Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all of the above infections, for a while now, very weird info


  • This topic is locked This topic is locked
7 replies to this topic

#1 kiston

kiston

  • Banned
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 17 July 2015 - 08:42 AM

my comp is a Lenovo h405 windows 7 64bit. I am verrrrry inclined to believe that I have a rootkit/hijacker/worm. a while back I got infected and got zero access, removed the zero access but the prescense of malware was still there so I decided I had to format and reinstall windows. everything was fine, but instead of updating windows right away I came here to download all the recommended malware protection. problem is, after downloading a malwarebytes/hitmanpro /mse/ avg /emisoft/mrt, aswell as league of legends. before I know it I have avg reporting changed apps. for me to get infected again was either because every computer in my network is infected, or because I didn't install the windows updates first. most of the scanners wont find anything, and when I went to update windows half of the updates wouldn't install - format again I thought, but download the updates first. after a few more formats, I realized I am no match for this thing.

 

on a diff computer in a different room, I started digging into program folders that I use, specifically league of legends. inside the folder I found logs that were referencing http:// (ip address)static. client bundle or addresses close to that. im a little scared to check it exactly, when I first saw it, I copied the address and googled it, INSTANTLY my internet went down for that computer, I reset the modem but only the other computers internet came back. actually with the amount of formats ive been doing recently im going to post a few lines of logs for league of legends (note this is the only program ive checked the folder for because it was acting as weird as my other programs.

 

NOTE: the logs seemed suspicious and based on the passed few days I knew to make copies of anything I might need to look at.

 

suspiscious logs in league of legends (I was already weary of league since it started taking a log of bandwidth to random ips:

 

OKAY| Transition #0: TRANSITION COMPLETE. (http://127.0.0.1:55402/static/bundle-vendor-lib/public/bower_components/ember/ember.js:3521)
000047.647|       0.0000kb|      0.0000kb added|   OKAY| DEBUG: For more advanced debugging, install the Ember Inspector from https://chrome.google.com/webstore/detail/ember-inspector/bmdblncegkenkacieihfhpjfppoconhi (http://127.0.0.1:55402/static/bundle-vendor-lib/public/bower_components/ember/ember.js:3521)
000047.647|       0.0000kb|      0.0000kb added|   OKAY| frame loaded (http://127.0.0.1:55402/static/bundle-chrome/src/js/lib/chrome.js:20)

 

 

 

 

I read in some texts and registrys "mouse intercept hook" aswell as "url hooks", so I googled hook and stumbled upon what looks like to be a hijacks fourm, just like bleeping computers but every1 was posting comments on how to do malicious things. one guy said to another, "put your *whatever he said) inside the app data folder because its the norm. so I used that info to my advantage and checked my app data folder which was hidden, found quite a few regtrans files.

 

MSDTC_BRIDGE_REPLAYRETRYCOUNTPERINTERVAL_015_NAME=Liczba komunikatów „Replay retry”/s
MSDTC_BRIDGE_REPLAYRETRYCOUNTPERINTERVAL_015_HELP=Liczba wysłanych w ciągu sekundy przez usługę WS-AT komunikatów „Replay retry”.

MSDTC_BRIDGE_FAULTSRECEIVEDCOUNTPERINTERVAL_015_NAME=Liczba odebranych komunikatów „Fault”/s
MSDTC_BRIDGE_FAULTSRECEIVEDCOUNTPERINTERVAL_015_HELP=Liczba komunikatów „Fault” otrzymanych w ciągu sekundy przez usługę WS-AT.

MSDTC_BRIDGE_FAULTSSENTCOUNTPERINTERVAL_015_NAME=Liczba wysłanych komunikatów „Fault”/s
MSDTC_BRIDGE_FAULTSSENTCOUNTPERINTERVAL_015_HELP=Liczba komunikatów „Fault” wysłanych w ciągu sekundy przez usługę WS-AT.

MSDTC_BRIDGE_AVERAGEPARTICIPANTPREPARERESPONSETIME_015_NAME=Średni czas przygotowywania odpowiedzi

this was found in one of the many many configure settings inside of c:/windows/inf, tho on this part im not sure.

