Tech Support Forum banner
Cancel

Anti-Virus/Anti-Malware Programs Blocked Even in Safe Mode

Jump to Latest Follow
Status
Not open for further replies.
1 - 15 of 15 Posts
K

· Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
Good morning everyone,
Frequent visitor, first time poster of this forum. I want to thank anyone in advance for committing any amount of time to my problem. I'm hoping someone has some experience with this issue. Allow me to explain:

Yesterday, I woke-up my computer and opened up my browser (I use Google Chrome). As soon as I clicked to open the browser, I noticed a Windows Explorer Pop-up. I have attached a picture of what this box looks like, but to describe it for those who are not able to open the attachment: The windows header said "Mod Info" and the Content said "BC LOADED" the only available options for me to click were "OK" or the "Close" button at the top right. Without clicking anything the box then disappeared and Google Chrome opened as usual. This behavior was unexpected, I've never seen this before. Worrying I had some kind of Spyware or Malware, I decided to try running my AV program. I use Avast Free.

I went to look for the process in the hidden icons list on my taskbar, where it usually resides. I didn't see it there, which was concerning. I tried running the program from the start menu, but after clicking it, nothing opened. This was also a red flag that something must be wrong. So I decided to try and run Malwarebytes Anti-Malware. This program would also not open when prompted.

I decided to scan google for my symptoms to look for recommended fixes. Several tech support forums suggested to those who presented similar symptoms, that they were suffering from a malware/ransomware process. I have no ransomware symptoms (no prompts to pay, at least). I saw recommendations for running Malware disabling tools including: RKill.exe, RogueKiller.exe, and tdsskiller.exe. The programs advised I run them, kill the Malware process, then remove them with Malwarebytes. I tried all 3 of these programs, but none of them will run. Per advise of various websites as well as the program developers, I tried redownloading and renaming the programs to winlogon.exe and RKill.com and other suggested names. None of these renaming procedures allowed me to run the programs.

I tried booting in Safe Mode with Networking. The programs would still not run. I tried restating, renaming the programs, and AGAIN running in Safe Mode with Neworking. Same issue. I even tried running the RogueKillerCMD.exe version in Safe Mode with Command Prompt. The program was still blocked.

I reached out to a techy friend who advised I reinstall windows. Fortunately my computer had a free Upgrade to Windows 10 offer still available. I downloaded the update and it prompted me to restart my computer to finish the installation. I did so and saw the Windows Updating screen with a Percentage tracker. At approximately 18% completion, I received a blue screen of death. I have attached a picture to this post of what the screen said (in case it's relevant).

At this point, my techy friend has advised I purchase a new SSD, install windows on that, and commit my present HDD to a storage drive. I'm not opposed to doing this if it is the only option I have, but I came here first to see if anyone has any fix recommendations that don't involve me spending money.

As I came to this website, I read the NEW INSTRUCTIONS page and followed the guide prior to posting. The post says to run dds.scr and attach the attach.txt and paste the results of the dds.txt file.

When I run the program, a window pops up that says "DDS is running in silent mode". Shortly after, this window disappears and is replaced with "two logs shall be created on your Desktop". Approx 15 seconds later, those boxes disappear and a new Notepad file opens, called "attach.txt". However, when I look at the desktop, there is NO dds.txt file. The program has only created one new file, despite the instructions page AND the program itself telling me it should create two. My only assumption is that my malware is ALSO blocking the effects of this program as well.

I'm at the end of my rope here. It feels like every time I find some advice, it involves running a program that is being blocked. I'm not sure what else I can do at this point. If anyone has any recommendations, I would very much appreciate the help.

Thank you for your time.
 

Attachments

chemist

· Premium Member
Joined
·
29,813 Posts
#2 ·
Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following into the Run box and click OK:

%temp%\dds.txt

A text file should open. Please copy/paste the contents of that file in your next reply.

------------------------------------------------------
 
Save Share
K

· Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Hello Chemist, thank you for your reply!

I ran the string just as you requested. An error message popped up saying:

"Windows cannot find 'C:\\Users\GEORGE\AppData\Local\Temp\dds.txt'. Make sure you typed the name correctly, then try again."

I copied the text directly from your post, so I'm sure I made no typos. I attempted to run the dds.scr one more time and reattempted the command. It returned the same error message. I've attached the file below.
 

Attachments

chemist

· Premium Member
Joined
·
29,813 Posts
#4 · (Edited)
Hello KatoRyx. If you are running a 32-bit machine, stop and let me know.

Print out these instructions to use while in the Recovery Environment or read off another computer:

You will need a USB drive for these instructions.

Please download Farbar Recovery Scan Tool and save it to your USB drive.

Plug the USB drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you see the System Recovery Options menu:
  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • Notepad opens. Under File menu select Open.
  • Select "Computer" and find your USB drive letter and close Notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your USB drive.
  • The tool will start to run.
  • When the tool opens click 'Yes' to the disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the USB drive.
  • Exit FRST64
  • Type exit then press Enter. Restart your computer.
  • Please copy and paste FRST.txt in your next reply.
------------------------------------------------------
 
