Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Could someone analyse these frst logs please

trojan/rootkit infected Win7

  • Please log in to reply

#1
bigwheels

bigwheels

    New Member

  • Member
  • Pip
  • 2 posts

I am a computer novice but I really wanted to try and do the fixlist myself but have no idea how to interpret the info on the logs.If someone can help it would be much appreciated.

Thanks.

First time user.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by SYSTEM on MININT-UF3K80C on 07-04-2015 19:34:17
Running from G:\
Platform: Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2184488 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611736 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [468904 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7719456 2009-08-23] (Realtek Semiconductor)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-24] (AVG Technologies CZ, s.r.o.)
HKU\LIAM MCMAHON\...\Run: [uTorrent] => C:\Users\LIAM MCMAHON\AppData\Roaming\uTorrent\uTorrent.exe [1385040 2014-12-13] (BitTorrent Inc.)
HKU\Satellite\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\Satellite\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-02] (CyberGhost S.R.L.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1516968 2015-03-24] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-24] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-24] (AVG Technologies CZ, s.r.o.)
S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-28] (TOSHIBA CORPORATION)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-02] (CyberGhost S.R.L)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [246520 2010-07-28] (WildTangent, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-20] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-20] (Malwarebytes Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2010-11-29] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [112032 2010-12-08] (TOSHIBA Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2161976 2015-02-24] (AVG Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2010-09-24] (ATI Technologies, Inc.)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [48920 2014-12-02] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-03-24] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-04] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210912 2015-02-24] (AVG Technologies CZ, s.r.o.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [692272 2010-08-08] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys [344112 2010-06-26] (Symantec Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-20] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-20] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS [85424 2010-08-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS [1362608 2010-08-13] (Symantec Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-23] (Primax Ltd)
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation)
S3 QIOMem; C:\Windows\system32\drivers\QIOMem.sys [9216 2009-06-15] (TOSHIBA)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RTSUVSTOR.sys [226408 2010-11-30] (Realtek Semiconductor Corp.)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [126584 2014-12-10] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2015-01-12] (TuneUp Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 20:53 - 2015-04-06 21:04 - 00000261 _____ () C:\Users\Satellite\Downloads\Search.txt
2015-04-06 20:40 - 2015-04-06 20:42 - 00000000 ____D () C:\Users\Satellite\Desktop\Fixlist
2015-04-06 20:37 - 2015-04-06 20:37 - 00001135 _____ () C:\Users\Satellite\Desktop\Addition - Shortcut.lnk
2015-04-06 20:37 - 2015-04-06 20:37 - 00001095 _____ () C:\Users\Satellite\Desktop\FRST - Shortcut.lnk
2015-04-06 20:34 - 2015-04-06 20:34 - 00059250 _____ () C:\FRST_06-04-2015_10-41-54.txt
2015-04-06 20:34 - 2015-04-06 20:34 - 00026507 _____ () C:\Addition_06-04-2015_10-41-52.txt
2015-04-05 16:40 - 2015-04-05 16:41 - 00027481 _____ () C:\Users\Satellite\Downloads\Addition.txt
2015-04-05 16:39 - 2015-04-05 16:41 - 00059250 _____ () C:\Users\Satellite\Downloads\FRST.txt
2015-04-05 16:38 - 2015-04-07 19:34 - 00000000 ____D () C:\FRST
2015-04-05 16:38 - 2015-04-05 16:38 - 01135104 _____ (Farbar) C:\Users\Satellite\Downloads\FRST.exe
2015-04-05 09:11 - 2015-04-05 09:16 - 00000000 ___SD () C:\Windows\System32\GWX
2015-04-05 09:11 - 2015-04-05 09:11 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-04-05 09:11 - 2015-04-05 09:11 - 00000000 ____D () C:\Windows\RemotePackages
2015-04-05 09:07 - 2015-01-08 15:44 - 00419936 _____ () C:\Windows\System32\locale.nls
2015-04-05 09:05 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2015-04-05 09:04 - 2009-06-10 13:14 - 00051867 _____ () C:\Windows\Ultimate.xml
