Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Laptop running Windows 8.1 gone haywire [Solved]


  • This topic is locked This topic is locked
6 replies to this topic

#1 bluesnapper

bluesnapper

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 20 November 2014 - 11:36 AM

Up until this time 24 hours ago my laptop (Windows 8.1 64 bit) was working as expected (the only thing that was downloaded at around this time were two Microsoft updates - KB3011780 and KB3000850).

 

But now I cannot restart the laptop, cannot always shut it down, icons (security ones) that where in the notification area have disappeared, cannot select items from the Control Panel amongst other things.

 

I have ran sfc /scannow and that came back with 'Windows Resource Protection did not find any integrity violations.'.

 

Any ideas?

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-20 17:02:53
-----------------------------
17:02:53.716    OS Version: Windows x64 6.2.9200 
17:02:53.716    Number of processors: 8 586 0x3C03
17:02:53.732    ComputerName: MSILAPTOP  UserName: David
17:02:54.263    Initialize success
17:02:54.279    VM: initialized successfully
17:02:54.279    VM: Intel CPU supported virtualizedSuspended 
17:03:02.623    VM: disk I/O iaStorA.sys
17:03:06.452    AVAST engine defs: 14112000
17:03:06.968    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000035
17:03:06.968    Disk 0 Vendor: WDC_WD7500BPVX-22JC3T0 01.01A01 Size: 715404MB BusType: 8
17:03:06.983    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000036
17:03:06.983    Disk 1 Vendor: TOSHIBA_THNSNJ128GMCU JUXA0102 Size: 122104MB BusType: 8
17:03:06.983    Disk 1 MBR read successfully
17:03:06.999    Disk 1 MBR scan
17:03:06.999    Disk 1 unknown MBR code
17:03:06.999    Disk 1 Partition 1 00     EE          GPT           2097151 MB offset 1
17:03:06.999    Disk 1 scanning C:\Windows\system32\drivers
17:03:09.390    Service scanning
17:03:14.859    Modules scanning
17:03:14.875    Disk 1 trace - called modules:
17:03:14.890    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
17:03:14.890    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffe00143a3d060]
17:03:14.906    3 CLASSPNP.SYS[fffff80198651170] -> nt!IofCallDriver -> [0xffffe001415f9040]
17:03:14.906    5 ACPI.sys[fffff8019844bc21] -> nt!IofCallDriver -> \Device\00000036[0xffffe00140256060]
17:03:15.093    AVAST engine scan C:\Windows
17:03:15.406    AVAST engine scan C:\Windows\system32
17:03:54.287    AVAST engine scan C:\Windows\system32\drivers
17:03:59.353    AVAST engine scan C:\Users\dawoo_000
17:04:32.872    AVAST engine scan C:\ProgramData
17:05:01.502    Disk 1 statistics 4554116/0/0 @ 41.29 MB/s
17:05:01.517    Scan finished successfully
17:05:30.036    Disk 1 MBR has been saved successfully to "C:\Users\dawoo_000\Desktop\MBR.dat"
17:05:30.036    The log file has been saved successfully to "C:\Users\dawoo_000\Desktop\aswMBR.txt"
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by David (administrator) on MSILAPTOP on 20-11-2014 21:58:52
Running from C:\Users\dawoo_000\Desktop
Loaded Profile: David (Available profiles: David & June)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TomTom) D:\TomTom HOME 2\TomTomHOMEService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TomTom) D:\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Farbar) C:\Users\dawoo_000\Desktop\FRST64 (2).exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-03-22] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2014-03-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2299944719-1116197498-1775130764-1001\...\Run: [TomTomHOME.exe] => D:\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-2299944719-1116197498-1775130764-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2299944719-1116197498-1775130764-1001\...\MountPoints2: {53c725ea-0ff5-11e4-828d-448a5b44298a} - "G:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dawoo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dawoo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dawoo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dawoo_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dawoo_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dawoo_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dawoo_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2299944719-1116197498-1775130764-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2299944719-1116197498-1775130764-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {97C026E7-6712-4E5B-BFBB-29626608F807} URL = http://www.bing.com/...10TR&pc=MAMIJS;
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {97C026E7-6712-4E5B-BFBB-29626608F807} URL = http://www.bing.com/...10TR&pc=MAMIJS;
SearchScopes: HKLM-x32 -> DefaultScope {97C026E7-6712-4E5B-BFBB-29626608F807} URL = http://www.bing.com/...10TR&pc=MAMIJS;
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {97C026E7-6712-4E5B-BFBB-29626608F807} URL = http://www.bing.com/...10TR&pc=MAMIJS;
SearchScopes: HKU\S-1-5-21-2299944719-1116197498-1775130764-1001 -> DefaultScope {97C026E7-6712-4E5B-BFBB-29626608F807} URL = 