Save Share
K

· Registered
Joined
·
7 Posts
Discussion Starter · #5 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by SYSTEM on MININT-QHT4K0H (07-11-2015 08:30:16)
Running from f:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [Z7cq8cRYA848] => regsvr32.exe /s "C:\PROGRA~3\Z7cq8cRYA848.dll"
HKLM\...\Run: [igfxCUIService] => C:\ProgramData\igfxCUIService.exe [4096 2015-11-03] ()
HKLM\...\Run: [netsh_32] => C:\ProgramData\netsh_32.exe [4096 2015-11-06] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-21] (AVAST Software)
HKLM-x32\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5632 2015-11-03] ()
HKU\GEORGE\...\Run: [AdobeBridge] => [X]
HKU\GEORGE\...\Run: [Aunidt] => regsvr32.exe "C:\ProgramData\VomvElta\Ziptac.dll"
HKU\GEORGE\...\Run: [BackUp3224863615] => C:\Users\GEORGE\AppData\Roaming\BackUp3224863615.exe [577536 2009-07-13] ()
HKU\GEORGE\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5632 2015-11-03] ()
HKU\GEORGE\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-21] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC)
S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-08] (BitRaider, LLC)
S4 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S4 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S4 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-10-11] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-10-11] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-02-12] (Ralink Technology Corp.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-21] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-21] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-21] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-21] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-21] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-21] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-12] (BitRaider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-08-16] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [73216 2010-04-21] (Razer USA Ltd)
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 BS3224863615; \??\C:\Users\GEORGE\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 08:30 - 2015-11-07 08:30 - 00000000 ____D C:\FRST
2015-11-07 08:24 - 2015-11-07 08:24 - 02198528 _____ (Farbar) C:\Users\GEORGE\Desktop\FRST64.exe
2015-11-07 08:23 - 2015-11-07 08:23 - 00002994 _____ C:\Windows\System32\DB3224863615
2015-11-06 12:00 - 2015-11-06 12:00 - 00098304 _____ C:\ProgramData\369FBC0E.EX
2015-11-06 12:00 - 2015-11-06 12:00 - 00004096 _____ C:\ProgramData\netsh_32.exe
2015-11-06 12:00 - 2015-11-06 12:00 - 00004096 _____ C:\ProgramData\auditpol_32.dll
2015-11-06 11:59 - 2015-11-06 11:59 - 00090112 _____ C:\ProgramData\7B571D05.EX
2015-11-05 07:58 - 2015-11-05 07:58 - 390924736 _____ C:\Windows\MEMORY.DMP
2015-11-04 10:55 - 2015-11-04 11:00 - 84339967 _____ C:\Users\GEORGE\Desktop\GBA Draft.zip
2015-11-04 10:06 - 2015-11-06 12:10 - 00001156 _____ C:\Users\GEORGE\Desktop\attach.txt
2015-11-04 10:04 - 2015-11-04 10:04 - 00688992 ____R (Swearware) C:\Users\GEORGE\Desktop\dds.scr
2015-11-04 09:45 - 2015-11-04 09:45 - 00272832 _____ C:\Windows\Minidump\110415-17206-01.dmp
2015-11-03 17:26 - 2015-11-03 17:26 - 00272832 _____ C:\Windows\Minidump\110315-18470-01.dmp
2015-11-03 17:12 - 2015-11-04 09:34 - 00003130 _____ C:\Windows\comsetup.log
2015-11-03 17:10 - 2015-11-04 09:28 - 00005655 _____ C:\Windows\diagerr.xml
2015-11-03 17:10 - 2015-11-04 09:28 - 00003813 _____ C:\Windows\diagwrn.xml
2015-11-03 15:34 - 2015-11-03 15:34 - 00005632 _____ C:\ProgramData\taskhost.exe
2015-11-03 14:09 - 2015-11-03 14:09 - 07492168 _____ C:\Users\GEORGE\Desktop\RogueKillerCMDX64.exe
2015-11-03 13:56 - 2015-11-03 13:56 - 00269768 _____ C:\Windows\Minidump\110315-26473-01.dmp
2015-11-03 10:52 - 2015-11-03 10:53 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\GEORGE\Desktop\tdsskiller.exe
2015-11-03 10:47 - 2015-11-03 10:47 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\GEORGE\Desktop\winlogon.exe
2015-11-03 10:41 - 2015-11-03 10:42 - 22933064 _____ C:\Users\GEORGE\Desktop\roguekiller.com
2015-11-03 08:56 - 2015-11-03 08:56 - 00004096 _____ C:\ProgramData\igfxCUIService.exe
2015-11-03 08:55 - 2015-11-03 08:55 - 00004096 _____ C:\ProgramData\igfxCUIService.dll
2015-11-02 21:05 - 2015-11-02 21:05 - 00004096 _____ C:\ProgramData\Z7cq8cRYA848.dll
2015-11-02 21:04 - 2015-11-02 21:04 - 00004096 _____ C:\ProgramData\LkwVFHUhA848.dll
2015-11-01 19:02 - 2015-11-01 19:02 - 00450560 _____ (Microsoft Corporation) C:\Users\GEORGE\AppData\Roaming\ofwnifc.exe
2015-11-01 18:57 - 2015-11-01 18:57 - 00450560 _____ (Microsoft Corporation) C:\Users\GEORGE\AppData\Roaming\orcvmdu.exe
2015-11-01 18:53 - 2015-11-03 14:22 - 03550700 _____ C:\Windows\System32\CFG3224863615
2015-11-01 18:47 - 2015-11-01 18:47 - 00450560 _____ (Microsoft Corporation) C:\Users\GEORGE\AppData\Roaming\tahehgtq.exe
2015-11-01 18:36 - 2015-11-01 18:36 - 00450560 _____ (Microsoft Corporation) C:\Users\GEORGE\AppData\Roaming\tchqrwda.exe
2015-11-01 18:29 - 2015-11-01 19:00 - 00000000 ____D C:\ProgramData\VomvElta
2015-11-01 18:29 - 2015-11-01 18:29 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-10-21 22:04 - 2015-10-21 22:04 - 00378880 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2015-10-21 22:04 - 2015-10-21 22:04 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-14 16:05 - 2015-09-25 10:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-10-14 16:05 - 2015-09-25 10:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-10-14 16:05 - 2015-09-25 10:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-10-14 16:05 - 2015-09-25 10:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-10-14 16:05 - 2015-09-25 10:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-10-14 16:05 - 2015-09-25 09:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 16:05 - 2015-09-25 09:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 16:05 - 2015-09-25 09:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 16:05 - 2015-09-25 09:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 16:05 - 2015-09-25 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 16:05 - 2015-09-18 11:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-10-14 16:05 - 2015-09-18 10:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 16:05 - 2015-09-15 20:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-10-14 16:05 - 2015-09-15 20:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-10-14 16:05 - 2015-09-15 20:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-10-14 16:05 - 2015-09-15 20:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-10-14 16:05 - 2015-09-15 20:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-10-14 16:05 - 2015-09-15 20:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-10-14 16:05 - 2015-09-15 20:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-10-14 16:05 - 2015-09-15 20:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-10-14 16:05 - 2015-09-15 20:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-10-14 16:05 - 2015-09-15 20:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-10-14 16:05 - 2015-09-15 20:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-10-14 16:05 - 2015-09-15 20:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-10-14 16:05 - 2015-09-15 20:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-10-14 16:05 - 2015-09-15 20:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-10-14 16:05 - 2015-09-15 20:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-10-14 16:05 - 2015-09-15 20:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-10-14 16:05 - 2015-09-15 20:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-10-14 16:05 - 2015-09-15 20:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-10-14 16:05 - 2015-09-15 19:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 16:05 - 2015-09-15 19:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-10-14 16:05 - 2015-09-15 19:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-10-14 16:05 - 2015-09-15 19:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-10-14 16:05 - 2015-09-15 19:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 16:05 - 2015-09-15 19:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-10-14 16:05 - 2015-09-15 19:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-10-14 16:05 - 2015-09-15 19:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-10-14 16:05 - 2015-09-15 19:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 16:05 - 2015-09-15 19:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 16:05 - 2015-09-15 19:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 16:05 - 2015-09-15 19:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 16:05 - 2015-09-15 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-10-14 16:05 - 2015-09-15 19:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 16:05 - 2015-09-15 19:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-10-14 16:05 - 2015-09-15 19:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-10-14 16:05 - 2015-09-15 19:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 16:05 - 2015-09-15 19:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-10-14 16:05 - 2015-09-15 19:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-10-14 16:05 - 2015-09-15 19:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 16:05 - 2015-09-15 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 16:05 - 2015-09-15 19:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 16:05 - 2015-09-15 19:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 16:05 - 2015-09-15 19:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-10-14 16:05 - 2015-09-15 19:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 16:05 - 2015-09-15 19:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 16:05 - 2015-09-15 19:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 16:05 - 2015-09-15 19:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-10-14 16:05 - 2015-09-15 19:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 