2015-04-05 09:02 - 2012-07-25 19:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2015-04-05 09:02 - 2012-07-25 19:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2015-04-05 09:02 - 2012-07-25 19:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2015-04-05 09:02 - 2012-07-25 19:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2015-04-05 09:02 - 2012-07-25 19:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2015-04-05 09:02 - 2012-07-25 18:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2015-04-05 09:02 - 2012-07-25 18:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2015-04-05 09:02 - 2012-06-02 06:57 - 00000003 _____ () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-04-05 08:54 - 2015-01-08 18:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\System32\perftrack.dll
2015-04-05 08:54 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\wdi.dll
2015-04-05 08:54 - 2015-01-08 18:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\powertracker.dll
2015-04-05 08:54 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2015-04-05 08:54 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2015-04-05 08:54 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2015-04-05 08:54 - 2012-08-22 09:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2015-04-05 08:54 - 2012-07-04 11:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2015-04-05 08:53 - 2014-11-10 17:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2015-04-05 08:53 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2015-04-05 08:53 - 2014-10-03 17:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-04-05 08:53 - 2014-10-03 17:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2015-04-05 08:53 - 2014-02-03 18:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2015-04-05 08:53 - 2014-02-03 18:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2015-04-05 08:53 - 2014-02-03 18:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2015-04-05 08:53 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2015-04-05 08:53 - 2014-01-27 18:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2015-04-05 08:53 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2015-04-05 08:53 - 2013-08-27 16:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2015-04-05 08:53 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2015-04-05 08:53 - 2013-03-18 19:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2015-04-05 08:53 - 2013-01-23 20:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2015-04-05 08:53 - 2012-10-03 08:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2015-04-05 08:53 - 2012-10-03 08:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\netevent.dll
2015-04-05 08:53 - 2012-10-03 08:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2015-04-05 08:53 - 2012-10-03 07:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2015-04-05 08:53 - 2012-08-21 12:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2015-04-05 08:53 - 2011-12-29 21:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2015-04-05 08:53 - 2011-06-15 20:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2015-04-05 08:53 - 2011-03-10 21:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2015-04-05 08:53 - 2011-03-10 21:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2015-04-05 08:53 - 2011-03-10 21:38 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2015-04-05 08:53 - 2011-03-10 21:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2015-04-05 08:53 - 2011-03-10 21:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2015-04-05 08:53 - 2011-03-10 21:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\System32\esent.dll
2015-04-05 08:53 - 2011-03-10 21:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2015-04-05 08:53 - 2011-03-10 20:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2015-04-05 08:53 - 2011-02-17 21:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2015-04-05 08:52 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-04-05 08:52 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2015-04-05 08:52 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\charmap.exe
2015-04-05 08:52 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2015-04-05 08:52 - 2014-07-08 17:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDYAK.DLL
2015-04-05 08:52 - 2014-07-08 17:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDTAT.DLL
2015-04-05 08:52 - 2014-07-08 17:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU1.DLL
2015-04-05 08:52 - 2014-07-08 17:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2015-04-05 08:52 - 2014-07-08 17:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU.DLL
2015-04-05 08:52 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-04-05 08:52 - 2014-01-23 18:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2015-04-05 08:52 - 2013-08-04 17:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2015-04-05 08:52 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2015-04-05 08:52 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2015-04-05 08:52 - 2012-12-07 04:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2015-04-05 08:52 - 2012-12-07 04:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\System32\gameux.dll