SearchScopes: HKU\S-1-5-21-2299944719-1116197498-1775130764-1001 -> {97C026E7-6712-4E5B-BFBB-29626608F807} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.grandoldteam.com/forum/forums/everton-forum.2/", "hxxp://derbosoft.proboards.com/", "hxxp://www.pprune.org/airlines-airports-routes-85/", "hxxp://www.skyscrapercity.com/forumdisplay.php?f=380", "hxxp://www.liverpoolconfidential.co.uk/", "hxxp://www.sevenstreets.com/", "hxxp://www.flightradar24.com/53.23,-2.63/8", "hxxp://www.routesonline.com/news/29/breaking-news/", "hxxp://www.ch-aviation.com/portal/news", "hxxp://www.airport-business.com/", "hxxp://www.tripadvisor.co.uk/Restaurant_Review-g186337-d6847024-Reviews-Rookwood_Bar_Cue-Liverpool_Merseyside_England.html", "hxxp://forums.whatthetech.com/index.php?showtopic=129002"
CHR Profile: C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08]
CHR Extension: (Google Drive) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-26]
CHR Extension: (YouTube) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08]
CHR Extension: (Adblock Plus) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-08]
CHR Extension: (Google Search) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08]
CHR Extension: (Stylist) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabfempgigicdjjlccdgnbmeggkbjdhd [2014-09-11]
CHR Extension: (Gmail) - C:\Users\dawoo_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2014-03-22] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130008 2014-03-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TomTomHOMEService; D:\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-03-22] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2014-03-22] (Realsil Semiconductor Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450968 2014-05-30] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-20 21:58 - 2014-11-20 21:58 - 00022562 _____ () C:\Users\dawoo_000\Desktop\FRST.txt
2014-11-20 21:58 - 2014-11-20 21:58 - 00000000 ____D () C:\FRST
2014-11-20 21:57 - 2014-11-20 21:57 - 00417998 _____ () C:\Windows\PFRO.log
2014-11-20 21:49 - 2014-11-20 21:50 - 05040384 _____ (AVAST Software) C:\Users\dawoo_000\Desktop\avastclear.exe
2014-11-20 21:28 - 2014-11-20 21:28 - 00098859 _____ () C:\Users\dawoo_000\Downloads\Win81KB2919355TS.diagcab
2014-11-20 20:34 - 2014-11-20 20:33 - 02117632 _____ (Farbar) C:\Users\dawoo_000\Desktop\FRST64 (2).exe
2014-11-20 20:33 - 2014-11-20 20:33 - 02117632 _____ (Farbar) C:\Users\dawoo_000\Downloads\FRST64 (2).exe
2014-11-20 20:26 - 2014-11-20 20:26 - 00000197 _____ () C:\Windows\system32\2014-11-20-20-26-15.005-AvastVBoxSVC.exe-5396.log
2014-11-20 19:25 - 2014-11-20 19:25 - 00000197 _____ () C:\Windows\system32\2014-11-20-19-25-18.067-AvastVBoxSVC.exe-5636.log
2014-11-20 18:30 - 2014-11-20 18:30 - 00000197 _____ () C:\Windows\system32\2014-11-20-18-30-53.031-AvastVBoxSVC.exe-5848.log
2014-11-20 17:24 - 2014-11-20 17:25 - 02117120 _____ (Farbar) C:\Users\dawoo_000\Downloads\FRST64 (1).exe
2014-11-20 17:14 - 2014-11-20 17:14 - 02117120 _____ (Farbar) C:\Users\dawoo_000\Downloads\FRST64.exe
2014-11-20 17:05 - 2014-11-20 17:05 - 00002168 _____ () C:\Users\dawoo_000\Desktop\aswMBR.txt
2014-11-20 17:05 - 2014-11-20 17:05 - 00000512 _____ () C:\Users\dawoo_000\Desktop\MBR.dat
2014-11-20 16:56 - 2014-11-20 16:56 - 05198336 _____ (AVAST Software) C:\Users\dawoo_000\Desktop\aswMBR.exe
2014-11-20 16:23 - 2014-11-20 16:23 - 00000197 _____ () C:\Windows\system32\2014-11-20-16-23-58.071-AvastVBoxSVC.exe-3104.log
2014-11-19 23:35 - 2014-11-19 23:35 - 00990720 _____ () C:\Users\dawoo_000\Downloads\MicrosoftFixit50193.msi
2014-11-19 23:17 - 2014-11-19 23:17 - 00000197 _____ () C:\Windows\system32\2014-11-19-23-17-34.011-AvastVBoxSVC.exe-7324.log
2014-11-19 23:07 - 2014-11-19 23:08 - 00000865 _____ () C:\Users\dawoo_000\Downloads\Stinger_19112014_230724.html
2014-11-19 23:06 - 2014-11-19 23:12 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-11-19 23:06 - 2014-11-19 23:06 - 00000872 _____ () C:\Users\dawoo_000\Downloads\Stinger_19112014_230624.html
2014-11-19 23:04 - 2014-11-19 23:05 - 11089264 _____ (McAfee Inc) C:\Users\dawoo_000\Downloads\stinger32.exe
2014-11-19 22:51 - 2014-11-19 22:51 - 00000197 _____ () C:\Windows\system32\2014-11-19-22-51-33.067-AvastVBoxSVC.exe-5876.log
2014-11-19 22:45 - 2014-11-19 22:45 - 00000197 _____ () C:\Windows\system32\2014-11-19-22-45-16.018-AvastVBoxSVC.exe-5996.log
2014-11-19 22:34 - 2014-11-19 22:34 - 00000197 _____ () C:\Windows\system32\2014-11-19-22-34-12.098-AvastVBoxSVC.exe-5756.log
2014-11-19 22:20 - 2014-11-20 21:51 - 00186629 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 22:20 - 2014-11-19 22:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-19 22:20 - 2014-11-19 22:20 - 00000000 _____ () C:\Windows\setupact.log
2014-11-19 21:58 - 2014-11-19 21:58 - 01706939 _____ (Thisisu) C:\Users\dawoo_000\Downloads\JRT.exe
2014-11-19 21:47 - 2014-11-19 21:47 - 00000197 _____ () C:\Windows\system32\2014-11-19-21-47-20.061-AvastVBoxSVC.exe-5800.log
2014-11-19 21:38 - 2014-11-19 21:38 - 01400832 _____ (niemiro) C:\Users\dawoo_000\Downloads\SFCFix (1).exe
2014-11-19 21:38 - 2014-11-19 21:38 - 00000000 ____D () C:\Users\dawoo_000\AppData\Local\niemiro
2014-11-19 21:37 - 2014-11-19 21:38 - 01400832 _____ (niemiro) C:\Users\dawoo_000\Downloads\SFCFix.exe
2014-11-19 21:29 - 2014-11-19 21:29 - 00000197 _____ () C:\Windows\system32\2014-11-19-21-29-54.061-AvastVBoxSVC.exe-3284.log
2014-11-19 20:27 - 2014-11-19 20:27 - 00000197 _____ () C:\Windows\system32\2014-11-19-20-27-09.023-AvastVBoxSVC.exe-4976.log