16:05 - 2015-09-15 19:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 16:05 - 2015-09-15 19:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 16:05 - 2015-09-15 19:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 16:05 - 2015-09-15 19:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 16:05 - 2015-09-15 19:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 16:05 - 2015-09-15 18:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-10-14 16:05 - 2015-09-15 18:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 16:05 - 2015-09-15 18:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 16:05 - 2015-09-15 18:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 16:05 - 2015-09-15 18:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 16:05 - 2015-09-15 18:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 16:05 - 2015-09-15 18:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-10-14 16:05 - 2015-09-15 18:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 16:05 - 2015-09-15 18:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 16:05 - 2015-09-15 18:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 16:05 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-10-14 16:05 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2015-10-14 16:05 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 16:05 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 16:04 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-10-14 16:04 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-10-14 16:04 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-10-14 16:04 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-10-14 16:04 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-10-14 16:04 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-10-14 16:04 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-10-14 16:04 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 16:04 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-10-14 16:04 - 2015-09-28 19:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-10-14 16:04 - 2015-09-28 19:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-10-14 16:04 - 2015-09-28 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-10-14 16:04 - 2015-09-28 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-10-14 16:04 - 2015-09-28 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-10-14 16:04 - 2015-09-28 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-10-14 16:04 - 2015-09-28 19:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 16:04 - 2015-09-28 19:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 16:04 - 2015-09-28 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-10-14 16:04 - 2015-09-28 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-10-14 16:04 - 2015-09-28 19:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 16:04 - 2015-09-28 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 16:04 - 2015-09-28 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 16:04 - 2015-09-28 18:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 16:04 - 2015-09-28 18:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 16:04 - 2015-09-28 18:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 16:04 - 2015-09-28 18:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 16:04 - 2015-09-28 18:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 16:04 - 2015-09-28 18:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 16:04 - 2015-09-28 18:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 16:04 - 2015-09-28 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 17:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-10-14 16:04 - 2015-09-28 17:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-10-14 16:04 - 2015-09-28 17:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-10-14 16:04 - 2015-09-28 17:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 16:04 - 2015-09-28 17:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 16:04 - 2015-09-28 17:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 17:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 17:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 16:04 - 2015-09-18 11:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-10-14 16:04 - 2015-09-18 11:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-10-14 16:04 - 2015-09-18 11:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-10-14 16:04 - 2015-09-18 11:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-10-14 16:04 - 2015-09-18 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-10-14 16:04 - 2015-09-18 11:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-10-14 16:04 - 2015-09-18 11:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-10-14 16:04 - 2015-09-15 10:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-10-14 16:04 - 2015-09-15 10:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-10-14 16:04 - 2015-09-15 10:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-10-14 16:04 - 2015-09-15 10:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-10-14 16:04 - 2015-09-15 09:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 16:04 - 2015-09-15 09:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 16:04 - 2015-09-15 09:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 16:04 - 2015-09-15 09:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 08:25 - 2010-01-12 08:20 - 01520501 _____ C:\Windows\WindowsUpdate.log
2015-11-07 07:47 - 2013-01-10 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-07 07:44 - 2014-04-21 16:44 - 00000496 _____ C:\Windows\Tasks\DGChrome32309 Watcher.job
2015-11-07 04:32 - 2009-07-13 20:45 - 00023568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 04:32 - 2009-07-13 20:45 - 00023568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-06 12:13 - 2015-09-09 16:51 - 00898048 ___SH C:\Users\GEORGE\Desktop\Thumbs.db
2015-11-06 12:04 - 2009-07-13 21:13 - 00786662 _____ C:\Windows\System32\PerfStringBackup.INI
2015-11-06 11:57 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-06 11:57 - 2009-07-13 20:51 - 01203968 _____ C:\Windows\setupact.log
2015-11-05 16:01 - 2010-01-16 10:37 - 00451392 _____ C:\Windows\PFRO.log
2015-11-05 15:58 - 2010-01-16 10:15 - 00000000 ____D C:\Users\GEORGE\AppData\Roaming\Skype
2015-11-05 14:27 - 2014-07-25 12:05 - 00000132 _____ C:\Users\GEORGE\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-11-05 11:22 - 2013-10-27 07:58 - 00000000 ____D C:\Users\GEORGE\AppData\Local\Battle.net
2015-11-05 10:19 - 2013-10-27 07:58 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-05 09:12 - 2010-01-15 21:31 - 00000000 ____D C:\Users\GEORGE\AppData\Local\Google
2015-11-05 08:56 - 2010-01-17 20:37 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-05 08:48 - 2010-09-08 09:33 - 00098634 _____ C:\Windows\DPINST.LOG
2015-11-05 08:48 - 2010-09-08 09:33 - 00000000 ____D C:\Program Files (x86)\Razer
2015-11-05 08:40 - 2013-10-06 08:40 - 00000000 ____D C:\Program Files (x86)\Decal Plugins
2015-11-05 08:33 - 2010-01-15 21:49 - 00000000 ____D C:\Users\GEORGE\AppData\Roaming\Mozilla
2015-11-04 23:17 - 2015-09-12 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-04 23:17 - 2012-05-15 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 23:17 - 2010-01-15 21:37 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-04 12:47 - 2012-10-31 13:06 - 00000000 ____D C:\Users\GEORGE\Desktop\Video Projects
2015-11-04 11:03 - 2015-01-20 10:51 - 00000000 ____D C:\Users\GEORGE\Desktop\GBA
2015-11-04 09:45 - 2011-10-24 11:24 - 00000000 ____D C:\Windows\Minidump
2015-11-04 09:39 - 2015-09-09 22:58 - 00000000 ___HD C:\$Windows.~BT
2015-11-04 09:39 - 2009-08-07 10:33 - 00000000 ____D C:\Windows\Panther
2015-11-04 09:37 - 2009-07-13 20:46 - 00004304 _____ C:\Windows\DtcInstall.log
2015-11-04 09:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2015-11-04 09:28 - 2010-01-16 10:33 - 00016340 _____ C:\Windows\System32\lvcoinst.log
2015-11-04 09:28 - 2009-07-13 20:51 - 00000987 _____ C:\Windows\setuperr.log
2015-11-03 10:31 - 2013-11-03 09:22 - 00007603 _____ C:\Users\GEORGE\AppData\Local\Resmon.ResmonCfg
2015-11-03 09:45 - 2015-10-07 21:20 - 00000000 ____D C:\Users\GEORGE\AppData\LocalLow\uTorrent
2015-10-31 10:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-10-31 08:01 - 2015-02-25 16:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-30 12:47 - 2015-02-27 19:37 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-10-30 09:59 - 2012-07-01 19:16 - 00000000 ____D C:\Users\GEORGE\AppData\Roaming\LolClient
2015-10-30 08:49 - 2015-06-28 15:34 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 08:30 - 2014-12-24 18:04 - 00000000 ____D C:\Windows\System32\appraiser
2015-10-30 08:30 - 2014-05-07 01:38 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-10-29 22:01 - 2013-08-14 22:47 - 00000000 ____D C:\Windows\System32\MRT
2015-10-29 21:51 - 2010-01-16 09:51 - 143481208 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-10-29 21:45 - 2012-09-12 18:42 - 00778784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-27 10:03 - 2014-01-29 23:52 - 00000000 ____D C:\Users\GEORGE\AppData\Local\Pokemon Showdown
2015-10-25 13:47 - 2010-01-16 10:15 - 00000000 ____D C:\ProgramData\Skype
2015-10-22 10:28 - 2013-10-27 07:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-10-22 08:38 - 2013-11-16 10:45 - 00000000 ____D C:\Users\GEORGE\Desktop\Job Hunting
2015-10-21 22:04 - 2015-02-25 16:54 - 01049880 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00448968 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00274808 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00153744 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00093528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00090968 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00065224 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00028656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2015-10-11 10:32 - 2015-04-04 21:03 - 00000000 ___SD C:\Windows\System32\GWX

