 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2015-05-12 05:31 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-05-12 05:31 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2015-05-12 05:31 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-05-12 05:31 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-05-12 05:31 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2015-05-12 05:31 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2015-05-12 05:31 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2015-05-12 05:31 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2015-05-12 05:31 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-05-12 05:31 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-05-12 05:31 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-05-12 05:31 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-05-12 05:31 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2015-05-12 05:31 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2015-05-12 05:31 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2015-05-12 05:31 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-05-12 05:31 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-05-12 05:28 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-05-12 05:28 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-05-12 05:26 - 2015-02-03 19:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2015-05-12 05:26 - 2015-02-03 18:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-07 22:44 - 2015-05-07 22:44 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{D9AA8567-56E9-4540-ABDF-0F5ABF8FCAA1}
2015-05-07 21:22 - 2015-05-12 12:20 - 00002707 _____ () C:\Windows\setupact.log
2015-05-07 21:22 - 2015-05-07 21:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-01 06:08 - 2015-05-01 06:08 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{BA1B595B-A5F0-4C5A-AD80-6A52F9EE3FAC}
2015-04-28 13:16 - 2015-04-28 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-28 12:43 - 2015-04-28 12:43 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{898106AA-AC0D-49B1-B77C-5715DB7B1718}
2015-04-16 01:11 - 2015-04-16 01:11 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{4BF9E1BC-3F63-44BF-BC0F-D8006D4676FD}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 14:51 - 2012-07-04 04:00 - 00123616 _____ () C:\Windows\PFRO.log
2015-05-12 12:37 - 2009-07-13 20:45 - 00003072 _____ () C:\Windows\System32\umstartup.etl
2015-05-12 12:27 - 2012-05-23 00:13 - 00000135 _____ () C:\service.log
2015-05-12 12:27 - 2012-05-23 00:10 - 00024072 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-12 12:26 - 2012-07-04 01:41 - 00000000 ____D () C:\ProgramData\WRData
2015-05-12 12:23 - 2012-07-04 02:55 - 00000747 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-05-12 12:20 - 2014-11-24 01:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 12:20 - 2014-03-14 00:02 - 00000374 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2015-05-12 12:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 12:15 - 2012-05-21 21:41 - 01514122 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 12:04 - 2009-07-13 20:45 - 00015040 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:04 - 2009-07-13 20:45 - 00015040 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:00 - 2009-07-13 21:13 - 00780616 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-12 11:48 - 2014-11-24 01:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 10:05 - 2012-05-23 21:14 - 00000000 ____D () C:\ProgramData\AMD
2015-05-12 10:04 - 2012-05-22 23:54 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-05-12 09:44 - 2012-07-04 01:04 - 00764482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-12 09:43 - 2012-05-22 05:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-12 09:39 - 2012-05-22 23:57 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-05-12 09:37 - 2012-05-23 21:10 - 00000000 ____D () C:\AMD
2015-05-12 07:45 - 2014-02-18 02:35 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\vlc
2015-05-12 06:08 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-12 06:07 - 2009-07-13 20:45 - 00266992 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-12 05:43 - 2012-05-22 23:50 - 00057952 _____ () C:\Users\Dermott\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-12 05:41 - 2014-01-26 18:02 - 00000000 ____D () C:\Windows\System32\MRT
2015-05-09 04:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-05-07 21:29 - 2012-07-04 01:41 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-05-07 21:29 - 2012-07-04 01:41 - 00116224 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2015-05-07 21:29 - 2012-07-04 01:41 - 00103816 _____ (Webroot) C:\Windows\System32\WRusr.dll
2015-05-07 21:22 - 2015-03-06 23:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-01 11:49 - 2014-11-24 01:38 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-01 06:51 - 2014-03-02 17:06 - 00000000 ____D () C:\Windows\Minidump
2015-05-01 06:47 - 2014-06-06 20:10 - 00000000 ____D () C:\Users\Dermott\Desktop\Downloads 1
2015-04-16 00:56 - 2012-05-23 20:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 00:56 - 2012-05-23 20:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 00:55 - 2012-05-24 01:48 - 00000000 ____D () C:\Users\Dermott\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Dermott\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\Dermott\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Dermott\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12286.3 MB
Available physical RAM: 11278.45 MB
Total Pagefile: 12284.45 MB
Available Pagefile: 11277.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:7.16 GB) NTFS
Drive e: (Storage) (Fixed) (Total:1765.36 GB) (Free:1639.33 GB) NTFS
Drive f: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B8C8AAA3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1765.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=06)


LastRegBack: 2015-05-07 22:12

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:12 PM

Posted 15 May 2015 - 04:00 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

frst.pngfrstsearch.png

  • Start FRST like for the scan above.
  • Write the following text into the Search textbox:
svchost.exe
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Rumpunch

Rumpunch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 15 May 2015 - 04:33 AM

Hello thanx for your reply,here is the log you requested.