2014-11-19 20:26 - 2014-11-19 20:26 - 02707808 _____ (Resplendence Software Projects Sp. ) C:\Users\dawoo_000\Downloads\whoCrashedSetup.exe
2014-11-19 20:23 - 2014-11-19 20:23 - 00000197 _____ () C:\Windows\system32\2014-11-19-20-23-10.012-AvastVBoxSVC.exe-5044.log
2014-11-19 19:27 - 2014-11-19 19:27 - 00000197 _____ () C:\Windows\system32\2014-11-19-19-27-26.030-AvastVBoxSVC.exe-5156.log
2014-11-19 18:33 - 2014-11-19 18:33 - 00000197 _____ () C:\Windows\system32\2014-11-19-18-33-53.074-AvastVBoxSVC.exe-6112.log
2014-11-19 17:58 - 2014-11-19 17:58 - 00000197 _____ () C:\Windows\system32\2014-11-19-17-58-52.028-AvastVBoxSVC.exe-6008.log
2014-11-19 17:21 - 2014-11-19 17:24 - 00000197 _____ () C:\Windows\system32\2014-11-19-17-21-45.003-AvastVBoxSVC.exe-6000.log
2014-11-19 17:07 - 2014-11-19 17:07 - 00000197 _____ () C:\Windows\system32\2014-11-19-17-07-24.087-AvastVBoxSVC.exe-3568.log
2014-11-19 17:01 - 2014-11-19 17:01 - 00000197 _____ () C:\Windows\system32\2014-11-19-17-01-03.092-AvastVBoxSVC.exe-3336.log
2014-11-19 16:52 - 2014-11-19 16:53 - 00000197 _____ () C:\Windows\system32\2014-11-19-16-52-54.097-AvastVBoxSVC.exe-7116.log
2014-11-19 01:24 - 2014-11-19 01:25 - 00000197 _____ () C:\Windows\system32\2014-11-19-01-24-58.031-AvastVBoxSVC.exe-3524.log
2014-11-19 01:21 - 2014-11-19 01:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-19 01:14 - 2014-10-29 04:04 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-19 01:14 - 2014-10-29 04:04 - 00105872 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-19 01:14 - 2014-10-29 04:03 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-19 01:14 - 2014-10-29 04:03 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-19 01:14 - 2014-10-29 04:00 - 01540696 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-19 01:14 - 2014-10-29 03:59 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-19 01:14 - 2014-10-29 03:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-19 01:14 - 2014-10-29 03:55 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-19 01:14 - 2014-10-29 03:55 - 00019264 _____ (Microsoft Corporation) C:\Windows\system32\dllhost.exe
2014-11-19 01:14 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-19 01:14 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-19 01:14 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-19 01:14 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-19 01:14 - 2014-10-29 03:52 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-19 01:14 - 2014-10-29 03:18 - 00848568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2014-11-19 01:14 - 2014-10-29 03:18 - 00348048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\verifier.dll
2014-11-19 01:14 - 2014-10-29 03:18 - 00255136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powrprof.dll
2014-11-19 01:14 - 2014-10-29 03:18 - 00164264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2014-11-19 01:14 - 2014-10-29 03:17 - 00033088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2014-11-19 01:14 - 2014-10-29 03:15 - 00245296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-11-19 01:14 - 2014-10-29 03:15 - 00192096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-11-19 01:14 - 2014-10-29 03:15 - 00168256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2014-11-19 01:14 - 2014-10-29 03:15 - 00154392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntmarta.dll
2014-11-19 01:14 - 2014-10-29 03:15 - 00110512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2014-11-19 01:14 - 2014-10-29 03:15 - 00098152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2014-11-19 01:14 - 2014-10-29 03:15 - 00089856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-19 01:14 - 2014-10-29 03:15 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2014-11-19 01:14 - 2014-10-29 03:13 - 00185880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-11-19 01:14 - 2014-10-29 03:12 - 01488552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-11-19 01:14 - 2014-10-29 03:12 - 01127976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-11-19 01:14 - 2014-10-29 03:12 - 00416760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2014-11-19 01:14 - 2014-10-29 03:12 - 00241680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2014-11-19 01:14 - 2014-10-29 03:12 - 00051096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwapi.dll
2014-11-19 01:14 - 2014-10-29 03:11 - 02528760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-11-19 01:14 - 2014-10-29 03:11 - 02447104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2014-11-19 01:14 - 2014-10-29 03:11 - 01037656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2014-11-19 01:14 - 2014-10-29 03:11 - 00914648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2014-11-19 01:14 - 2014-10-29 03:11 - 00492704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2014-11-19 01:14 - 2014-10-29 03:11 - 00229248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2014-11-19 01:14 - 2014-10-29 03:11 - 00184888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2014-11-19 01:14 - 2014-10-29 03:11 - 00183832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2014-11-19 01:14 - 2014-10-29 03:11 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CameraSettingsUIHost.exe