 

not too sure what else to say, ive scanned with many antiviruses

svchost

lsass.exe

these have both shown very peculiar activity, with one of my first formats AVG reported lsass as a changed application. combofix ended up messing my computer up regardless of following directions. avg eports like 230 files locked that cant be scanned, hitmanpro early warning sign scoring gave me around 10 suspiscious files that are windows protected, since they are in system folders, one for example being lsass.exe which it scored 13.0, and another scored 15.0

 

also a few windows protected files appeared 2 days after a format, cant quarantine, and deleteing them makes comp unbootable. MRT does not fix.

settings and programs change

trustedinstaller will have control of random reg keys and files, and be running regardless of being disabled in services.

EVEN AT THIS SITE. links will download infected programs or something. sometimes if I check a link to a program I use a lot, the properties or download site will be random.

id have a lot of network accesss problems, start troubleshooter, and itd go thro the whole "find problems, attempting to fix, resetting local adapter, then it'll shoot to windows couldn't find a problem/uknown error is preventing troubleshooting from starting" , somewhere in the registry I read the command for this. it was like show troubleshooting message clean or some type of emulator I cant remeembert specifally atm.

 

it looks like a Asian-oriented hijack might be apart of all this, at one point I (this has been going on for a while ive been trying my hardest but to no avail) it said one of my files had the owner or some name in Chinese or something, I couldn't read it. earlier today (ive only installed 2-3 programs and specifally no language packs) inside a folder I have a set of helppanes, but they were in Chinese.

 

ie sometimes has random proxys

 

if I check last date modified time, a lot of my folders will be recently touched when I was l afk or doing something irrelevant

 

. _HelpEnum_016_0_Message="Example: List all shell instances on a machine:"
X_HelpEnum_017_0_Message="  winrm enum shell/cmd -remote:srv.corp.com"
L_HelpEnum_018_0_Message=""
L_HelpEnum_019_0_Message="Example: List resources accessible to the current user:"
X_HelpEnum_020_0_Message="  winrm enum winrm/config/resource"
L_HelpEnum_021_0_Message=""
L_HelpEnum_022_0_Message="Example: List all certmapping settings:"
X_HelpEnum_023_0_Message="  winrm enum winrm/config/service/certmapping"

 

just a small part of a ini file I found

 

- this appears EVVVVERYWHERE

 

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

as desktop.ini

 

lastly as another detail to helping figure this out, when I had avg installed, by checking firewall logs Id CONSTANTLY have blocked pings, literally like every second, some going out and some in. ports for 1 was like 5355 or something, aswell was "filter device" and even scvhost being blocked by avg.

 

too much info, I appreciate every1 who cared enough to click this thread regardless if u can help. thanks
 

 



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:21 AM

Posted 18 July 2015 - 11:42 AM

:welcome:  to BleepingComputer! 
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

 

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.  :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started  :thumbup2:

===================================================

 

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

 

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

 

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Edited by jntkwx, 18 July 2015 - 11:43 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 kiston

kiston
  • Topic Starter

  • Banned
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 19 July 2015 - 11:05 PM

Sorry for the delayed response jason. this infection is worse than i can comprehend. on secure sites i get page cannot be displayed site when clicking on some links. ive noticed certain parts of sites are also blocked from my access, like words, phrases, and especially some sites. ontop of that, my shortcuts become "ink". if that wasnt the worst, ive been downloadiong AV programs frm here and google, that i now believe have been proxied and are more viruses. the same symptoms i have are on the computers in the house.  even my iphone has discussions where users references are just "   "   without the quotes. im in linux right now, i will start from step 6 as soon as install windows 7 again and then add to this post.  when i searched the host on my other computer the internet shut down, so im a little weary but i dont want to miss this chance incase you dont see what i see. im going to press post, then edit this post with that log again, then ill edit again starting from step 6 tonight.