2015-04-05 08:52 - 2012-12-07 02:46 - 00055296 _____ (Microsoft) C:\Windows\System32\cero.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00051712 _____ (Microsoft) C:\Windows\System32\esrb.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00046592 _____ (Microsoft) C:\Windows\System32\fpb.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00045568 _____ (Microsoft) C:\Windows\System32\oflc-nz.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00044544 _____ (Microsoft) C:\Windows\System32\pegibbfc.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00043520 _____ (Microsoft) C:\Windows\System32\csrr.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00040960 _____ (Microsoft) C:\Windows\System32\cob-au.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00030720 _____ (Microsoft) C:\Windows\System32\usk.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00023552 _____ (Microsoft) C:\Windows\System32\oflc.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00021504 _____ (Microsoft) C:\Windows\System32\grb.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi-pt.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi-fi.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi.rs
2015-04-05 08:52 - 2012-12-07 02:46 - 00015360 _____ (Microsoft) C:\Windows\System32\djctq.rs
2015-04-05 08:52 - 2011-05-03 20:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2015-04-05 08:52 - 2011-05-03 20:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2015-04-05 08:52 - 2011-05-03 20:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2015-04-05 08:52 - 2011-05-03 20:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2015-04-05 08:52 - 2011-05-03 20:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2015-04-05 08:52 - 2011-05-03 20:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2015-04-05 08:52 - 2011-05-03 20:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2015-04-05 08:52 - 2011-05-03 20:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2015-04-05 08:52 - 2011-05-03 20:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2015-04-05 08:51 - 2015-04-05 16:12 - 00000000 ____D () C:\Windows\System32\appmgmt
2015-04-05 08:51 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2015-04-05 08:51 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2015-04-05 08:51 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2015-04-05 08:51 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2015-04-05 08:51 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2015-04-05 08:51 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2015-04-05 08:51 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2015-04-05 08:51 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2015-04-05 08:51 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2015-04-05 08:51 - 2012-10-09 09:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2015-04-05 08:51 - 2012-10-09 09:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2015-04-05 08:51 - 2012-01-04 00:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2015-04-05 08:50 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2015-04-05 08:50 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2015-04-05 08:50 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2015-04-05 08:50 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2015-04-05 08:50 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2015-04-05 08:38 - 2015-04-05 08:38 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-04-05 08:27 - 2015-04-05 09:14 - 00000000 ____D () C:\Windows\CSC
2015-04-05 08:26 - 2015-04-05 08:26 - 00000000 ____D () C:\Users\Satellite\AppData\Local\Tific
2015-04-05 08:24 - 2015-04-05 08:24 - 00000000 ____D () C:\Users\Satellite\AppData\Roaming\Tific
2015-04-05 08:21 - 2015-04-05 08:21 - 00002146 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2015-04-05 08:21 - 2015-04-05 08:21 - 00002120 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
2015-04-05 08:21 - 2015-02-24 15:25 - 00037176 _____ (AVG Technologies) C:\Windows\System32\TURegOpt.exe
2015-04-05 08:21 - 2015-02-24 15:24 - 00025912 _____ (AVG Technologies) C:\Windows\System32\authuitu.dll
2015-04-05 08:20 - 2015-04-05 08:20 - 00000000 ____D () C:\Users\Satellite\AppData\Roaming\AVG
2015-04-05 08:17 - 2015-04-05 08:17 - 00000000 ____D () C:\Users\Satellite\AppData\Local\Avg
2015-04-05 08:14 - 2015-04-05 08:21 - 00000000 ____D () C:\ProgramData\AVG
2015-04-05 08:13 - 2015-04-05 08:13 - 113398072 _____ (AVG Technologies) C:\Users\Satellite\Downloads\avg_tuh_stf_all_2015_403_24c34.exe
2015-04-05 07:49 - 2009-06-10 13:14 - 00053551 _____ () C:\Windows\Professional.xml
2015-04-05 07:00 - 2015-04-05 07:08 - 00000000 ____D () C:\Users\Satellite\AppData\Local\CyberGhost
2015-04-05 06:58 - 2015-04-05 07:00 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-04-05 06:58 - 2015-04-05 06:58 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\Satellite\Downloads\CG_5.0.14.7.exe
2015-04-05 06:58 - 2015-04-05 06:58 - 00001856 _____ () C:\Users\Satellite\Desktop\CyberGhost 5.lnk