2014-11-19 01:14 - 2014-10-29 03:10 - 01178104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2014-11-19 01:14 - 2014-10-29 03:10 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-19 01:14 - 2014-10-29 03:10 - 00367248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2014-11-19 01:14 - 2014-10-29 03:10 - 00278352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-11-19 01:14 - 2014-10-29 03:10 - 00276816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-19 01:14 - 2014-10-29 03:10 - 00272648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp.dll
2014-11-19 01:14 - 2014-10-29 03:10 - 00094464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2014-11-19 01:14 - 2014-10-29 03:10 - 00052664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2014-11-19 01:14 - 2014-10-29 03:10 - 00038184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\utildll.dll
2014-11-19 01:14 - 2014-10-29 03:10 - 00030944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2014-11-19 01:14 - 2014-10-29 03:10 - 00029888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe
2014-11-19 01:14 - 2014-10-29 03:10 - 00026304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\version.dll
2014-11-19 01:14 - 2014-10-29 03:08 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-19 01:14 - 2014-10-29 03:07 - 05120000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2014-11-19 01:14 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-19 01:14 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-19 01:14 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-19 01:14 - 2014-10-29 03:07 - 00336680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2014-11-19 01:14 - 2014-10-29 03:07 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWWizFwk.dll
2014-11-19 01:14 - 2014-10-29 03:06 - 00111064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTWorkQ.dll
2014-11-19 01:14 - 2014-10-29 03:05 - 00321248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2014-11-19 01:14 - 2014-10-29 03:05 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2014-11-19 01:14 - 2014-10-29 03:05 - 00120864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2014-11-19 01:14 - 2014-10-29 02:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-19 01:14 - 2014-10-29 02:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-19 01:14 - 2014-10-29 02:48 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-19 01:14 - 2014-10-29 02:45 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-19 01:14 - 2014-10-29 02:44 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-19 01:14 - 2014-10-29 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-19 01:14 - 2014-10-29 02:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-19 01:14 - 2014-10-29 02:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-19 01:14 - 2014-10-29 02:22 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-19 01:14 - 2014-10-29 02:19 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-19 01:14 - 2014-10-29 02:17 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe
2014-11-19 01:14 - 2014-10-29 02:10 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-19 01:14 - 2014-10-29 02:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-19 01:14 - 2014-10-29 02:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-19 01:14 - 2014-10-29 02:04 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rnr20.dll
2014-11-19 01:14 - 2014-10-29 02:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-11-19 01:14 - 2014-10-29 02:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ktmw32.dll
2014-11-19 01:14 - 2014-10-29 02:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wship6.dll
2014-11-19 01:14 - 2014-10-29 02:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSHTCPIP.DLL
2014-11-19 01:14 - 2014-10-29 02:01 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spfileq.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPInf.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sfc_os.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shgina.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davhlpr.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shunimpl.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensApi.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\softpub.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched32.dll
2014-11-19 01:14 - 2014-10-29 02:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ir32_32.dll
2014-11-19 01:14 - 2014-10-29 01:59 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2014-11-19 01:14 - 2014-10-29 01:59 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2014-11-19 01:14 - 2014-10-29 01:59 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2014-11-19 01:14 - 2014-10-29 01:59 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regini.exe
2014-11-19 01:14 - 2014-10-29 01:59 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
2014-11-19 01:14 - 2014-10-29 01:59 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2014-11-19 01:14 - 2014-10-29 01:59 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsock32.dll
2014-11-19 01:14 - 2014-10-29 01:59 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sas.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00423424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\radardt.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00085504 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drprov.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sort.exe