Files to move or delete:
====================
C:\ProgramData\auditpol_32.dll
C:\ProgramData\igfxCUIService.dll
C:\ProgramData\igfxCUIService.exe
C:\ProgramData\LkwVFHUhA848.dll
C:\ProgramData\netsh_32.exe
C:\ProgramData\taskhost.exe
C:\ProgramData\Z7cq8cRYA848.dll


Some files in TEMP:
====================
C:\Users\GEORGE\AppData\Local\Temp\rootsupd.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-11-05 08:36
Restore point date: 2015-11-05 08:38
Restore point date: 2015-11-05 08:39
Restore point date: 2015-11-05 08:40
Restore point date: 2015-11-05 08:47
Restore point date: 2015-11-06 11:59

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 6135.11 MB
Available physical RAM: 5337.56 MB
Total Virtual: 6133.26 MB
Available Virtual: 5332.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:77.12 GB) NTFS
Drive e: (NYCB2) (CDROM) (Total:5.57 GB) (Free:0 GB) UDF
Drive f: (WINDOWS7) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6CFAAC08)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2015-10-31 10:46

==================== End of FRST.txt ============================
 
chemist

· Premium Member
Joined
·
29,813 Posts
#6 · (Edited)
Hello again, KatoRyx.

Please download the attached fixlist.txt and save it to the USB drive where the FRST tool is located.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system.

Now please enter System Recovery Options > Command Prompt as you did previously.

Run FRST64.exe as before, and press the Fix button just once and wait.

The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

------------------------------------------------------
 
Save Share
K

· Registered
Joined
·
7 Posts
Discussion Starter · #7 ·
Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by SYSTEM (2015-11-07 16:39:30) Run:1
Running from f:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM\...\Run: [Z7cq8cRYA848] => regsvr32.exe /s "C:\PROGRA~3\Z7cq8cRYA848.dll"
HKLM\...\Run: [igfxCUIService] => C:\ProgramData\igfxCUIService.exe [4096 2015-11-03] ()
HKLM\...\Run: [netsh_32] => C:\ProgramData\netsh_32.exe [4096 2015-11-06] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5632 2015-11-03] ()
HKU\GEORGE\...\Run: [AdobeBridge] => [X]
HKU\GEORGE\...\Run: [Aunidt] => regsvr32.exe "C:\ProgramData\VomvElta\Ziptac.dll"
HKU\GEORGE\...\Run: [BackUp3224863615] => C:\Users\GEORGE\AppData\Roaming\BackUp3224863615.exe [577536 2009-07-13] ()
HKU\GEORGE\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5632 2015-11-03] ()
S3 BS3224863615; \??\C:\Users\GEORGE\AppData\Local\Temp\NTFS.sys [X]
2015-11-07 08:23 - 2015-11-07 08:23 - 00002994 _____ C:\Windows\System32\DB3224863615
2015-11-06 12:00 - 2015-11-06 12:00 - 00098304 _____ C:\ProgramData\369FBC0E.EX
2015-11-06 12:00 - 2015-11-06 12:00 - 00004096 _____ C:\ProgramData\netsh_32.exe
2015-11-06 12:00 - 2015-11-06 12:00 - 00004096 _____ C:\ProgramData\auditpol_32.dll
2015-11-06 11:59 - 2015-11-06 11:59 - 00090112 _____ C:\ProgramData\7B571D05.EX
2015-11-03 15:34 - 2015-11-03 15:34 - 00005632 _____ C:\ProgramData\taskhost.exe
2015-11-03 08:56 - 2015-11-03 08:56 - 00004096 _____ C:\ProgramData\igfxCUIService.exe
2015-11-03 08:55 - 2015-11-03 08:55 - 00004096 _____ C:\ProgramData\igfxCUIService.dll
2015-11-02 21:05 - 2015-11-02 21:05 - 00004096 _____ C:\ProgramData\Z7cq8cRYA848.dll
2015-11-02 21:04 - 2015-11-02 21:04 - 00004096 _____ C:\ProgramData\LkwVFHUhA848.dll
2015-11-01 19:02 - 2015-11-01 19:02 - 00450560 _____ (Microsoft Corporation) C:\Users\GEORGE\AppData\Roaming\ofwnifc.exe
2015-11-01 18:57 - 2015-11-01 18:57 - 00450560 _____ (Microsoft Corporation) C:\Users\GEORGE\AppData\Roaming\orcvmdu.exe
2015-11-01 18:53 - 2015-11-03 14:22 - 03550700 _____ C:\Windows\System32\CFG3224863615
2015-11-01 18:47 - 2015-11-01 18:47 - 00450560 _____ (Microsoft Corporation) C:\Users\GEORGE\AppData\Roaming\tahehgtq.exe
2015-11-01 18:36 - 2015-11-01 18:36 - 00450560 _____ (Microsoft Corporation) C:\Users\GEORGE\AppData\Roaming\tchqrwda.exe
2015-11-01 18:29 - 2015-11-01 19:00 - 00000000 ____D C:\ProgramData\VomvElta
2015-11-01 18:29 - 2015-11-01 18:29 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-03 09:45 - 2015-10-07 21:20 - 00000000 ____D C:\Users\GEORGE\AppData\LocalLow\uTorrent