 

Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by SYSTEM at 2015-05-15 17:29:38
Running from G:\
Boot Mode: Recovery

================== Search Files: "svchost.exe" =============

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 15:19][2009-07-13 17:14] 0020992 ____N (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

X:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

X:\Windows\System32\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

====== End Of Search ======Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by SYSTEM at 2015-05-15 17:29:38
Running from G:\
Boot Mode: Recovery

================== Search Files: "svchost.exe" =============

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 15:19][2009-07-13 17:14] 0020992 ____N (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

X:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

X:\Windows\System32\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

====== End Of Search ======



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:12 PM

Posted 15 May 2015 - 10:15 AM

Hi there,

Step 1

frst.pngfrstfixre.png

Please download the fixlist to your rufus-128.png flash drive and save it in the same directory as FRST.
Start FRST again and press the FIX Button.

 

Attached File  fixlist.txt   330bytes   8 downloads

 

Afterwards try to boot in normal mode.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Rumpunch

Rumpunch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 15 May 2015 - 10:48 AM

Downloaded the fix file pressed the fix button then rebooted in normal mode,still have a black screen with only the mouse pointer,as before.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:12 PM

Posted 15 May 2015 - 10:50 AM

Please post the fixlog.txt


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Rumpunch

Rumpunch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 15 May 2015 - 11:13 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015

Ran by SYSTEM at 2015-05-15 23:42:04 Run:1

Running from G:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

Replace: C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe C:\Windows\SysWOW64\svchost.exe

Replace: C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe C:\Windows\System32\svchost.exe

*****************

 

Could not find C:\Windows\SysWOW64\svchost.exe

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe copied successfully to C:\Windows\SysWOW64\svchost.exe

Could not find C:\Windows\System32\svchost.exe

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe copied successfully to C:\Windows\System32\svchost.exe

==== End of Fixlog 23:42:04 ====



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:12 PM

Posted 15 May 2015 - 11:15 AM

OK. Please repeat the scan as well.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Rumpunch

Rumpunch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 15 May 2015 - 12:14 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by SYSTEM on MININT-8COGD33 on 16-05-2015 01:11:39
Running from G:\
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6452256 2008-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-07] (Webroot)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6137432 2011-12-19] (Telstra)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Dermott\...\Policies\system: [DisableCMD] 0
HKU\Dermott\...\Policies\system: [NoDispAppearancePage] 0
HKU\Dermott\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Dermott\...\Policies\system: [NoDispSettingsPage] 0
HKU\Dermott\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Dermott\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Dermott\...\Policies\Explorer: [NoControlPanel] 0
HKU\Dermott\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Dermott\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Dermott\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Dermott\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Dermott\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Dermott\...\Policies\Explorer: [NoFind] 0
HKU\Dermott\...\Policies\Explorer: [NoFile] 0
HKU\Dermott\...\Policies\Explorer: [HideClock] 0
HKU\Dermott\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Dermott\...\Policies\Explorer: [NoSetFolders] 0
HKU\Dermott\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Dermott\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Dermott\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Dermott\...\Policies\Explorer: [NoDFSTab] 0
HKU\Dermott\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoLogoff] 0
HKU\Dermott\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Dermott\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Dermott\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Dermott\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Dermott\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Dermott\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Dermott\...\Policies\Explorer: [NoStartMenuSubFolders] 0