2014-11-19 01:14 - 2014-10-29 01:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osbaseln.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\umdmxfrm.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdkey.exe
2014-11-19 01:14 - 2014-10-29 01:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwinsat.dll
2014-11-19 01:14 - 2014-10-29 01:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\recover.exe
2014-11-19 01:14 - 2014-10-29 01:58 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeDateMUICallback.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syskey.exe
2014-11-19 01:14 - 2014-10-29 01:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2014-11-19 01:14 - 2014-10-29 01:57 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\serwvdrv.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RdpSaPs.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrnsave.scr
2014-11-19 01:14 - 2014-10-29 01:57 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spnet.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcNs4.dll
2014-11-19 01:14 - 2014-10-29 01:57 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfolder.dll
2014-11-19 01:14 - 2014-10-29 01:56 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2014-11-19 01:14 - 2014-10-29 01:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-19 01:14 - 2014-10-29 01:56 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSChannel.dll
2014-11-19 01:14 - 2014-10-29 01:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmcodecdspps.dll
2014-11-19 01:14 - 2014-10-29 01:55 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2014-11-19 01:14 - 2014-10-29 01:55 - 00029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxstrace.exe
2014-11-19 01:14 - 2014-10-29 01:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfime.ime
2014-11-19 01:14 - 2014-10-29 01:54 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2014-11-19 01:14 - 2014-10-29 01:54 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfui.dll
2014-11-19 01:14 - 2014-10-29 01:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfp.dll
2014-11-19 01:14 - 2014-10-29 01:54 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avicap32.dll
2014-11-19 01:14 - 2014-10-29 01:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcPing.exe
2014-11-19 01:14 - 2014-10-29 01:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secinit.exe
2014-11-19 01:14 - 2014-10-29 01:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ctfmon.exe
2014-11-19 01:14 - 2014-10-29 01:53 - 02238464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data0404.dll
2014-11-19 01:14 - 2014-10-29 01:53 - 00433152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlcese40.dll
2014-11-19 01:14 - 2014-10-29 01:53 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2014-11-19 01:14 - 2014-10-29 01:53 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcnsh.dll
2014-11-19 01:14 - 2014-10-29 01:53 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\verclsid.exe
2014-11-19 01:14 - 2014-10-29 01:53 - 00009728 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe
2014-11-19 01:14 - 2014-10-29 01:52 - 03355136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data0804.dll
2014-11-19 01:14 - 2014-10-29 01:52 - 00181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB7.dll
2014-11-19 01:14 - 2014-10-29 01:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-11-19 01:14 - 2014-10-29 01:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-11-19 01:14 - 2014-10-29 01:52 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertPolEng.dll
2014-11-19 01:14 - 2014-10-29 01:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winver.exe
2014-11-19 01:14 - 2014-10-29 01:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxproxy.dll
2014-11-19 01:14 - 2014-10-29 01:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2014-11-19 01:14 - 2014-10-29 01:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
2014-11-19 01:14 - 2014-10-29 01:52 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\write.exe
2014-11-19 01:14 - 2014-10-29 01:51 - 07331840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data0011.dll
2014-11-19 01:14 - 2014-10-29 01:51 - 00782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data001E.dll
2014-11-19 01:14 - 2014-10-29 01:51 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2014-11-19 01:14 - 2014-10-29 01:51 - 00116224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usbceip.dll
2014-11-19 01:14 - 2014-10-29 01:51 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2014-11-19 01:14 - 2014-10-29 01:51 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasphone.exe
2014-11-19 01:14 - 2014-10-29 01:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\where.exe
2014-11-19 01:14 - 2014-10-29 01:51 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
2014-11-19 01:14 - 2014-10-29 01:51 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
2014-11-19 01:14 - 2014-10-29 01:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorSvc.dll
2014-11-19 01:14 - 2014-10-29 01:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runas.exe
2014-11-19 01:14 - 2014-10-29 01:51 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdial.exe
