Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015 Ran by SYSTEM on MININT-I5UKAN3 on 20-04-2015 23:47:28 Running from Q:\ Platform: WIN_7 (X64) OS Language: English (United States) Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Winlogon: [Userinit] HKLM-x32\...\Winlogon: [Userinit] [X] HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess? HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION! HKU\DaddyNew\...\Run: [ASRockXTU] => [X] HKU\DaddyNew\...\Run: [zASRockInstantBoot] => [X] HKU\DaddyNew\...\Run: [OM2_Monitor] => "G:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" HKU\DaddyNew\...\Run: [Google Update] => "C:\Users\DaddyNew\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\DaddyNew\...\Run: [Steam] => "G:\Program Files (x86)\Steam\Steam.exe" -silent HKU\DaddyNew\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\DaddyNew\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.) HKU\DaddyNew\...\Run: [SpybotSD TeaTimer] => K:\Spybot - Search & Destroy\TeaTimer.exe HKU\DaddyNew\...\Run: [SUPERAntiSpyware] => K:\SuperAntiSpyware\SUPERAntiSpyware.exe HKU\DaddyNew\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\DaddyNew\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) HKU\DaddyNew\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] () HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] () HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] () Lsa: [Notification Packages] scecli D:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] () S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] () S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] () S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] () S2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] () S3 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] () S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] () S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] () S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH) S2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] () S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] () S2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] () S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] () S2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] () S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] () S2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] () S2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] () S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] () S3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] () S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] () S2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-01-13] () S2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] () S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] () S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] () S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] () S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] () S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] () S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] () S2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] () S2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] () S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] () S2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] () S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] () S2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] () S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] () S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] () S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] () S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] () S3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] () S3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] () S2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] () S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] () S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] () S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] () S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] () S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] () S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] () S2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] () S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] () S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] () S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] () S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] () S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] () S2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] () S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] () S2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] () S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] () S2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] () S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] () S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] () S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] () S2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] () S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] () S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] () S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] () S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] () S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] () S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] () S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] () S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] () S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] () S2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] () S2 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] () S3 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] () S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] () S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] () S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] () S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] () S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] () S2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] () S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] () S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] () S2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] () S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] () S2 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] () S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] () S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] () S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] () S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] () S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] () S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] () S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] () S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] () S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] () S3 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] () S2 !SASCORE; "K:\SuperAntiSpyware\SASCORE64.EXE" [X] S3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [X] S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X] S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X] S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X] S2 Apple Mobile Device Service; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X] S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X] S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X] S2 btwdins; D:\Program Files\ASUS\Bluetooth Software\btwdins.exe [X] S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X] S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X] S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X] S4 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [X] S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X] S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X] S3 cphs; %SystemRoot%\SysWow64\IntelCpHeciSvc.exe [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 HPSLPSVC; C:\Users\DaddyNew\AppData\Local\Temp\7zS3AA7\hpslpsvc64.dll [X] S3 idsvc; "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [X] S2 IKEEXT; %SystemRoot%\System32\ikeext.dll [X] S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X] S3 Microsoft SharePoint Workspace Audit Service; "G:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice [X] S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X] S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X] S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X] S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X] S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X] S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X] S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\diMaster.dll" /prefetch:1 S2 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X] S2 ProfSvc; %systemroot%\system32\profsvc.dll [X] S2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [X] S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X] S3 TermService; %SystemRoot%\System32\termsrv.dll [X] S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X] S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X] S3 WebClient; %SystemRoot%\System32\webclnt.dll [X] S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X] S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X] S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X] S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [X] S2 wuauserv; %systemroot%\system32\wuaueng.dll [X] S3 WwanSvc; %SystemRoot%\System32\wwansvc.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) S3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2015-02-22] (FNet Co., Ltd.) S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-02-09] (FNet Co., Ltd.) S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] () S3 Ntfs; No ImagePath S3 RDPWD; No ImagePath S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-17] () S1 AFD; \SystemRoot\system32\drivers\afd.sys [X] S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X] S0 amdxata; system32\drivers\amdxata.sys [X] S3 bcbtums; system32\drivers\bcbtums.sys [X] S1 BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150408.001\BHDrvx64.sys [X] S3 BthPan; system32\DRIVERS\bthpan.sys [X] S3 BTHPORT; System32\Drivers\BTHport.sys [X] S3 BTHUSB; System32\Drivers\BTHUSB.sys [X] S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X] S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; system32\drivers\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; system32\DRIVERS\btwrchid.sys [X] S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [X] S1 ctxusbm; system32\DRIVERS\ctxusbm.sys [X] S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X] S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X] S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X] S0 fvevol; System32\DRIVERS\fvevol.sys [X] S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X] S3 hidkmdf; system32\DRIVERS\hidkmdf.sys [X] S3 HidUsb; system32\DRIVERS\hidusb.sys [X] S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X] S1 IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150417.001\IDSvia64.sys [X] S3 igfx; system32\DRIVERS\igdkmd64.sys [X] S3 MEIx64; system32\DRIVERS\HECIx64.sys [X] S3 monitor; system32\DRIVERS\monitor.sys [X] S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150417.022\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150417.022\EX64.SYS [X] S3 NVHDA; system32\drivers\nvhda64v.sys [X] S3 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X] S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X] S3 Point64; system32\DRIVERS\point64.sys [X] S3 RdpVideoMiniport; System32\drivers\rdpvideominiport.sys [X] S3 RFCOMM; system32\DRIVERS\rfcomm.sys [X] S1 SASDIFSV; \??\K:\SuperAntiSpyware\SASDIFSV64.SYS [X] S1 SASKUTIL; \??\K:\SuperAntiSpyware\SASKUTIL64.SYS [X] S0 sptd; System32\Drivers\sptd.sys [X] S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [X] S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [X] S3 StillCam; system32\DRIVERS\serscan.sys [X] S0 SymDS; system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [X] S0 SymEFA; system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [X] S3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X] S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [X] S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [X] S0 Tcpip; System32\drivers\tcpip.sys [X] S3 TCPIP6; system32\DRIVERS\tcpip.sys [X] S1 tdx; system32\DRIVERS\tdx.sys [X] S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X] S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [X] S3 usbaudio; system32\drivers\usbaudio.sys [X] S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X] S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X] S3 usbvideo; System32\Drivers\usbvideo.sys [X] S3 VX3000; system32\DRIVERS\VX3000.sys [X] S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X] S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X] S0 Wdf01000; system32\drivers\Wdf01000.sys [X] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\D:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 23:43 - 2015-04-20 23:47 - 00000000 ____D () C:\FRST 2015-04-18 10:42 - 2015-04-18 10:42 - 00000000 __SHD () C:\found.000 2015-04-14 18:03 - 2015-04-01 16:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2015-04-14 18:03 - 2015-04-01 15:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-14 18:03 - 2015-03-16 21:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2015-04-14 18:03 - 2015-03-16 21:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2015-04-14 18:03 - 2015-03-16 21:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2015-04-14 18:03 - 2015-03-16 21:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2015-04-14 18:03 - 2015-03-16 21:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2015-04-14 18:03 - 2015-03-16 21:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2015-04-14 18:03 - 2015-03-16 21:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe 2015-04-14 18:03 - 2015-03-16 21:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe 2015-04-14 18:03 - 2015-03-16 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2015-04-14 18:03 - 2015-03-16 21:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2015-04-14 18:03 - 2015-03-16 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe 2015-04-14 18:03 - 2015-03-16 21:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe 2015-04-14 18:03 - 2015-03-16 21:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2015-04-14 18:03 - 2015-03-16 21:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2015-04-14 18:03 - 2015-03-16 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 21:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-14 18:03 - 2015-03-16 21:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-14 18:03 - 2015-03-16 20:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-14 18:03 - 2015-03-16 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-14 18:03 - 2015-03-16 20:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-14 18:03 - 2015-03-16 20:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-14 18:03 - 2015-03-16 20:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-14 18:03 - 2015-03-16 20:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-14 18:03 - 2015-03-16 20:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-14 18:03 - 2015-03-16 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-14 18:03 - 2015-03-16 20:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-14 18:03 - 2015-03-16 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-14 18:03 - 2015-03-16 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-14 18:03 - 2015-03-16 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-14 18:03 - 2015-03-16 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-14 18:03 - 2015-03-16 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-14 18:03 - 2015-03-12 20:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2015-04-14 18:03 - 2015-03-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2015-04-14 18:03 - 2015-03-12 20:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2015-04-14 18:03 - 2015-03-12 20:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2015-04-14 18:03 - 2015-03-12 20:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2015-04-14 18:03 - 2015-03-12 20:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec 2015-04-14 18:03 - 2015-03-12 20:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2015-04-14 18:03 - 2015-03-12 20:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2015-04-14 18:03 - 2015-03-12 20:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2015-04-14 18:03 - 2015-03-12 20:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2015-04-14 18:03 - 2015-03-12 19:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2015-04-14 18:03 - 2015-03-12 19:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2015-04-14 18:03 - 2015-03-12 19:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2015-04-14 18:03 - 2015-03-12 19:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2015-04-14 18:03 - 2015-03-12 19:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2015-04-14 18:03 - 2015-03-12 19:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2015-04-14 18:03 - 2015-03-12 19:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2015-04-14 18:03 - 2015-03-12 19:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-14 18:03 - 2015-03-12 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-14 18:03 - 2015-03-12 19:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2015-04-14 18:03 - 2015-03-12 19:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2015-04-14 18:03 - 2015-03-12 19:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-14 18:03 - 2015-03-12 19:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-14 18:03 - 2015-03-12 19:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-14 18:03 - 2015-03-12 19:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2015-04-14 18:03 - 2015-03-12 19:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-14 18:03 - 2015-03-12 19:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2015-04-14 18:03 - 2015-03-12 19:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-14 18:03 - 2015-03-12 19:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2015-04-14 18:03 - 2015-03-12 19:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-14 18:03 - 2015-03-12 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-14 18:03 - 2015-03-12 19:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-14 18:03 - 2015-03-12 19:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-14 18:03 - 2015-03-12 19:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-14 18:03 - 2015-03-12 19:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-14 18:03 - 2015-03-12 19:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2015-04-14 18:03 - 2015-03-12 19:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2015-04-14 18:03 - 2015-03-12 19:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-14 18:03 - 2015-03-12 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2015-04-14 18:03 - 2015-03-12 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2015-04-14 18:03 - 2015-03-12 19:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-14 18:03 - 2015-03-12 19:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2015-04-14 18:03 - 2015-03-12 18:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-14 18:03 - 2015-03-12 18:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-14 18:03 - 2015-03-12 18:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-14 18:03 - 2015-03-12 18:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-14 18:03 - 2015-03-12 18:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2015-04-14 18:03 - 2015-03-12 18:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-14 18:03 - 2015-03-12 18:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-14 18:03 - 2015-03-12 18:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-14 18:03 - 2015-03-12 18:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-14 18:03 - 2015-03-12 18:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2015-04-14 18:03 - 2015-03-12 18:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2015-04-14 18:03 - 2015-03-12 18:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-14 18:03 - 2015-03-12 18:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-14 18:03 - 2015-03-12 18:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-14 18:03 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2015-04-14 18:02 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys 2015-04-14 18:02 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll 2015-04-14 18:02 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-18 07:08 - 2013-02-18 20:10 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037436649-1059246677-4283182647-1000UA.job 2015-04-18 05:30 - 2013-02-08 23:47 - 02016312 _____ () C:\Windows\WindowsUpdate.log 2015-04-17 22:10 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-04-17 20:08 - 2013-02-18 20:10 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037436649-1059246677-4283182647-1000Core.job 2015-04-17 17:49 - 2009-07-13 20:45 - 00032096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-17 17:49 - 2009-07-13 20:45 - 00032096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-17 