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Z7cq8cRYA848 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\igfxCUIService => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\netsh_32 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Chrome => value removed successfully
HKU\GEORGE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\GEORGE\Software\Microsoft\Windows\CurrentVersion\Run\\Aunidt => value removed successfully
HKU\GEORGE\Software\Microsoft\Windows\CurrentVersion\Run\\BackUp3224863615 => value removed successfully
HKU\GEORGE\Software\Microsoft\Windows\CurrentVersion\Run\\Chrome => value removed successfully
BS3224863615 => service removed successfully
C:\Windows\System32\DB3224863615 => moved successfully
C:\ProgramData\369FBC0E.EX => moved successfully
C:\ProgramData\netsh_32.exe => moved successfully
C:\ProgramData\auditpol_32.dll => moved successfully
C:\ProgramData\7B571D05.EX => moved successfully
C:\ProgramData\taskhost.exe => moved successfully
C:\ProgramData\igfxCUIService.exe => moved successfully
C:\ProgramData\igfxCUIService.dll => moved successfully
C:\ProgramData\Z7cq8cRYA848.dll => moved successfully
C:\ProgramData\LkwVFHUhA848.dll => moved successfully
C:\Users\GEORGE\AppData\Roaming\ofwnifc.exe => moved successfully
C:\Users\GEORGE\AppData\Roaming\orcvmdu.exe => moved successfully
C:\Windows\System32\CFG3224863615 => moved successfully
C:\Users\GEORGE\AppData\Roaming\tahehgtq.exe => moved successfully
C:\Users\GEORGE\AppData\Roaming\tchqrwda.exe => moved successfully
C:\ProgramData\VomvElta => moved successfully
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => moved successfully
C:\Users\GEORGE\AppData\LocalLow\uTorrent => moved successfully

==== End of Fixlog 16:39:33 ====
 
chemist

· Premium Member
Joined
·
29,813 Posts
#8 ·
Hello again, KatoRyx.

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

You should have more control over your computer now. Reboot to Normal Mode.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
  • Double-click FRST64(on your desktop) to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Users\GEORGE\AppData\Roaming\BackUp3224863615.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
 
Save Share
K

· Registered
Joined
·
7 Posts
Discussion Starter · #9 ·
Sorry if adding in personal text to my replies makes finding the requested data more difficult for you, but I really did want to say I appreciate your assistance so much, and I didn't want that to go unnoticed.:smile:

Okay! Back to the requested pastes:

-----------------------------------------------------------------------
CONTENTS OF AdwCleaner[C1].txt
-----------------------------------------------------------------------

# AdwCleaner v5.018 - Logfile created 07/11/2015 at 18:22:34
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : GEORGE - GREENZO
# Running from : C:\Users\GEORGE\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Babylon
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Converter
[-] Folder Deleted : C:\Users\GEORGE\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\GEORGE\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\GEORGE\AppData\Roaming\YourFileDownloader
[-] Folder Deleted : C:\Users\GEORGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
[#] Folder Deleted : C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\searchplugins\conduit-search.xml
[-] File Deleted : C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Your File Updater
[-] Task Deleted : Your File Updater

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2720081
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
[-] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\YourFileDownloader
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sonic and All Stars Racing Transformed (c) SEGA_is1
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[!] Key Not Deleted : HKU\S-1-5-18\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

***** [ Web browsers ] *****

[-] [C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\prefs.js] [Preference] Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
[-] [C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14797");
[-] [C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5280 bytes] ##########




-----------------------------------------------------------------------
CONTENTS OF FRST.txt
-----------------------------------------------------------------------