2014-11-19 01:14 - 2014-10-29 01:51 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
2014-11-19 01:14 - 2014-10-29 01:50 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlceoledb40.dll
2014-11-19 01:14 - 2014-10-29 01:50 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlcecompact40.dll
2014-11-19 01:14 - 2014-10-29 01:50 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
2014-11-19 01:14 - 2014-10-29 01:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2014-11-19 01:14 - 2014-10-29 01:50 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-19 01:14 - 2014-10-29 01:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxsstore.dll
2014-11-19 01:14 - 2014-10-29 01:49 - 00742400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlceqp40.dll
2014-11-19 01:14 - 2014-10-29 01:49 - 00234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2014-11-19 01:14 - 2014-10-29 01:49 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlaninst.dll
2014-11-19 01:14 - 2014-10-29 01:49 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-19 01:14 - 2014-10-29 01:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CHxReadingStringIME.dll
2014-11-19 01:14 - 2014-10-29 01:48 - 00524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB70804.dll
2014-11-19 01:14 - 2014-10-29 01:48 - 00524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB70404.dll
2014-11-19 01:14 - 2014-10-29 01:48 - 00524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB7001E.dll
2014-11-19 01:14 - 2014-10-29 01:48 - 00524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB70011.dll
2014-11-19 01:14 - 2014-10-29 01:48 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\whoami.exe
2014-11-19 01:14 - 2014-10-29 01:48 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sfc.exe
2014-11-19 01:14 - 2014-10-29 01:48 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\waitfor.exe
2014-11-19 01:14 - 2014-10-29 01:48 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsCtfMonitor.dll
2014-11-19 01:14 - 2014-10-29 01:48 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RmClient.exe
2014-11-19 01:14 - 2014-10-29 01:47 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2014-11-19 01:14 - 2014-10-29 01:47 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSTheme.exe
2014-11-19 01:14 - 2014-10-29 01:46 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmvdspa.dll
2014-11-19 01:14 - 2014-10-29 01:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\loghours.dll
2014-11-19 01:14 - 2014-10-29 01:46 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\serialui.dll
2014-11-19 01:14 - 2014-10-29 01:45 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-19 01:14 - 2014-10-29 01:45 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-11-19 01:14 - 2014-10-29 01:45 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-11-19 01:14 - 2014-10-29 01:45 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usbui.dll
2014-11-19 01:14 - 2014-10-29 01:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmiprop.dll
2014-11-19 01:14 - 2014-10-29 01:44 - 00400384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2014-11-19 01:14 - 2014-10-29 01:44 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.exe
2014-11-19 01:14 - 2014-10-29 01:44 - 00120832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2014-11-19 01:14 - 2014-10-29 01:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-11-19 01:14 - 2014-10-29 01:43 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2014-11-19 01:14 - 2014-10-29 01:43 - 00289792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WmpDui.dll
2014-11-19 01:14 - 2014-10-29 01:43 - 00191488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2014-11-19 01:14 - 2014-10-29 01:43 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fphc.dll
2014-11-19 01:14 - 2014-10-29 01:43 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2014-11-19 01:14 - 2014-10-29 01:43 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bdaplgin.ax
2014-11-19 01:14 - 2014-10-29 01:43 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xwizard.exe
2014-11-19 01:14 - 2014-10-29 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-19 01:14 - 2014-10-29 01:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-19 01:14 - 2014-10-29 01:42 - 00305664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-11-19 01:14 - 2014-10-29 01:42 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapi32.dll
2014-11-19 01:14 - 2014-10-29 01:42 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\radarrs.dll
2014-11-19 01:14 - 2014-10-29 01:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmps.dll
2014-11-19 01:14 - 2014-10-29 01:41 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2014-11-19 01:14 - 2014-10-29 01:41 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2014-11-19 01:14 - 2014-10-29 01:41 - 00287232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\modemui.dll
2014-11-19 01:14 - 2014-10-29 01:40 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2014-11-19 01:14 - 2014-10-29 01:40 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\softkbd.dll
2014-11-19 01:14 - 2014-10-29 01:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxlib.dll
2014-11-19 01:14 - 2014-10-29 01:40 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-11-19 01:14 - 2014-10-29 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2014-11-19 01:14 - 2014-10-29 01:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmlog.dll