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2008-12-08] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-07-26] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-07-26] ()
S2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-23] (Sierra Wireless, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-07] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2011-10-03] (HandSet Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-04] (Duplex Secure Ltd.)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-07] (Webroot)
S3 zgdcat; C:\Windows\System32\DRIVERS\zgdcat.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\System32\DRIVERS\zgdcdiag.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\System32\DRIVERS\zgdcmdm.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\System32\DRIVERS\zgdcnet.sys [169496 2011-12-19] (ZTE Incorporated)
S0 SR; No ImagePath
S2 srservice; No ImagePath
S0 wRejYbrd; System32\drivers\wRejYbrd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 12:19 - 2015-05-16 01:11 - 00000000 ____D () C:\FRST
2015-05-12 12:13 - 2015-05-12 12:13 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\One System Care
2015-05-12 12:12 - 2015-05-12 12:22 - 00000280 _____ () C:\Windows\Tasks\One System CareStartUp.job
2015-05-12 12:12 - 2015-05-12 12:20 - 00000280 _____ () C:\Windows\Tasks\One System CarePeriod.job
2015-05-12 12:12 - 2015-05-12 12:12 - 00003256 _____ () C:\Windows\System32\Tasks\One System Care Monitor
2015-05-12 12:12 - 2015-05-12 12:12 - 00002860 _____ () C:\Windows\System32\Tasks\One System CarePeriod
2015-05-12 12:12 - 2015-05-12 12:12 - 00002558 _____ () C:\Windows\System32\Tasks\One System CareStartUp
2015-05-12 12:12 - 2015-05-12 12:12 - 00001105 _____ () C:\Users\Public\Desktop\Launch One System Care.lnk
2015-05-12 12:12 - 2015-05-12 12:12 - 00000000 ____D () C:\Program Files (x86)\OneSystemCare
2015-05-12 12:11 - 2015-05-12 12:11 - 00001271 _____ () C:\Users\Public\Desktop\Driver Sweeper.lnk
2015-05-12 12:11 - 2015-05-12 12:11 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\OpenCandy
2015-05-12 12:11 - 2015-05-12 12:11 - 00000000 ____D () C:\Program Files (x86)\Phyxion.net
2015-05-12 12:09 - 2015-05-12 12:09 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-12 12:09 - 2015-05-12 12:09 - 00000860 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-12 12:09 - 2015-05-12 12:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-12 12:06 - 2015-05-12 12:07 - 05429372 _____ (Phyxion.net ) C:\Users\Dermott\Downloads\DriverSweeper_3.2.0.exe
2015-05-12 12:05 - 2015-05-12 12:06 - 06484352 _____ (Piriform Ltd) C:\Users\Dermott\Downloads\ccsetup505.exe
2015-05-12 11:20 - 2015-05-12 11:20 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\AMD
2015-05-12 10:06 - 2015-05-12 10:06 - 00000000 ____D () C:\ProgramData\ATI
2015-05-12 10:05 - 2015-05-12 10:05 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201505130205219679.log
2015-05-12 10:05 - 2015-05-12 10:05 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-05-12 10:04 - 2015-05-12 10:04 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-05-12 09:46 - 2015-05-12 09:50 - 00000000 ____D () C:\Program Files\AMD
2015-05-12 09:30 - 2015-05-12 09:31 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Dermott\Downloads\autodetectutility.exe
2015-05-12 08:41 - 2015-05-12 08:41 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{C6153AA8-9D4B-4372-86E7-B833105ABF7D}
2015-05-12 05:37 - 2015-05-12 05:37 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-05-12 05:37 - 2015-05-12 05:37 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-05-12 05:32 - 2015-02-02 19:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-05-12 05:32 - 2015-02-02 19:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-05-12 05:32 - 2015-02-02 19:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-05-12 05:32 - 2015-02-02 19:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2015-05-12 05:32 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2015-05-12 05:32 - 2015-02-02 19:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2015-05-12 05:32 - 2015-02-02 19:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2015-05-12 05:32 - 2015-02-02 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2015-05-12 05:32 - 2015-02-02 19:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2015-05-12 05:32 - 2015-02-02 19:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-05-12 05:32 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-05-12 05:32 - 2015-02-02 19:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-05-12 05:32 - 2015-02-02 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-05-12 05:32 - 2015-02-02 19:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-05-12 05:32 - 2015-02-02 19:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-05-12 05:32 - 2015-02-02 18:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-05-12 05:32 - 2014-10-31 14:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-05-12 05:32 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-05-12 05:32 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-05-12 05:31 - 2015-03-24 19:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-05-12 05:31 - 2015-03-24 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-05-12 05:31 - 2015-03-24 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-12 05:31 - 2015-03-24 19:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-12 05:31 - 2015-03-16 21:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-05-12 05:31 - 2015-03-16 21:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-05-12 05:31 - 2015-03-16 21:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-05-12 05:31 - 2015-03-16 21:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-05-12 05:31 - 2015-03-16 21:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-05-12 05:31 - 2015-03-16 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-05-12 05:31 - 2015-03-16 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-05-12 05:31 - 2015-03-16 21:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-05-12 05:31 - 2015-03-16 21:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-05-12 05:31 - 2015-03-16 21:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-05-12 05:31 - 2015-03-16 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 05:31 - 2015-03-16 21:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 05:31 - 2015-03-16 20:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 05:31 - 2015-03-16 20:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 05:31 - 2015-03-16 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 05:31 - 2015-03-16 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 05:31 - 2015-03-16 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 05:31 - 2015-03-16 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 05:31 - 2015-03-16 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 05:31 - 2015-03-09 19:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-05-12 05:31 - 2015-03-09 19:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-05-12 05:31 - 2015-03-09 19:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-12 05:31 - 2015-03-09 19:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-12 05:31 - 2015-03-04 21:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-05-12 05:31 - 2015-03-04 20:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-12 05:31 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2015-05-12 05:31 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2015-05-12 05:31 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-12 05:31 - 2015-02-25 19:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-05-12 05:31 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2015-05-12 05:31 - 2015-02-19 20:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-05-12 05:31 - 2015-02-19 20:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-05-12 05:31 - 2015-02-19 19:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-05-12 05:31 - 2015-02-19 19:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-05-12 05:31 - 2015-02-12 21:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-12 05:31 - 2015-02-12 21:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-05-12 05:31 - 2015-02-02 19:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-05-12 05:31 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2015-05-12 05:31 - 2015-02-02 19:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-12 05:31 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-05-12 05:31 - 2015-01-30 15:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-05-12 05:31 - 2015-01-16 18:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-05-12 05:31 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-12 05:31 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-05-12 05:31 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-05-12 05:31 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-05-12 05:31 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-05-12 05:31 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-12 05:31 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-05-12 05:31 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-05-12 05:31 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-05-12 05:31 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2015-05-12 05:31 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-12 05:31 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2015-05-12 05:31 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-05-12 05:31 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2015-05-12 05:31 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2015-05-12 05:31 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-05-12 05:31 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2015-05-12 05:31 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-05-12 05:31 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-05-12 05:31 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2015-05-12 05:31 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2015-05-12 05:31 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2015-05-12 05:31 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2015-05-12 05:31 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-05-12 05:31 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-05-12 05:31 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-05-12 05:31 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-05-12 05:31 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2015-05-12 05:31 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2015-05-12 05:31 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2015-05-12 05:31 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-05-12 05:31 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-05-12 05:28 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-05-12 05:28 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-05-12 05:26 - 2015-02-03 19:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2015-05-12 05:26 - 2015-02-03 18:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-07 22:44 - 2015-05-07 22:44 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{D9AA8567-56E9-4540-ABDF-0F5ABF8FCAA1}
2015-05-07 21:22 - 2015-05-12 12:20 - 00002707 _____ () C:\Windows\setupact.log
2015-05-07 21:22 - 2015-05-07 21:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-01 06:08 - 2015-05-01 06:08 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{BA1B595B-A5F0-4C5A-AD80-6A52F9EE3FAC}
2015-04-28 13:16 - 2015-04-28 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-28 12:43 - 2015-04-28 12:43 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{898106AA-AC0D-49B1-B77C-5715DB7B1718}
2015-04-16 01:11 - 2015-04-16 01:11 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{4BF9E1BC-3F63-44BF-BC0F-D8006D4676FD}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 07:45 - 2012-07-04 04:00 - 00126698 _____ () C:\Windows\PFRO.log
2015-05-15 07:45 - 2012-05-23 00:13 - 00000135 _____ () C:\service.log
2015-05-15 07:45 - 2012-05-23 00:10 - 00024072 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-12 12:37 - 2009-07-13 20:45 - 00003072 _____ () C:\Windows\System32\umstartup.etl
2015-05-12 12:26 - 2012-07-04 01:41 - 00000000 ____D () C:\ProgramData\WRData
2015-05-12 12:23 - 2012-07-04 02:55 - 00000747 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-05-12 12:20 - 2014-11-24 01:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 12:20 - 2014-03-14 00:02 - 00000374 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2015-05-12 12:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 12:15 - 2012-05-21 21:41 - 01514122 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 12:04 - 2009-07-13 20:45 - 00015040 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:04 - 2009-07-13 20:45 - 00015040 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:00 - 2009-07-13 21:13 - 00780616 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-12 11:48 - 2014-11-24 01:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 10:05 - 2012-05-23 21:14 - 00000000 ____D () C:\ProgramData\AMD
2015-05-12 10:04 - 2012-05-22 23:54 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-05-12 09:44 - 2012-07-04 01:04 - 00764482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-12 09:43 - 2012-05-22 05:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-12 09:39 - 2012-05-22 23:57 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-05-12 09:37 - 2012-05-23 21:10 - 00000000 ____D () C:\AMD
2015-05-12 07:45 - 2014-02-18 02:35 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\vlc
2015-05-12 06:08 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-12 06:07 - 2009-07-13 20:45 - 00266992 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-12 05:43 - 2012-05-22 23:50 - 00057952 _____ () C:\Users\Dermott\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-12 05:41 - 2014-01-26 18:02 - 00000000 ____D () C:\Windows\System32\MRT
2015-05-09 04:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-05-07 21:29 - 2012-07-04 01:41 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-05-07 21:29 - 2012-07-04 01:41 - 00116224 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2015-05-07 21:29 - 2012-07-04 01:41 - 00103816 _____ (Webroot) C:\Windows\System32\WRusr.dll
2015-05-07 21:22 - 2015-03-06 23:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-01 11:49 - 2014-11-24 01:38 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-01 06:51 - 2014-03-02 17:06 - 00000000 ____D () C:\Windows\Minidump
2015-05-01 06:47 - 2014-06-06 20:10 - 00000000 ____D () C:\Users\Dermott\Desktop\Downloads 1
2015-04-16 00:56 - 2012-05-23 20:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 00:56 - 2012-05-23 20:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 00:55 - 2012-05-24 01:48 - 00000000 ____D () C:\Users\Dermott\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Dermott\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\Dermott\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Dermott\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12286.3 MB
Available physical RAM: 11286.13 MB
Total Pagefile: 12284.45 MB
Available Pagefile: 11290.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:7.16 GB) NTFS
Drive e: (Storage) (Fixed) (Total:1765.36 GB) (Free:1639.33 GB) NTFS
Drive g: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B8C8AAA3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1765.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=06)