17:41 - 2015-03-11 01:01 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2015-04-17 17:41 - 2013-02-09 21:40 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-17 17:41 - 2013-02-09 14:23 - 00034752 _____ () C:\Windows\System32\Drivers\WPRO_41_2001.sys 2015-04-17 17:41 - 2013-02-09 14:20 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2015-04-17 17:41 - 2010-11-20 19:47 - 00479604 _____ () C:\Windows\PFRO.log 2015-04-17 17:41 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-17 17:41 - 2009-07-13 20:51 - 00006835 _____ () C:\Windows\setupact.log 2015-04-17 15:36 - 2013-02-09 14:20 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2015-04-17 12:46 - 2013-02-11 21:01 - 00000000 ____D () C:\Users\DaddyNew\AppData\Roaming\Mozilla 2015-04-15 20:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-15 03:28 - 2013-02-10 14:00 - 00001029 _____ () C:\Users\DaddyNew\Desktop\Dropbox.lnk 2015-04-15 01:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2015-04-15 00:40 - 2014-12-10 01:58 - 00000000 ____D () C:\Windows\System32\appraiser 2015-04-15 00:40 - 2014-05-06 05:51 - 00000000 ___SD () C:\Windows\System32\CompatTel 2015-04-15 00:25 - 2013-02-09 15:01 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 00:21 - 2013-07-30 00:14 - 00000000 ____D () C:\Windows\System32\MRT 2015-04-15 00:18 - 2013-02-09 22:03 - 128913832 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2015-04-15 00:18 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini 2015-03-25 16:57 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-24 06:55 - 2014-10-01 17:25 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-03-24 06:55 - 2013-12-07 19:47 - 00000000 ____D () C:\ProgramData\Skype 2015-03-21 10:58 - 2013-12-03 16:55 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2015-03-21 10:58 - 2013-12-03 16:55 - 00002501 _____ () C:\ProgramData\Desktop\Norton Internet Security.lnk 2015-03-21 10:58 - 2013-02-19 20:53 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration Some content of TEMP: ==================== C:\Users\DaddyNew\AppData\Local\Temp\COMAP.EXE C:\Users\DaddyNew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprgbqyl.dll C:\Users\DaddyNew\AppData\Local\Temp\installerdll10972470.dll C:\Users\DaddyNew\AppData\Local\Temp\installerdll10985075.dll C:\Users\DaddyNew\AppData\Local\Temp\installerdll11502733.dll C:\Users\DaddyNew\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\DaddyNew\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\DaddyNew\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\DaddyNew\AppData\Local\Temp\mml.dll C:\Users\DaddyNew\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\DaddyNew\AppData\Local\Temp\ose00000.exe C:\Users\DaddyNew\AppData\Local\Temp\rootsupd.exe C:\Users\DaddyNew\AppData\Local\Temp\Setup.exe C:\Users\DaddyNew\AppData\Local\Temp\sonarinst.exe C:\Users\DaddyNew\AppData\Local\Temp\vcredist_x64.exe C:\Users\DaddyNew\AppData\Local\Temp\vcredist_x86.exe C:\Users\DaddyNew\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe ==================== Known DLLs (Whitelisted) ================ [2009-07-13 16:00] - [2009-07-13 17:40] - 0607744 ____A () C:\Windows\System32\clbcatq.dll [2010-11-20 19:23] - [2010-11-20 19:23] - 2086912 ____A () C:\Windows\System32\ole32.dll C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION! [2010-11-20 19:24] - [2010-11-20 19:24] - 0594432 ____A () C:\Windows\System32\COMDLG32.dll C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION! C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION! [2009-07-13 15:38] - [2009-07-13 17:41] - 0167424 ____A () C:\Windows\System32\IMM32.dll [2009-07-13 15:26] - [2009-07-13 17:31] - 0002560 ____A () C:\Windows\System32\NORMALIZ.dll [2009-07-13 15:21] - [2009-07-13 17:41] - 0013824 ____A () C:\Windows\System32\NSI.dll C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION! [2009-07-13 15:26] - [2009-07-13 17:41] - 0009216 ____A () C:\Windows\System32\PSAPI.dll C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION! [2009-07-13 15:20] - [2009-07-13 17:41] - 0113664 ____A () C:\Windows\System32\sechost.dll [2010-11-20 19:24] - [2010-11-20 19:24] - 1900544 ____A () C:\Windows\System32\Setupapi.dll [2010-11-20 19:24] - [2010-11-20 19:24] - 0448512 ____A () C:\Windows\System32\SHLWAPI.dll [2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A () C:\Windows\System32\user32.dll C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION! [2010-11-20 19:24] - [2010-11-20 19:24] - 0312832 ____A () C:\Windows\System32\WLDAP32.dll [2009-07-13 15:27] - [2009-07-13 17:40] - 0504320 ____A () C:\Windows\System32\DifxApi.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\wininit.exe [2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A () B257BF5D40C4154C166B2CFA744AAA8E C:\Windows\System32\wininit.exe No Company Name <===== ATTENTION! C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe [2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A () 34E6CAB438CD16DD9C38B96CB0438C4D C:\Windows\System32\svchost.exe No Company Name <===== ATTENTION! C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A () C0511B1036DBB4D7815999DED67B524C C:\Windows\System32\services.exe No Company Name <===== ATTENTION! C:\Windows\System32\User32.dll [2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A () 218E60831D92DEB718267351D5916406 C:\Windows\System32\User32.dll No Company Name <===== ATTENTION! C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe [2010-11-20 19:24] - [2010-11-20 19:24] - 0030720 ____A () B0DE4D2EA2F4C96B0A5A74EAD0E0CAD8 C:\Windows\System32\userinit.exe No Company Name <===== ATTENTION! C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2010-11-20 19:24] - [2010-11-20 19:24] - 0512000 ____A () 0CF3A71FFC9770B06E1071C72FECC125 C:\Windows\System32\rpcss.dll No Company Name <===== ATTENTION! ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 5% Total physical RAM: 32661.71 MB Available physical RAM: 30842.34 MB Total Pagefile: 32659.86 MB Available Pagefile: 30852.94 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:53.34 GB) NTFS Drive d: (New Volume) (Fixed) (Total:1397.26 GB) (Free:635.59 GB) NTFS Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (New Volume) (Fixed) (Total:111.79 GB) (Free:78.87 GB) NTFS Drive g: (New Volume) (Fixed) (Total:1397.2 GB) (Free:450.48 GB) NTFS Drive h: (New Volume) (Fixed) (Total:1397.2 GB) (Free:1115.76 GB) NTFS Drive k: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF Drive q: () (Removable) (Total:7.47 GB) (Free:7.24 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (New Volume) (Fixed) (Total:232.88 GB) (Free:230.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 33D611EA) Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 33D611EB) Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F099C2A2) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 33D611E8) Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 32A532A4) Partition: GPT Partition Type. ======================================================== Disk: 10 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS) LastRegBack: 2015-04-13 21:36 ==================== End Of Log ============================