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by GEORGE (administrator) on GREENZO (07-11-2015 18:27:40)
Running from C:\Users\GEORGE\Desktop
Loaded Profiles: GEORGE (Available Profiles: GEORGE)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-21] (AVAST Software)
HKU\S-1-5-21-3128507980-2764683126-650116941-1000\...\MountPoints2: {0d2a3751-84dd-11e0-bf5c-002618fc8ff4} - E:\autorun.exe
HKU\S-1-5-21-3128507980-2764683126-650116941-1000\...\MountPoints2: {4e92df02-257b-11e0-b09b-002618fc8ff4} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3128507980-2764683126-650116941-1000\...\MountPoints2: {d48bf4c4-6813-11e0-b52e-002618fc8ff4} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3128507980-2764683126-650116941-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-21] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1BC93134-4B14-4615-BA7F-1B991C714CFA}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C5813AC5-E794-438A-B63C-1DDA98A37FC6}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-3128507980-2764683126-650116941-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: igoogle.com
FF Keyword.URL: hxxps://www.google.com/webhp?hl=en&tab=ww
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-09-22] (Apple Inc.)
FF Extension: YouTube Unblocker - C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\Extensions\[email protected] [2015-10-20]
FF Extension: YouTube mp3 - C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\Extensions\[email protected] [2015-06-12]
FF Extension: DownloadShield - C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\Extensions\{3d819034-fd48-4ae8-a9f0-f7c1ba7f81da}.xpi [2015-11-03] [not signed]
FF Extension: Scrabulizer Importer - C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\Extensions\{ca96eaaa-e97d-4e54-b403-b7b5a8557fad}.xpi [2015-07-02]
FF Extension: Adblock Plus - C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-11]
FF Extension: pdf service light - C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\7sns3kpx.default\Extensions\{d43c398f-e3ee-4b48-98b5-b19d7590adff}.xpi [2015-09-06] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-21] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC)
S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-08] (BitRaider, LLC)
S4 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S4 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S4 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-10-11] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-10-11] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-02-12] (Ralink Technology Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-21] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-12] (BitRaider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-08-16] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [73216 2010-04-21] (Razer USA Ltd) [File not signed]
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 18:27 - 2015-11-07 18:28 - 00013077 _____ C:\Users\GEORGE\Desktop\FRST.txt
2015-11-07 18:26 - 2015-11-07 18:26 - 00005371 _____ C:\Users\GEORGE\Desktop\AdwCleaner[C1].txt
2015-11-07 18:25 - 2015-11-07 18:25 - 00272832 _____ C:\Windows\Minidump\110715-19406-01.dmp
2015-11-07 18:20 - 2015-11-07 18:22 - 00000000 ____D C:\AdwCleaner
2015-11-07 18:18 - 2015-11-07 18:18 - 01713664 _____ C:\Users\GEORGE\Desktop\AdwCleaner.exe
2015-11-07 16:44 - 2015-11-07 16:44 - 03550700 _____ C:\Windows\system32\CFG3224863615
2015-11-07 16:36 - 2015-11-07 16:36 - 00000126 _____ C:\Users\GEORGE\Desktop\link.txt
2015-11-07 16:35 - 2015-11-07 16:35 - 00002459 _____ C:\Users\GEORGE\Desktop\fixlist.txt
2015-11-07 08:30 - 2015-11-07 18:27 - 00000000 ____D C:\FRST
2015-11-07 08:24 - 2015-11-07 08:24 - 02198528 _____ (Farbar) C:\Users\GEORGE\Desktop\FRST64.exe
2015-11-05 07:58 - 2015-11-07 18:25 - 398948800 _____ C:\Windows\MEMORY.DMP
2015-11-04 10:55 - 2015-11-04 11:00 - 84339967 _____ C:\Users\GEORGE\Desktop\GBA Draft.zip
2015-11-04 10:06 - 2015-11-06 12:10 - 00001156 _____ C:\Users\GEORGE\Desktop\attach.txt
2015-11-04 10:04 - 2015-11-04 10:04 - 00688992 ____R (Swearware) C:\Users\GEORGE\Desktop\dds.scr
2015-11-04 09:45 - 2015-11-04 09:45 - 00272832 _____ C:\Windows\Minidump\110415-17206-01.dmp
2015-11-03 17:26 - 2015-11-03 17:26 - 00272832 _____ C:\Windows\Minidump\110315-18470-01.dmp
2015-11-03 17:12 - 2015-11-04 09:34 - 00003130 _____ C:\Windows\comsetup.log
2015-11-03 17:10 - 2015-11-04 09:28 - 00005655 _____ C:\Windows\diagerr.xml
2015-11-03 17:10 - 2015-11-04 09:28 - 00003813 _____ C:\Windows\diagwrn.xml
2015-11-03 14:09 - 2015-11-03 14:09 - 07492168 _____ C:\Users\GEORGE\Desktop\RogueKillerCMDX64.exe
2015-11-03 13:56 - 2015-11-03 13:56 - 00269768 _____ C:\Windows\Minidump\110315-26473-01.dmp
2015-11-03 10:52 - 2015-11-03 10:53 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\GEORGE\Desktop\tdsskiller.exe
2015-11-03 10:47 - 2015-11-03 10:47 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\GEORGE\Desktop\winlogon.exe
2015-11-03 10:41 - 2015-11-03 10:42 - 22933064 _____ C:\Users\GEORGE\Desktop\roguekiller.com
2015-10-21 22:04 - 2015-10-21 22:04 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-21 22:04 - 2015-10-21 22:04 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-14 16:05 - 2015-09-25 10:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 16:05 - 2015-09-25 10:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 16:05 - 2015-09-25 10:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 16:05 - 2015-09-25 10:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 16:05 - 2015-09-25 10:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 16:05 - 2015-09-25 10:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 16:05 - 2015-09-25 09:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 16:05 - 2015-09-25 09:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 16:05 - 2015-09-25 09:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 16:05 - 2015-09-25 09:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 16:05 - 2015-09-25 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 16:05 - 2015-09-18 11:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 16:05 - 2015-09-18 10:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 16:05 - 2015-09-15 20:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 16:05 - 2015-09-15 20:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 16:05 - 2015-09-15 20:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 16:05 - 2015-09-15 20:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 16:05 - 2015-09-15 20:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 16:05 - 2015-09-15 20:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 16:05 - 2015-09-15 20:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 16:05 - 2015-09-15 20:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 16:05 - 2015-09-15 20:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 16:05 - 2015-09-15 20:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 16:05 - 2015-09-15 20:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 16:05 - 2015-09-15 20:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 16:05 - 2015-09-15 20:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 16:05 - 2015-09-15 20:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 16:05 - 2015-09-15 20:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 16:05 - 2015-09-15 20:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 16:05 - 2015-09-15 20:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 16:05 - 2015-09-15 20:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 16:05 - 2015-09-15 19:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 16:05 - 2015-09-15 19:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 16:05 - 2015-09-15 19:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 16:05 - 2015-09-15 19:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 16:05 - 2015-09-15 19:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 16:05 - 2015-09-15 19:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 16:05 - 2015-09-15 19:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 16:05 - 2015-09-15 19:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 16:05 - 2015-09-15 19:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 16:05 - 2015-09-15 19:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 16:05 - 2015-09-15 19:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 16:05 - 2015-09-15 19:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 16:05 - 2015-09-15 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 16:05 - 2015-09-15 19:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 16:05 - 2015-09-15 19:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 16:05 - 2015-09-15 19:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 16:05 - 2015-09-15 19:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 16:05 - 2015-09-15 19:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 16:05 - 2015-09-15 19:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 16:05 - 2015-09-15 19:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 16:05 - 2015-09-15 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 16:05 - 2015-09-15 19:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 16:05 - 2015-09-15 19:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 16:05 - 2015-09-15 19:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 16:05 - 2015-09-15 19:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 16:05 - 2015-09-15 19:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 16:05 - 2015-09-15 19:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 16:05 - 2015-09-15 19:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 16:05 - 2015-09-15 19:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 16:05 - 2015-09-15 19:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 16:05 - 2015-09-15 19:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 16:05 - 2015-09-15 19:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 16:05 - 2015-09-15 19:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 16:05 - 2015-09-15 19:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 16:05 - 2015-09-15 18:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 16:05 - 2015-09-15 18:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 16:05 - 2015-09-15 18:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 16:05 - 2015-09-15 18:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 16:05 - 2015-09-15 18:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 16:05 - 2015-09-15 18:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 16:05 - 