2014-11-19 01:14 - 2014-10-29 01:40 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shutdown.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2014-11-19 01:14 - 2014-10-29 01:39 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWGP.dll
2014-11-19 01:14 - 2014-10-29 01:39 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscandui.dll
2014-11-19 01:14 - 2014-10-29 01:39 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartScreenSettings.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2014-11-19 01:14 - 2014-10-29 01:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesRemote.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesProtection.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesPerformance.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesHardware.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesComputerName.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RunLegacyCPLElevated.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2014-11-19 01:14 - 2014-10-29 01:39 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ThumbnailExtractionHost.exe
2014-11-19 01:14 - 2014-10-29 01:39 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2014-11-19 01:14 - 2014-10-29 01:38 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucmhc.dll
2014-11-19 01:14 - 2014-10-29 01:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2014-11-19 01:14 - 2014-10-29 01:38 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shpafact.dll
2014-11-19 01:14 - 2014-10-29 01:38 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DDACLSys.dll
2014-11-19 01:14 - 2014-10-29 01:38 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoveDeviceElevated.dll
2014-11-19 01:14 - 2014-10-29 01:35 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2014-11-19 01:14 - 2014-10-29 01:35 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xwreg.dll
2014-11-19 01:14 - 2014-10-29 01:35 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConnectedAccountState.dll
2014-11-19 01:14 - 2014-10-29 01:34 - 00430592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2014-11-19 01:14 - 2014-10-29 01:34 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shrpubw.exe
2014-11-19 01:14 - 2014-10-29 01:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswmdm.dll
2014-11-19 01:14 - 2014-10-29 01:34 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2014-11-19 01:14 - 2014-10-29 01:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdminst.dll
2014-11-19 01:14 - 2014-10-29 01:34 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2014-11-19 01:14 - 2014-10-29 01:33 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-19 01:14 - 2014-10-29 01:33 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotesp.tsp
2014-11-19 01:14 - 2014-10-29 01:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.dll
2014-11-19 01:14 - 2014-10-29 01:32 - 00149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RstrtMgr.dll
2014-11-19 01:14 - 2014-10-29 01:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2014-11-19 01:14 - 2014-10-29 01:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-19 01:14 - 2014-10-29 01:31 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2014-11-19 01:14 - 2014-10-29 01:31 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdiagprv.dll
2014-11-19 01:14 - 2014-10-29 01:31 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2014-11-19 01:14 - 2014-10-29 01:30 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2014-11-19 01:14 - 2014-10-29 01:30 - 00579584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2014-11-19 01:14 - 2014-10-29 01:30 - 00484352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdial32.dll
2014-11-19 01:14 - 2014-10-29 01:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssadmin.exe
2014-11-19 01:14 - 2014-10-29 01:29 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\filemgmt.dll
2014-11-19 01:14 - 2014-10-29 01:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
2014-11-19 01:14 - 2014-10-29 01:29 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
2014-11-19 01:14 - 2014-10-29 01:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe
2014-11-19 01:14 - 2014-10-29 01:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2014-11-19 01:14 - 2014-10-29 01:28 - 00258560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2014-11-19 01:14 - 2014-10-29 01:28 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2014-11-19 01:14 - 2014-10-29 01:28 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xwtpdui.dll
2014-11-19 01:14 - 2014-10-29 01:28 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotepg.dll
2014-11-19 01:14 - 2014-10-29 01:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2014-11-19 01:14 - 2014-10-29 01:28 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xwtpw32.dll
2014-11-19 01:14 - 2014-10-29 01:28 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2014-11-19 01:14 - 2014-10-29 01:28 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2014-11-19 01:14 - 2014-10-29 01:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RdpSa.exe
2014-11-19 01:14 - 2014-10-29 01:27 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xwizards.dll
2014-11-19 01:14 - 2014-10-29 01:27 - 00380416 _____ (Micro