 

1st edit: a link with the article i believe was about the worm/rootkit or whatever i have was at  https://support.microsoft.com/en-us/kb/303807 , if i inspect element i no follow external link 3 l 0 l 3 l 8 l 0 l 7 without the letters or spaces seems to be the only clue i have atm. im only posting this because atm eset rescue disk was running (started before i saw ur post) 

link im looking at right now is http://www.bleepingcomputer.com/fourms/public/is/3rd_party/prettyif. variables <------- IF ANY1 SKIMMING THRO THIS DONT CLICK THAT LINK POSSIBLE MALWARE (or im just being paranoid atm looking dumb)

 

will be back lsoon with edit #2

 

I know I said id get on last night but the thing strips my c drive of everything but the boot files and puts it on a e drive... I used an image to flash back to a few days ago, but note at this point, im not sure what updates I have. the malware kept me from updating security, once I was able to get on I went straight to step 6. also, the virus,names gen-goo and vundo popped up in a scan I did while using a boot cd to restore the image, and my hosts file keeps getting reset, incase that helps..

 

ADDITION-

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by keystone at 2015-07-20 10:55:03
Running from C:\Users\keystone\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-459740778-4256942885-4137819150-500 - Administrator - Disabled)
Guest (S-1-5-21-459740778-4256942885-4137819150-501 - Limited - Disabled)
keystone (S-1-5-21-459740778-4256942885-4137819150-1000 - Administrator - Enabled) => C:\Users\keystone

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{493B228C-FD32-8067-121C-32FF67DE8355}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
FanSpeedControl (HKLM-x32\...\InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}) (Version: 1.00.00.13 - Lenovo)
FanSpeedControl (x32 Version: 1.00.00.13 - Lenovo) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0159 - REALTEK Semiconductor Corp.)
SMCWUSB-G 802.11g Wireless USB 2.0 Adapter (HKLM-x32\...\InstallShield_{802C87BF-3A1E-45B0-8C12-9527A5C572B3}) (Version: 2.0.0.00 - SMC Networks, Inc)
SMCWUSB-G 802.11g Wireless USB 2.0 Adapter (x32 Version: 2.0.0.00 - SMC Networks, Inc) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B23514C-5E71-4492-8988-B1B87AEF0B71} - System32\Tasks\{68FA45B8-762A-4E43-918D-5E5EE064022E} => pcalua.exe -a C:\Users\keystone\Downloads\ID1VDO05WW6.exe -d C:\Users\keystone\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2007-06-22 18:14 - 2007-06-22 18:14 - 01077248 ____N () C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
2007-06-22 18:14 - 2007-06-22 18:14 - 00118784 _____ () C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\iface.dll
2004-12-08 11:23 - 2004-12-08 11:23 - 01531980 ____N () C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\WCN_DLL.dll
2007-06-22 18:03 - 2007-06-22 18:03 - 00405504 ____N () C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\res.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-459740778-4256942885-4137819150-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\keystone\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/20/2015 10:34:03 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:03 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index server cannot find a description of the content index in its database. Search will automatically attempt to recreate the content index description.  If this problem persists, stop and restart the search service and, if necessary, delete  and recreate the content index.  (HRESULT : 0x80041181) (0x80041181)

Error: (07/20/2015 10:31:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2015 06:45:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/20/2015 10:34:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/20/2015 10:34:05 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (07/20/2015 10:29:50 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff8a002f20f15, 0x0000000000000000, 0xfffff88004937f6b, 0x0000000000000000)C:\Windows\MEMORY.DMP072015-26972-01

Error: (07/04/2015 06:44:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (07/04/2015 06:42:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (07/04/2015 06:41:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB3055642).

Error: (07/04/2015 06:41:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB3048761).

Error: (07/04/2015 06:41:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB3068708).

Error: (07/04/2015 06:41:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB3050265).

Error: (07/04/2015 06:41:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB3020370).

Microsoft Office:
=========================
Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/20/2015 10:34:05 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/20/2015 10:34:03 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/20/2015 10:34:03 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index server cannot find a description of the content index in its database. Search will automatically attempt to recreate the content index description.  If this problem persists, stop and restart the search service and, if necessary, delete  and recreate the content index.  (HRESULT : 0x80041181) (0x80041181)

Error: (07/20/2015 10:31:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2015 06:45:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: AMD Athlon™ II X4 645 Processor
Percentage of memory in use: 31%
Total physical RAM: 5886.05 MB
Available physical RAM: 4032.34 MB
Total Virtual: 11770.29 MB
Available Virtual: 9661.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:902.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (F4UBCD v4.61) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 318CFF6F)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of log ============================