2015-09-15 18:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 16:05 - 2015-09-15 18:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 16:05 - 2015-09-15 18:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 16:05 - 2015-09-15 18:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 16:05 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 16:05 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 16:05 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 16:05 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 16:04 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 16:04 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 16:04 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 16:04 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 16:04 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 16:04 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 16:04 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 16:04 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 16:04 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 16:04 - 2015-09-28 19:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 16:04 - 2015-09-28 19:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 16:04 - 2015-09-28 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 16:04 - 2015-09-28 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 16:04 - 2015-09-28 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 16:04 - 2015-09-28 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 16:04 - 2015-09-28 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 16:04 - 2015-09-28 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 16:04 - 2015-09-28 19:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 16:04 - 2015-09-28 19:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 16:04 - 2015-09-28 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 16:04 - 2015-09-28 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 16:04 - 2015-09-28 19:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 16:04 - 2015-09-28 18:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 16:04 - 2015-09-28 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 16:04 - 2015-09-28 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 16:04 - 2015-09-28 18:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 16:04 - 2015-09-28 18:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 16:04 - 2015-09-28 18:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 16:04 - 2015-09-28 18:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 16:04 - 2015-09-28 18:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 16:04 - 2015-09-28 18:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 16:04 - 2015-09-28 18:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 16:04 - 2015-09-28 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 17:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 16:04 - 2015-09-28 17:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 16:04 - 2015-09-28 17:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 16:04 - 2015-09-28 17:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 16:04 - 2015-09-28 17:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 16:04 - 2015-09-28 17:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 17:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 17:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 16:04 - 2015-09-28 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 16:04 - 2015-09-18 11:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 16:04 - 2015-09-18 11:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 16:04 - 2015-09-18 11:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 16:04 - 2015-09-18 11:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 16:04 - 2015-09-18 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 16:04 - 2015-09-18 11:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 16:04 - 2015-09-18 11:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 16:04 - 2015-09-15 10:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 16:04 - 2015-09-15 10:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 16:04 - 2015-09-15 10:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 16:04 - 2015-09-15 10:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 16:04 - 2015-09-15 10:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 16:04 - 2015-09-15 09:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 16:04 - 2015-09-15 09:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 16:04 - 2015-09-15 09:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 16:04 - 2015-09-15 09:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 16:04 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 18:25 - 2014-04-21 16:44 - 00000496 _____ C:\Windows\Tasks\DGChrome32309 Watcher.job
2015-11-07 18:25 - 2011-10-24 11:24 - 00000000 ____D C:\Windows\Minidump
2015-11-07 18:25 - 2010-01-16 10:37 - 00451894 _____ C:\Windows\PFRO.log
2015-11-07 18:25 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 18:25 - 2009-07-13 20:51 - 01204192 _____ C:\Windows\setupact.log
2015-11-07 18:23 - 2010-01-12 08:20 - 01540348 _____ C:\Windows\WindowsUpdate.log
2015-11-07 18:22 - 2010-01-16 10:15 - 00000000 ____D C:\Users\GEORGE\AppData\Roaming\Skype
2015-11-07 17:47 - 2013-01-10 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-07 17:03 - 2015-09-09 16:51 - 00912896 ___SH C:\Users\GEORGE\Desktop\Thumbs.db
2015-11-07 16:53 - 2009-07-13 20:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 16:53 - 2009-07-13 20:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 16:48 - 2009-07-13 21:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-05 14:27 - 2014-07-25 12:05 - 00000132 _____ C:\Users\GEORGE\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-11-05 11:22 - 2013-10-27 07:58 - 00000000 ____D C:\Users\GEORGE\AppData\Local\Battle.net
2015-11-05 10:19 - 2013-10-27 07:58 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-05 09:12 - 2010-01-15 21:31 - 00000000 ____D C:\Users\GEORGE\AppData\Local\Google
2015-11-05 08:56 - 2010-01-17 20:37 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-05 08:48 - 2010-09-08 09:33 - 00098634 _____ C:\Windows\DPINST.LOG
2015-11-05 08:48 - 2010-09-08 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-11-05 08:48 - 2010-09-08 09:33 - 00000000 ____D C:\Program Files (x86)\Razer
2015-11-05 08:40 - 2013-10-06 08:40 - 00000000 ____D C:\Program Files (x86)\Decal Plugins
2015-11-05 08:33 - 2010-01-15 21:49 - 00000000 ____D C:\Users\GEORGE\AppData\Roaming\Mozilla
2015-11-04 23:17 - 2015-09-12 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-04 23:17 - 2012-05-15 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 23:17 - 2011-11-08 11:36 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-04 23:17 - 2010-01-15 21:37 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-04 12:47 - 2012-10-31 13:06 - 00000000 ____D C:\Users\GEORGE\Desktop\Video Projects
2015-11-04 11:03 - 2015-01-20 10:51 - 00000000 ____D C:\Users\GEORGE\Desktop\GBA
2015-11-04 09:39 - 2015-09-09 22:58 - 00000000 ___HD C:\$Windows.~BT
2015-11-04 09:39 - 2009-08-07 10:33 - 00000000 ____D C:\Windows\Panther
2015-11-04 09:37 - 2009-07-13 20:46 - 00004304 _____ C:\Windows\DtcInstall.log
2015-11-04 09:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2015-11-04 09:28 - 2010-01-16 10:33 - 00016340 _____ C:\Windows\system32\lvcoinst.log
2015-11-04 09:28 - 2009-07-13 20:51 - 00000987 _____ C:\Windows\setuperr.log
2015-11-03 10:31 - 2013-11-03 09:22 - 00007603 _____ C:\Users\GEORGE\AppData\Local\Resmon.ResmonCfg
2015-10-31 10:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-10-31 08:01 - 2015-02-25 16:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-30 12:47 - 2015-02-27 19:37 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-10-30 09:59 - 2012-07-01 19:16 - 00000000 ____D C:\Users\GEORGE\AppData\Roaming\LolClient
2015-10-30 08:49 - 2015-06-28 15:34 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 08:30 - 2014-12-24 18:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-30 08:30 - 2014-05-07 01:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-29 22:01 - 2013-08-14 22:47 - 00000000 ____D C:\Windows\system32\MRT
2015-10-29 21:51 - 2010-01-16 09:51 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-29 21:45 - 2012-09-12 18:42 - 00778784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-27 10:03 - 2014-01-29 23:52 - 00000000 ____D C:\Users\GEORGE\AppData\Local\Pokemon Showdown
2015-10-25 13:47 - 2010-01-16 10:15 - 00000000 ____D C:\ProgramData\Skype
2015-10-22 10:28 - 2013-10-27 07:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-10-22 08:38 - 2013-11-16 10:45 - 00000000 ____D C:\Users\GEORGE\Desktop\Job Hunting
2015-10-21 22:04 - 2015-02-25 16:54 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-21 22:04 - 2015-02-25 16:54 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-20 10:53 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-14 16:06 - 2013-01-04 10:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-11 10:32 - 2015-04-04 21:03 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2012-10-26 07:04 - 2012-10-24 19:04 - 0000044 ____H () C:\Program Files (x86)\6c04e2e1.tmp
2014-07-25 12:05 - 2015-11-05 14:27 - 0000132 _____ () C:\Users\GEORGE\AppData\Roaming\Adobe PNG Format CS6 Prefs
2009-07-13 15:19 - 2009-07-13 17:14 - 0577536 _____ () C:\Users\GEORGE\AppData\Roaming\BackUp3224863615.exe
2014-04-09 12:54 - 2014-04-09 12:54 - 0004608 _____ () C:\Users\GEORGE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-03 09:22 - 2015-11-03 10:31 - 0007603 _____ () C:\Users\GEORGE\AppData\Local\Resmon.ResmonCfg
2012-02-09 14:59 - 2012-02-09 14:59 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-11-08 14:42 - 2012-11-08 14:48 - 0000248 _____ () C:\ProgramData\dleaDiagnostics.log
2012-02-09 15:47 - 2013-11-22 19:25 - 0150510 _____ () C:\ProgramData\dleaJSW.log
2012-02-09 15:02 - 2014-03-20 18:36 - 0046760 _____ () C:\ProgramData\dleascan.log
2010-01-16 10:20 - 2010-01-16 10:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-02-09 15:37 - 2012-02-09 15:37 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-11-16 13:38 - 2013-11-16 13:38 - 0000464 _____ () C:\ProgramData\HirezPipeError.txt
2012-02-09 14:59 - 2012-02-09 14:59 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-03-13 19:01 - 2013-03-13 19:01 - 2693251 _____ () C:\ProgramData\SPLCEFD.tmp
2012-02-09 14:59 - 2012-02-09 14:59 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\GEORGE\AppData\Local\Temp\rootsupd.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 10:46