Edited by bluesnapper, 20 November 2014 - 04:09 PM.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 November 2014 - 01:32 AM

Hi bluesnapper,

First try uninstalling the 2 updates that you referenced in your post. Then reboot and see if the problems are still present. If so let me know and we will dig a bit further and see if we can get to the bottom of your problems.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 bluesnapper

bluesnapper

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 23 November 2014 - 02:55 AM

I have taken out the update KB3000850 as it was an optional one.

 

Everything is now OK.

 

Is there anything in my first post that needs attending to?



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 November 2014 - 09:23 AM

Hi bluesnapper ,
 

Is there anything in my first post that needs attending to?


The logs appear fine. Are you having any other issues that haven't been resolved by uninstalling that update?
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 bluesnapper

bluesnapper

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 24 November 2014 - 10:33 AM

Everything appears to be running OK.



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 24 November 2014 - 02:44 PM

Hi bluesnapper,
 

Everything appears to be running OK.


Great!  :thumbup:  Here is my usual speech for after malware removal. Since your issue wasn't malware related review the following and implement any of the items you feel might enhance your security.

Delfix will remove FRST and aswMBR along with any logs they created.

bullseye_zpse9eaf36e.gif Remove Disinfection Tools

  • Download Delfix
  • Tick the following boxes:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    Delfix_zpsbce6c60b.gif
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate windows and frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

CryptoPrevent_zps7ddc3ebd.jpg

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

  • Windows XP:
    Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
    If you are running Windows XP, please take the time to read the information provided at these links.
  • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
  • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 26 November 2014 - 09:46 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users