 

the other 1 -

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by keystone (administrator) on KEYSTONE-PC on 20-07-2015 10:54:33
Running from C:\Users\keystone\Desktop
Loaded Profiles: keystone (Available Profiles: keystone)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
() C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
(Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
(Emsisoft Ltd) C:\EEK\bin\a2emergencykit.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LenovoFSC] => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMCWUSB-G 802.11g Wireless USB Utility.lnk [2015-07-04]
ShortcutTarget: SMCWUSB-G 802.11g Wireless USB Utility.lnk -> C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-459740778-4256942885-4137819150-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{0EA67F3D-54C8-4657-9275-C96E187CE1DE}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{4686EDFD-EFA2-4C10-B223-6E8C2032F004}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{8BBC1CA4-A635-4D95-82E0-A92C1358B1F3}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{DD345446-4D9F-40F2-B810-8402A69D6905}: [DhcpNameServer] 71.10.216.1 71.10.216.2

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-04-16] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
S1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-05] (Emsisoft GmbH)
R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 10:54 - 2015-07-20 10:54 - 00004506 _____ C:\Users\keystone\Desktop\FRST.txt
2015-07-20 10:52 - 2015-07-20 10:54 - 00000000 ____D C:\FRST
2015-07-20 10:51 - 2015-07-20 10:52 - 02135552 _____ (Farbar) C:\Users\keystone\Desktop\FRST64.exe
2015-07-20 10:29 - 2015-07-20 10:29 - 284531600 _____ C:\Windows\MEMORY.DMP
2015-07-20 10:29 - 2015-07-20 10:29 - 00275152 _____ C:\Windows\Minidump\072015-26972-01.dmp
2015-07-20 10:29 - 2015-07-20 10:29 - 00000000 ____D C:\Windows\Minidump
2015-07-04 18:44 - 2015-07-04 18:44 - 00000000 ____D C:\ProgramData\SuperIO
2015-07-04 18:42 - 2015-07-04 18:42 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-07-04 18:39 - 2015-07-04 18:39 - 02244096 _____ C:\Users\keystone\Downloads\AdwCleaner.exe
2015-07-04 18:38 - 2015-07-04 18:38 - 02244096 _____ C:\Users\keystone\Downloads\adwcleaner_4.207.exe
2015-07-04 18:37 - 2015-07-20 10:32 - 00000000 ____D C:\EEK
2015-07-04 18:37 - 2015-07-05 00:14 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-07-04 18:37 - 2015-07-04 18:37 - 00000743 _____ C:\Users\keystone\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-04 18:30 - 2015-07-04 18:31 - 00000000 ____D C:\Windows\system32\MRT
2015-07-04 18:28 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-04 18:28 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-04 18:26 - 2015-06-01 12:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-04 18:26 - 2015-06-01 11:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-04 18:26 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-04 18:26 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-04 18:26 - 2015-05-22 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-04 18:26 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-04 18:26 - 2015-05-22 20:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-04 18:26 - 2015-05-22 20:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-04 18:26 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-04 18:26 - 2015-05-22 20:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-04 18:26 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-04 18:26 - 2015-05-22 20:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-04 18:26 - 2015-05-22 20:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-04 18:26 - 2015-05-22 20:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-04 18:26 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-04 18:26 - 2015-05-22 20:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-04 18:26 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-04 18:26 - 2015-05-22 19:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-04 18:26 - 2015-05-22 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-04 18:26 - 2015-05-22 19:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-04 18:26 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-04 18:26 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-04 18:26 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-04 18:26 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-04 18:26 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-04 18:26 - 2015-05-22 19:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-04 18:26 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-04 18:26 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-04 18:26 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-04 18:26 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-04 18:26 - 2015-05-22 12:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-04 18:26 - 2015-05-22 12:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-04 18:26 - 2015-05-22 12:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-04 18:26 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-04 18:26 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-04 18:26 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-04 18:26 - 2015-05-22 12:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-04 18:26 - 2015-05-22 11:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-04 18:26 - 2015-05-22 11:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-04 18:26 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-04 18:26 - 2015-05-22 11:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-04 