LastRegBack: 2015-05-07 22:12

==================== End Of Log ============================



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:12 PM

Posted 15 May 2015 - 12:25 PM


Step 1

frst.pngfrstfixre.png

Please download the fixlist to your rufus-128.png flash drive and save it in the same directory as FRST.
Start FRST again and press the FIX Button.

 

Attached File  fixlist.txt   330bytes   5 downloads


Step 2

frst.pngfrstsearch.png

  • Start FRST.
  • Write the following text into the Search textbox:
svchost.exe
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Rumpunch

Rumpunch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 15 May 2015 - 12:49 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by SYSTEM at 2015-05-16 01:41:36 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe C:\Windows\SysWOW64\svchost.exe
Replace: C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe C:\Windows\System32\svchost.exe
*****************

Could not find C:\Windows\SysWOW64\svchost.exe
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe copied successfully to C:\Windows\SysWOW64\svchost.exe
Could not find C:\Windows\System32\svchost.exe
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe copied successfully to C:\Windows\System32\svchost.exe

==== End of Fixlog 01:41:36 ====

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by SYSTEM on MININT-8COGD33 on 16-05-2015 01:44:04
Running from G:\
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6452256 2008-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-07] (Webroot)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6137432 2011-12-19] (Telstra)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Dermott\...\Policies\system: [DisableCMD] 0
HKU\Dermott\...\Policies\system: [NoDispAppearancePage] 0
HKU\Dermott\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Dermott\...\Policies\system: [NoDispSettingsPage] 0
HKU\Dermott\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Dermott\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Dermott\...\Policies\Explorer: [NoControlPanel] 0
HKU\Dermott\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Dermott\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Dermott\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Dermott\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Dermott\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Dermott\...\Policies\Explorer: [NoFind] 0
HKU\Dermott\...\Policies\Explorer: [NoFile] 0
HKU\Dermott\...\Policies\Explorer: [HideClock] 0
HKU\Dermott\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Dermott\...\Policies\Explorer: [NoSetFolders] 0
HKU\Dermott\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Dermott\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Dermott\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Dermott\...\Policies\Explorer: [NoDFSTab] 0
HKU\Dermott\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Dermott\...\Policies\Explorer: [NoLogoff] 0
HKU\Dermott\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Dermott\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Dermott\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Dermott\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Dermott\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Dermott\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Dermott\...\Policies\Explorer: [NoStartMenuSubFolders] 0