2015-04-05 05:39 - 2015-04-06 21:38 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-04-05 05:39 - 2015-04-05 18:46 - 00000000 ____D () C:\Program Files\DriverAssist
2015-04-05 05:39 - 2015-04-05 16:10 - 00000000 ____D () C:\Users\Satellite\Documents\ProPCCleaner
2015-04-05 05:39 - 2015-04-05 06:15 - 00000371 _____ () C:\prefs.js
2015-04-05 05:39 - 2015-04-05 06:15 - 00000000 ____D () C:\searchplugins
2015-04-05 05:39 - 2015-04-05 05:39 - 00000000 ____D () C:\Users\Satellite\AppData\Local\Pro_PC_Cleaner
2015-04-05 05:38 - 2015-04-05 06:23 - 00001035 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-05 05:38 - 2015-04-05 06:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-05 05:38 - 2015-04-05 05:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-05 05:38 - 2015-03-11 17:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\System32\LavasoftTcpService.dll
2015-04-05 05:38 - 2014-11-20 12:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-04-05 05:38 - 2014-11-20 12:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-04-05 05:38 - 2014-11-20 12:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-04-05 05:37 - 2015-04-05 05:37 - 00000000 ____D () C:\Users\Satellite\AppData\Roaming\Lavasoft
2015-04-05 05:30 - 2015-04-05 05:30 - 00000000 ____D () C:\Users\Satellite\AppData\Local\CrashDumps
2015-04-05 05:09 - 2015-04-05 09:25 - 00058016 _____ () C:\Users\Satellite\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-05 05:02 - 2015-04-05 05:02 - 00000000 ____D () C:\Users\Satellite\AppData\Roaming\TuneUp Software
2015-04-05 04:59 - 2015-04-05 04:59 - 00000000 ____D () C:\Users\Satellite\AppData\Local\MFAData
2015-04-05 03:54 - 2015-04-05 03:54 - 00000000 __SHD () C:\Users\Satellite\AppData\Local\EmieUserList
2015-04-05 03:54 - 2015-04-05 03:54 - 00000000 __SHD () C:\Users\Satellite\AppData\Local\EmieSiteList
2015-04-05 03:54 - 2015-04-05 03:54 - 00000000 __SHD () C:\Users\Satellite\AppData\Local\EmieBrowserModeList
2015-04-05 03:45 - 2015-04-05 09:31 - 00000000 ____D () C:\Users\Satellite\AppData\Roaming\Toshiba
2015-04-05 03:44 - 2015-04-05 17:10 - 00000000 ____D () C:\Users\Satellite\AppData\Local\VirtualStore
2015-04-05 03:44 - 2015-04-05 05:09 - 00000000 ____D () C:\Users\Satellite\AppData\Local\TOSHIBA
2015-04-05 03:44 - 2015-04-05 05:03 - 00000000 ____D () C:\Users\Satellite\AppData\Local\Avg2015
2015-04-05 03:44 - 2015-04-05 03:44 - 00000000 ____D () C:\Users\Satellite\AppData\Roaming\AVG2015
2015-04-05 03:44 - 2015-04-05 03:44 - 00000000 ____D () C:\Users\Satellite\AppData\Roaming\Adobe
2015-04-05 03:44 - 2015-04-05 03:44 - 00000000 ____D () C:\Users\Satellite\AppData\Local\Google
2015-04-05 03:43 - 2015-04-05 03:44 - 00000000 ____D () C:\users\Satellite
2015-04-05 03:43 - 2015-04-05 03:43 - 00000020 ___SH () C:\Users\Satellite\ntuser.ini
2015-04-05 02:31 - 2015-04-05 02:32 - 00000000 ____D () C:\Users\LIAM MCMAHON\AppData\Local\CrashDumps
2015-04-05 01:00 - 2015-04-05 01:00 - 00000000 ____D () C:\Users\LIAM MCMAHON\AppData\Roaming\AVG2015
2015-04-05 00:59 - 2015-04-05 01:08 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-05 00:59 - 2015-04-05 00:59 - 00000906 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-05 00:59 - 2015-04-05 00:59 - 00000000 ___HD () C:\$AVG
2015-04-05 00:59 - 2015-04-05 00:59 - 00000000 ____D () C:\Users\LIAM MCMAHON\AppData\Roaming\TuneUp Software
2015-04-05 00:58 - 2015-04-05 08:20 - 00000000 ____D () C:\Program Files\AVG
2015-04-05 00:55 - 2015-04-06 21:43 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-05 00:55 - 2015-04-05 01:02 - 00000000 ____D () C:\Users\LIAM MCMAHON\AppData\Local\Avg2015
2015-04-05 00:55 - 2015-04-05 00:55 - 00000000 ____D () C:\Users\LIAM MCMAHON\AppData\Local\MFAData
2015-04-02 22:49 - 2015-04-05 00:44 - 00000004 _____ () C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7
2015-04-02 22:07 - 2015-04-05 01:08 - 00000000 ____D () C:\Program Files\new game
2015-03-31 19:36 - 2015-02-02 19:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-03-31 19:35 - 2015-03-05 21:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-03-31 19:35 - 2015-03-05 21:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-03-31 19:35 - 2015-03-05 21:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-03-31 19:35 - 2015-03-05 21:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-03-31 19:35 - 2015-03-05 21:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-03-31 19:35 - 2015-03-05 21:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-03-31 19:35 - 2015-03-05 21:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-03-31 19:35 - 2015-03-05 21:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-03-31 19:35 - 2015-03-05 21:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-03-31 19:35 - 2015-02-25 19:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-03-31 19:35 - 2015-02-23 18:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-03-31 19:35 - 2015-02-20 16:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-03-31 