18:26 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-04 18:26 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-04 18:26 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-04 18:26 - 2015-05-22 11:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-04 18:26 - 2015-05-22 11:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-04 18:26 - 2015-05-22 11:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-04 18:26 - 2015-05-22 11:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-04 18:26 - 2015-05-22 11:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-04 18:26 - 2015-05-22 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-04 18:26 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-04 18:26 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-04 18:26 - 2015-05-22 11:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-04 18:26 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-04 18:26 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-04 18:26 - 2015-05-22 11:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-04 18:26 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-04 18:26 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-04 18:26 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-04 18:26 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-04 18:23 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-04 18:23 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-04 18:23 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-04 18:23 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-04 18:23 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-04 18:23 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-04 18:23 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-04 18:23 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-04 18:23 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-04 18:23 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-04 18:23 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-04 18:23 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-04 18:23 - 2015-04-03 20:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-04 18:23 - 2015-04-03 20:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-04 18:23 - 2015-04-03 20:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-04 18:23 - 2015-04-03 20:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-04 18:23 - 2015-04-03 20:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-04 18:23 - 2015-04-03 20:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-04 18:23 - 2015-04-03 20:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-04 18:23 - 2015-04-03 20:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-04 18:23 - 2015-04-03 20:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-04 18:23 - 2015-04-03 20:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-04 18:23 - 2015-04-03 20:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-04 18:23 - 2015-04-03 20:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-04 18:23 - 2015-04-03 20:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-04 18:23 - 2015-04-03 20:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-04 18:23 - 2015-04-03 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-04 18:23 - 2015-04-03 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-04 18:23 - 2015-04-03 20:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-04 18:23 - 2015-04-03 20:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-04 18:23 - 2015-04-03 20:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-04 18:23 - 2015-04-03 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-04 18:23 - 2015-04-03 19:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-04 18:22 - 2015-05-22 11:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-04 18:22 - 2015-05-22 11:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-04 18:22 - 2015-05-22 11:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-04 18:22 - 2015-05-22 11:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-04 18:22 - 2015-05-22 11:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-04 18:22 - 2015-05-22 11:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-04 18:22 - 2015-05-22 11:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-04 18:22 - 2015-05-21 06:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-04 18:22 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-04 18:22 - 2015-05-08 20:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-04 18:22 - 2015-05-08 20:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-04 18:22 - 2015-05-08 20:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-04 18:22 - 2015-05-08 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-04 18:22 - 2015-05-08 20:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-04 18:22 - 2015-05-08 20:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-04 18:22 - 2015-05-08 20:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-04 18:22 - 2015-05-08 20:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-04 18:22 - 2015-05-08 20:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-04 18:22 - 2015-05-08 20:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-04 18:22 - 2015-05-08 20:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-04 18:22 - 2015-05-08 20:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-04 18:22 - 2015-05-08 20:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 19:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-04 18:22 - 2015-05-08 19:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-04 18:22 - 2015-05-08 18:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 18:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-04 18:22 - 2015-05-08 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-04 18:22 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-04 18:22 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-04 18:22 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-04 18:22 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-04 18:22 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-04 18:22 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-04 18:22 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-04 18:22 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-04 18:22 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-04 18:22 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-04 18:22 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-04 18:22 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-04 18:22 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-04 18:22 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-04 18:22 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-04 18:22 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-04 18:22 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-04 18:22 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-07-04 18:22 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-07-04 18:22 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-04 18:22 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-04 18:22 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-04 18:22 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-04 18:22 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-04 18:22 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-04 18:22 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-04 18:22 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-04 18:22 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-04 18:22 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-04 18:20 - 2015-07-04 18:36 - 159731272 _____ C:\Users\keystone\Downloads\EmsisoftEmergencyKit.exe
2015-07-04 18:20 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-04 18:20 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-04 18:06 - 2015-07-04 18:06 - 00000000 ____H C:\Users\keystone\Documents\Default.rdp
2015-07-04 17:43 - 2010-03-12 11:23 - 00242720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2015-07-04 17:43 - 2010-03-04 16:30 - 00422432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsUStor.dll
2015-07-04 17:23 - 2015-07-04 17:23 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-07-04 17:21 - 2015-07-04 17:21 - 00000000 ____D C:\ProgramData\Riot Games
2015-07-04 17:20 - 2015-07-04 17:23 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2015-07-04 17:20 - 2010-06-24 09:23 - 00947304 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtl8192ce.sys
2015-07-04 17:20 - 2009-02-05 02:49 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2015-07-04 17:18 - 2015-07-04 17:18 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-07-04 17:17 - 2015-07-04 17:17 - 00000000 ____D C:\Users\keystone\AppData\Local\Downloaded Installations
2015-07-04 17:16 - 2015-07-04 17:16 - 00003150 _____ C:\Windows\System32\Tasks\{68FA45B8-762A-4E43-918D-5E5EE064022E}
2015-07-04 17:13 - 2015-07-04 17:42 - 140216616 _____ (Lenovo Group ) C:\Users\keystone\Downloads\ID1VDO05WW6.exe
2015-07-04 17:10 - 2015-07-04 17:10 - 00006742 _____ C:\Windows\DPINST.LOG
2015-07-04 17:10 - 2015-07-04 17:10 - 00000000 ____D C:\Program Files\DIFX
2015-07-04 17:10 - 2015-07-04 17:10 - 00000000 ____D C:\Program Files (x86)\AMD
2015-07-04 17:10 - 2009-12-22 02:26 - 00038456 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-07-04 17:09 - 2015-07-04 17:43 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-07-04 17:09 - 2015-07-04 17:09 - 00000000 ____D C:\Program Files\ATI
2015-07-04 17:09 - 2010-03-04 16:30 - 09112096 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll
2015-07-04 17:08 - 2015-07-04 17:08 - 00000000 ____D C:\Program Files\ATI Technologies
2015-07-04 17:05 - 2015-07-04 17:19 - 33563808 _____ (Lenovo Group ) C:\Users\keystone\Downloads\ID1FSC07WW6.exe
2015-07-04 17:04 - 2015-07-04 17:40 - 132189320 _____ (Lenovo Group ) C:\Users\keystone\Downloads\ID1VDO25WW5.exe
2015-07-04 17:04 - 2015-07-04 17:39 - 19260672 _____ (Lenovo Group ) C:\Users\keystone\Downloads\ID4WLN04WW5.exe
2015-07-04 17:03 - 2015-07-04 17:41 - 08914024 _____ (Lenovo Group ) C:\Users\keystone\Downloads\ID3CAR08WW5.exe
2015-07-04 17:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-07-04 17:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-07-04 17:03 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-07-04 17:03 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-07-04 17:03 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-07-04 17:02 - 2015-07-04 17:42 - 24197576 _____ (Lenovo Group ) C:\Users\keystone\Downloads\ID2CHP06WW5.exe
2015-07-04 17:00 - 2015-07-04 17:00 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-07-04 17:00 - 2015-07-04 17:00 - 00000000 ____D C:\Riot Games
2015-07-04 17:00 - 2015-07-04 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-07-04 16:52 - 2015-07-04 17:05 - 00000000 ____D C:\Users\keystone\AppData\Roaming\Riot Games
2015-07-04 16:48 - 2015-07-04 16:52 - 27864920 _____ (Riot Games) C:\Users\keystone\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2015-07-04 16:19 - 2015-07-04 16:19 - 00001127 _____ C:\Users\Public\Desktop\SMCWUSB-G 802.11g Wireless USB Utility.lnk
2015-07-04 16:19 - 2015-07-04 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMCWUSB-G 802.11g Wireless USB Utility