==================== End of FRST.txt ============================





-----------------------------------------------------------------------
LINK TO RESULTS OF VIRUS TOTAL
-----------------------------------------------------------------------
https://www.virustotal.com/en/file/...f80390260efe6b8270bf8a2e/analysis/1446950040/
 

Attachments

chemist

· Premium Member
Joined
·
29,813 Posts
#10 ·
Hello again, KatoRyx. You're very welcome! How is the machine behaving? Better control now?

Personal text is ok. We want you to give us information along the way. :smile:

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

You can also download recovery software if you don't have an installation DVD:

https://www.microsoft.com/en-us/software-download/windows7

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code: 
    start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3128507980-2764683126-650116941-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\GEORGE\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {CE1D3D64-12FE-4C59-A884-6CF5A6FDA2D8} - System32\Tasks\DGChrome32309 Watcher => C:\Program Files\V-bates\DGChrome.exe
Task: C:\Windows\Tasks\DGChrome32309 Watcher.job => C:\Program Files\V-bates\DGChrome.exeJ/
C:\Program Files\V-bates
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
FirewallRules: [{76B9433E-DCC2-4088-B76B-F6C61D5B87ED}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{A7EA2DE5-794B-4407-BCEE-70A08B6651AF}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{00DD8D62-7E9C-4B16-8BC3-4CC6326CB95B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{442D58CD-A020-4A11-8DFF-1EEACBE78DF0}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{D16D7CCE-1B56-4053-A1C3-15B163F4FA0C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{F1962F6B-21DC-48C9-83CF-EF01D84D6825}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E7F36542-2C53-4480-ABBF-381F0783E9F9}] => (Allow) C:\Users\GEORGE\Desktop\uTorrent.exe
FirewallRules: [{9DD6B67A-FE4B-4E7A-B7B2-766800ECB601}] => (Allow) C:\Users\GEORGE\Desktop\uTorrent.exe
FirewallRules: [{1864491F-A380-4CF0-817E-0A50E026CE41}] => (Allow) C:\Users\GEORGE\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6CC33F3-D59D-4373-A93B-1189CBE71060}] => (Allow) C:\Users\GEORGE\AppData\Roaming\uTorrent\uTorrent.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF Homepage: igoogle.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
2012-10-26 07:04 - 2012-10-24 19:04 - 0000044 ____H () C:\Program Files (x86)\6c04e2e1.tmp
C:\Program Files (x86)\Pando Networks
C:\Users\GEORGE\AppData\Roaming\BackUp3224863615.exe
C:\Program Files (x86)\AVG
C:\Users\GEORGE\AppData\Roaming\AVG 0913a Campaign
C:\Users\GEORGE\Desktop\uTorrent.exe
C:\Users\GEORGE\AppData\Roaming\uTorrent\uTorrent.exe
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0913a" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_TRAY" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI" /f
EmptyTemp:
end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
 
Save Share
K

· Registered
Joined
·
7 Posts
Discussion Starter · #11 ·
Hello Chemist,

I am posting this reply from my phone. After performing the steps outlined in this message prior to your most recent post, I put my computer in Hibernate mode for the night with thenintention of finishing up these fixes in the morning.

When I woke up this morning I was going to follow through with the repairs you outlined in your most recent post. But when I started up my computer, it appeared to be in the "Shut down" state, not "hibernating". It enabled the BIOS load screen, but shortly after the screen disappeared, the computer would restart itself and show the BIOS load screen again. I tried hitting F8 as soon as the screen was disappearing to try and enable advanced start-up options, but the screen would never show. The system would simply loop around and restart once again. The only response I'm able to get from the system is to press Del, Tab, or F8 at the BIOS screen, which doesn't seem to have any effect on booting up =(

Does this mean something went wrong and my OS wont load anymore? Is there a fix for this? I felt like we were getting close, and then all of a sudden my computer just doesn't want to start-up!
 
chemist

· Premium Member
Joined
·
29,813 Posts
#12 ·
Hello again, KatoRyx. Sorry you are having trouble. Not sure what happened, but the machine was OK when you put it to hibernate. Nothing we did with those tools would have caused that problem.

Have you tried hitting F8 immediately after the machine restarts and not waiting for the BIOS screen to appear?
 
Save Share
K

· Registered
Joined
·
7 Posts
Discussion Starter · #13 ·
Certainly right, the computer was running fine when I put it in Hibernate mode last night. Then this morning it simply wouldnt restart. Pressing F8 immediately on startup beings up a menu that asks which drive I would like to boot from. As I presently only have just the one HDD and a CD ROM, there's only one real option abailible to me. Pressing Del lets me into BIOS setup utility, though I'm not well versed in this menu and have no idea what I'm doing there.
 
chemist

· Premium Member
Joined
·
29,813 Posts
#15 ·
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
Save Share
1 - 15 of 15 Posts
Status
Not open for further replies.
About this Discussion
14 Replies
2 Participants
Last post:
chemist
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top