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2008-12-08] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-07-26] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-07-26] ()
S2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-23] (Sierra Wireless, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-07] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2011-10-03] (HandSet Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-04] (Duplex Secure Ltd.)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-07] (Webroot)
S3 zgdcat; C:\Windows\System32\DRIVERS\zgdcat.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\System32\DRIVERS\zgdcdiag.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\System32\DRIVERS\zgdcmdm.sys [130200 2011-12-19] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\System32\DRIVERS\zgdcnet.sys [169496 2011-12-19] (ZTE Incorporated)
S0 SR; No ImagePath
S2 srservice; No ImagePath
S0 wRejYbrd; System32\drivers\wRejYbrd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 01:41 - 2009-07-13 17:39 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\svchost.exe
2015-05-16 01:41 - 2009-07-13 17:14 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2015-05-15 12:19 - 2015-05-16 01:44 - 00000000 ____D () C:\FRST
2015-05-12 12:13 - 2015-05-12 12:13 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\One System Care
2015-05-12 12:12 - 2015-05-12 12:22 - 00000280 _____ () C:\Windows\Tasks\One System CareStartUp.job
2015-05-12 12:12 - 2015-05-12 12:20 - 00000280 _____ () C:\Windows\Tasks\One System CarePeriod.job
2015-05-12 12:12 - 2015-05-12 12:12 - 00003256 _____ () C:\Windows\System32\Tasks\One System Care Monitor
2015-05-12 12:12 - 2015-05-12 12:12 - 00002860 _____ () C:\Windows\System32\Tasks\One System CarePeriod
2015-05-12 12:12 - 2015-05-12 12:12 - 00002558 _____ () C:\Windows\System32\Tasks\One System CareStartUp
2015-05-12 12:12 - 2015-05-12 12:12 - 00001105 _____ () C:\Users\Public\Desktop\Launch One System Care.lnk
2015-05-12 12:12 - 2015-05-12 12:12 - 00000000 ____D () C:\Program Files (x86)\OneSystemCare
2015-05-12 12:11 - 2015-05-12 12:11 - 00001271 _____ () C:\Users\Public\Desktop\Driver Sweeper.lnk
2015-05-12 12:11 - 2015-05-12 12:11 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\OpenCandy
2015-05-12 12:11 - 2015-05-12 12:11 - 00000000 ____D () C:\Program Files (x86)\Phyxion.net
2015-05-12 12:09 - 2015-05-12 12:09 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-12 12:09 - 2015-05-12 12:09 - 00000860 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-12 12:09 - 2015-05-12 12:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-12 12:06 - 2015-05-12 12:07 - 05429372 _____ (Phyxion.net ) C:\Users\Dermott\Downloads\DriverSweeper_3.2.0.exe
2015-05-12 12:05 - 2015-05-12 12:06 - 06484352 _____ (Piriform Ltd) C:\Users\Dermott\Downloads\ccsetup505.exe
2015-05-12 11:20 - 2015-05-12 11:20 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\AMD
2015-05-12 10:06 - 2015-05-12 10:06 - 00000000 ____D () C:\ProgramData\ATI
2015-05-12 10:05 - 2015-05-12 10:05 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201505130205219679.log
2015-05-12 10:05 - 2015-05-12 10:05 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-05-12 10:04 - 2015-05-12 10:04 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-05-12 09:46 - 2015-05-12 09:50 - 00000000 ____D () C:\Program Files\AMD
2015-05-12 09:30 - 2015-05-12 09:31 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Dermott\Downloads\autodetectutility.exe
2015-05-12 08:41 - 2015-05-12 08:41 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{C6153AA8-9D4B-4372-86E7-B833105ABF7D}
2015-05-12 05:37 - 2015-05-12 05:37 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-05-12 05:37 - 2015-05-12 05:37 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-05-12 05:37 - 2015-05-12 05:37 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-05-12 05:32 - 2015-02-02 19:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-05-12 05:32 - 2015-02-02 19:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-05-12 05:32 - 2015-02-02 19:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-05-12 05:32 - 2015-02-02 19:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2015-05-12 05:32 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2015-05-12 05:32 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2015-05-12 05:32 - 2015-02-02 19:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-05-12 05:32 - 2015-02-02 19:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
2015-05-12 05:32 - 2015-02-02 19:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2015-05-12 05:32 - 2015-02-02 19:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2015-05-12 05:32 - 2015-02-02 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2015-05-12 05:32 - 2015-02-02 19:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2015-05-12 05:32 - 2015-02-02 19:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-05-12 05:32 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-05-12 05:32 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-05-12 05:32 - 2015-02-02 19:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-05-12 05:32 - 2015-02-02 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-05-12 05:32 - 2015-02-02 19:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-05-12 05:32 - 2015-02-02 19:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-05-12 05:32 - 2015-02-02 18:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-05-12 05:32 - 2014-10-31 14:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-05-12 05:32 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-05-12 05:32 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-05-12 05:31 - 2015-03-24 19:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-05-12 05:31 - 2015-03-24 19:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-05-12 05:31 - 2015-03-24 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-05-12 05:31 - 2015-03-24 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-12 05:31 - 2015-03-24 19:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-12 05:31 - 2015-03-24 19:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-12 05:31 - 2015-03-16 21:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-05-12 05:31 - 2015-03-16 21:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-05-12 05:31 - 2015-03-16 21:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-05-12 05:31 - 2015-03-16 21:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-05-12 05:31 - 2015-03-16 21:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-05-12 05:31 - 2015-03-16 21:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-05-12 05:31 - 2015-03-16 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-05-12 05:31 - 2015-03-16 21:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-05-12 05:31 - 2015-03-16 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-05-12 05:31 - 2015-03-16 21:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-05-12 05:31 - 2015-03-16 21:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-05-12 05:31 - 2015-03-16 21:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-05-12 05:31 - 2015-03-16 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 21:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 05:31 - 2015-03-16 21:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 05:31 - 2015-03-16 20:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 05:31 - 2015-03-16 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 05:31 - 2015-03-16 20:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 05:31 - 2015-03-16 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 05:31 - 2015-03-16 20:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 05:31 - 2015-03-16 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 05:31 - 2015-03-16 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 05:31 - 2015-03-16 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 05:31 - 2015-03-16 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 05:31 - 2015-03-16 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 05:31 - 2015-03-09 19:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-05-12 05:31 - 2015-03-09 19:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-05-12 05:31 - 2015-03-09 19:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-12 05:31 - 2015-03-09 19:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-12 05:31 - 2015-03-04 21:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-05-12 05:31 - 2015-03-04 20:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-12 05:31 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2015-05-12 05:31 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2015-05-12 05:31 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-12 05:31 - 2015-02-25 19:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-05-12 05:31 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2015-05-12 05:31 - 2015-02-19 20:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-05-12 05:31 - 2015-02-19 20:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-12 05:31 - 2015-02-19 20:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-05-12 05:31 - 2015-02-19 20:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-05-12 05:31 - 2015-02-19 19:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-05-12 05:31 - 2015-02-19 19:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-05-12 05:31 - 2015-02-12 21:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-12 05:31 - 2015-02-12 21:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-05-12 05:31 - 2015-02-02 19:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-05-12 05:31 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2015-05-12 05:31 - 2015-02-02 19:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-12 05:31 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-05-12 05:31 - 2015-01-30 15:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-05-12 05:31 - 2015-01-16 18:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-05-12 05:31 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-12 05:31 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-05-12 05:31 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-05-12 05:31 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-05-12 05:31 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-05-12 05:31 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-12 05:31 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-05-12 05:31 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-05-12 05:31 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-05-12 05:31 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2015-05-12 05:31 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-12 05:31 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2015-05-12 05:31 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-05-12 05:31 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2015-05-12 05:31 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2015-05-12 05:31 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-05-12 05:31 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2015-05-12 05:31 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-05-12 05:31 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-05-12 05:31 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2015-05-12 05:31 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2015-05-12 05:31 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2015-05-12 05:31 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2015-05-12 05:31 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-05-12 05:31 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-05-12 05:31 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-05-12 05:31 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-05-12 05:31 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2015-05-12 05:31 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2015-05-12 05:31 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-05-12 05:31 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2015-05-12 05:31 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-05-12 05:31 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-05-12 05:28 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-05-12 05:28 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-05-12 05:26 - 2015-02-03 19:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2015-05-12 05:26 - 2015-02-03 18:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-07 22:44 - 2015-05-07 22:44 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{D9AA8567-56E9-4540-ABDF-0F5ABF8FCAA1}