2015-07-04 15:14 - 2015-07-04 15:14 - 00058016 _____ C:\Users\keystone\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-04 13:33 - 2015-07-04 13:33 - 00000000 __SHD C:\Users\keystone\AppData\Local\EmieUserList
2015-07-04 13:33 - 2015-07-04 13:33 - 00000000 __SHD C:\Users\keystone\AppData\Local\EmieSiteList
2015-07-04 13:33 - 2015-07-04 13:33 - 00000000 __SHD C:\Users\keystone\AppData\Local\EmieBrowserModeList
2015-07-04 13:25 - 2015-07-04 13:25 - 00008192 __RSH C:\BOOTSECT.BAK
2015-07-04 13:25 - 2015-07-04 12:39 - 00000000 ____D C:\Windows\Panther
2015-07-04 13:25 - 2010-11-20 20:23 - 00383786 __RSH C:\bootmgr
2015-07-04 13:13 - 2015-07-04 13:13 - 00001263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk
2015-07-04 13:13 - 2015-07-04 13:13 - 00001251 _____ C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk
2015-07-04 13:13 - 2015-07-04 13:13 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-07-04 13:13 - 2015-07-04 13:13 - 00000000 ____D C:\Users\keystone\Documents\My eBooks
2015-07-04 13:13 - 2015-07-04 13:13 - 00000000 ____D C:\Users\keystone\AppData\Roaming\InterTrust
2015-07-04 13:13 - 2015-07-04 13:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-04 13:13 - 1998-10-29 15:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-07-04 13:07 - 2015-07-04 17:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-04 12:48 - 2015-07-04 16:19 - 00000000 ____D C:\Program Files (x86)\SMC
2015-07-04 12:47 - 2015-07-04 12:47 - 00000000 ____D C:\Windows\{9CA05E9B-68D2-4EEC-8569-8C474416B082}
2015-07-04 12:40 - 2015-07-20 10:32 - 00000000 ____D C:\Users\keystone
2015-07-04 12:40 - 2015-07-04 15:57 - 00000000 ____D C:\Users\keystone\AppData\Local\VirtualStore
2015-07-04 12:40 - 2015-07-04 13:13 - 00000000 ____D C:\Users\keystone\AppData\Roaming\Adobe
2015-07-04 12:40 - 2015-07-04 12:40 - 00001413 _____ C:\Users\keystone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-04 12:40 - 2015-07-04 12:40 - 00000020 ___SH C:\Users\keystone\ntuser.ini
2015-07-04 12:40 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\keystone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-04 12:40 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\keystone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-04 12:37 - 2015-07-04 12:37 - 00000000 __SHD C:\Recovery
2015-07-04 12:37 - 2015-05-27 00:04 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-04 12:34 - 2015-07-04 12:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-07-04 12:31 - 2015-07-04 12:31 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-07-04 12:31 - 2015-07-04 12:31 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-07-04 12:30 - 2015-07-04 12:30 - 00001355 _____ C:\Windows\TSSysprep.log
2015-07-04 12:29 - 2015-07-20 10:47 - 01094146 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 10:45 - 2009-07-13 21:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 10:45 - 2009-07-13 21:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 10:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-20 10:34 - 2009-07-13 22:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 10:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-20 10:29 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 10:29 - 2009-07-13 21:51 - 00022766 _____ C:\Windows\setupact.log
2015-07-20 10:23 - 2011-04-12 01:28 - 00000000 ____D C:\Windows\CSC
2015-07-20 03:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Msdtc
2015-07-04 18:44 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-04 18:42 - 2009-07-13 21:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-04 18:41 - 2015-04-16 11:56 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-04 18:41 - 2015-04-16 11:56 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-04 18:41 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-04 18:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-04 17:09 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-04 14:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-04 13:25 - 2009-07-13 22:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-07-04 13:25 - 2009-07-13 22:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-07-04 12:38 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\restore
2015-07-04 12:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-07-04 12:31 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-04 12:31 - 2009-07-13 20:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-04 12:30 - 2009-07-13 21:46 - 00002790 _____ C:\Windows\DtcInstall.log
2015-07-04 12:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-04 14:34

==================== End of log ============================

will check back as often as possible


Edited by kiston, 20 July 2015 - 01:06 PM.


#4 kiston

kiston
  • Topic Starter

  • Banned
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 22 July 2015 - 07:25 PM

hey just letting u know im still with u



#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:21 AM

Posted 24 July 2015 - 03:37 PM

Sorry for the delay. Let me look over your logs, and I'll be able to reply soon.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:21 AM

Posted 24 July 2015 - 03:42 PM

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them both into your reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:21 AM

Posted 28 July 2015 - 08:40 AM

It has been four days since my last post.

 

Do you still need help?  If you do, please follow my previous instructions to run FRST again.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:21 AM

Posted 03 August 2015 - 04:50 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users