2015-05-07 21:22 - 2015-05-12 12:20 - 00002707 _____ () C:\Windows\setupact.log
2015-05-07 21:22 - 2015-05-07 21:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-01 06:08 - 2015-05-01 06:08 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{BA1B595B-A5F0-4C5A-AD80-6A52F9EE3FAC}
2015-04-28 13:16 - 2015-04-28 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-28 12:43 - 2015-04-28 12:43 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{898106AA-AC0D-49B1-B77C-5715DB7B1718}
2015-04-16 01:11 - 2015-04-16 01:11 - 00000000 ____D () C:\Users\Dermott\AppData\Local\{4BF9E1BC-3F63-44BF-BC0F-D8006D4676FD}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 07:45 - 2012-07-04 04:00 - 00126698 _____ () C:\Windows\PFRO.log
2015-05-15 07:45 - 2012-05-23 00:13 - 00000135 _____ () C:\service.log
2015-05-15 07:45 - 2012-05-23 00:10 - 00024072 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-12 12:37 - 2009-07-13 20:45 - 00003072 _____ () C:\Windows\System32\umstartup.etl
2015-05-12 12:26 - 2012-07-04 01:41 - 00000000 ____D () C:\ProgramData\WRData
2015-05-12 12:23 - 2012-07-04 02:55 - 00000747 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-05-12 12:20 - 2014-11-24 01:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 12:20 - 2014-03-14 00:02 - 00000374 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2015-05-12 12:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 12:15 - 2012-05-21 21:41 - 01514122 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 12:04 - 2009-07-13 20:45 - 00015040 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:04 - 2009-07-13 20:45 - 00015040 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:00 - 2009-07-13 21:13 - 00780616 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-12 11:48 - 2014-11-24 01:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 10:05 - 2012-05-23 21:14 - 00000000 ____D () C:\ProgramData\AMD
2015-05-12 10:04 - 2012-05-22 23:54 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-05-12 09:44 - 2012-07-04 01:04 - 00764482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-12 09:43 - 2012-05-22 05:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-12 09:39 - 2012-05-22 23:57 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-05-12 09:37 - 2012-05-23 21:10 - 00000000 ____D () C:\AMD
2015-05-12 07:45 - 2014-02-18 02:35 - 00000000 ____D () C:\Users\Dermott\AppData\Roaming\vlc
2015-05-12 06:08 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-12 06:07 - 2009-07-13 20:45 - 00266992 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2015-05-12 06:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-12 05:43 - 2012-05-22 23:50 - 00057952 _____ () C:\Users\Dermott\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-12 05:41 - 2014-01-26 18:02 - 00000000 ____D () C:\Windows\System32\MRT
2015-05-09 04:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-05-07 21:29 - 2012-07-04 01:41 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-05-07 21:29 - 2012-07-04 01:41 - 00116224 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2015-05-07 21:29 - 2012-07-04 01:41 - 00103816 _____ (Webroot) C:\Windows\System32\WRusr.dll
2015-05-07 21:22 - 2015-03-06 23:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-01 11:49 - 2014-11-24 01:38 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-01 06:51 - 2014-03-02 17:06 - 00000000 ____D () C:\Windows\Minidump
2015-05-01 06:47 - 2014-06-06 20:10 - 00000000 ____D () C:\Users\Dermott\Desktop\Downloads 1
2015-04-16 00:56 - 2012-05-23 20:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 00:56 - 2012-05-23 20:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 00:55 - 2012-05-24 01:48 - 00000000 ____D () C:\Users\Dermott\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Dermott\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\Dermott\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Dermott\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12286.3 MB
Available physical RAM: 11295.19 MB
Total Pagefile: 12284.45 MB
Available Pagefile: 11300.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:7.16 GB) NTFS
Drive e: (Storage) (Fixed) (Total:1765.36 GB) (Free:1639.33 GB) NTFS
Drive g: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B8C8AAA3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1765.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=06)


LastRegBack: 2015-05-07 22:12

==================== End Of Log ============================



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:12 PM

Posted 15 May 2015 - 12:54 PM

Please follow my instructions more carefully.

 

Step 2 is missing. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Rumpunch

Rumpunch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 15 May 2015 - 01:27 PM

sorry about that take two.

 

Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by SYSTEM at 2015-05-16 02:23:29
Running from G:\
Boot Mode: Recovery

================== Search Files: "svchost.exe" =============

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 15:19][2009-07-13 17:14] 0020992 ____N (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\SysWOW64\svchost.exe
[2015-05-16 01:41][2009-07-13 17:14] 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\System32\svchost.exe
[2015-05-16 01:41][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

X:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

X:\Windows\System32\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

====== End Of Search ======



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:12 PM

Posted 15 May 2015 - 01:38 PM

Please try to boot in normal mode again. If it doesn't work for you, repeat the "search" please.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Rumpunch

Rumpunch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 15 May 2015 - 02:10 PM

It booted up which is great ,but was greeted by the malware "one System care " scan popup, the f**king Filthy culprits. :-)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users