19:35 - 2015-02-20 16:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-03-31 19:35 - 2015-02-20 16:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-03-31 19:35 - 2015-02-20 16:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-03-31 19:35 - 2015-02-20 15:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-03-31 19:35 - 2015-02-19 20:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-03-31 19:35 - 2015-02-19 20:13 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-03-31 19:35 - 2015-02-19 20:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-03-31 19:35 - 2015-02-19 20:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-03-31 19:35 - 2015-02-19 19:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-03-31 19:35 - 2015-02-19 18:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-03-31 19:35 - 2015-02-19 18:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-03-31 19:35 - 2015-02-19 18:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-03-31 19:35 - 2015-02-19 18:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-03-31 19:35 - 2015-02-19 18:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-03-31 19:35 - 2015-02-19 18:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-03-31 19:35 - 2015-02-19 18:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-03-31 19:35 - 2015-02-19 18:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-03-31 19:35 - 2015-02-19 18:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-03-31 19:35 - 2015-02-19 17:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-03-31 19:35 - 2015-02-19 17:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-03-31 19:35 - 2015-02-19 17:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-03-31 19:35 - 2015-02-19 17:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-03-31 19:35 - 2015-02-19 17:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-03-31 19:35 - 2015-02-19 17:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-03-31 19:35 - 2015-02-19 17:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-03-31 19:35 - 2015-02-19 17:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-03-31 19:35 - 2015-02-19 17:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-03-31 19:35 - 2015-02-19 17:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-03-31 19:35 - 2015-02-19 17:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-03-31 19:35 - 2015-02-19 17:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-03-31 19:35 - 2015-02-19 17:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-03-31 19:35 - 2015-02-19 16:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-03-31 19:35 - 2015-02-19 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-03-31 19:35 - 2015-02-12 21:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-03-31 19:35 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2015-03-31 19:35 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-03-31 19:35 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-03-31 19:35 - 2014-12-11 09:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-03-31 19:34 - 2015-02-03 18:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2015-03-31 19:34 - 2015-02-02 19:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2015-03-31 19:34 - 2015-02-02 19:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-03-31 19:34 - 2015-02-02 19:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-03-31 19:34 - 2015-02-02 19:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-03-31 19:34 - 2015-02-02 19:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2015-03-31 19:34 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2015-03-31 19:34 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2015-03-31 19:34 - 2015-02-02 19:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2015-03-31 19:34 - 2015-02-02 19:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-03-31 19:34 - 2015-02-02 19:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2015-03-31 19:34 - 2015-02-02 19:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-03-31 19:34 - 2015-02-02 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2015-03-31 19:34 - 2015-02-02 19:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2015-03-31 19:34 - 2015-02-02 19:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-03-31 19:34 - 2015-02-02 19:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
2015-03-31 19:34 - 2015-02-02 19:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2015-03-31 19:34 - 2015-02-02 19:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2015-03-31 19:34 - 2015-02-02 19:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2015-03-31 19:34 - 2015-02-02 19:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-03-31 19:34 - 2015-02-02 19:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2015-03-31 19:34 - 2015-02-02 18:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-03-31 19:34 - 2015-01-30 15:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-03-31 19:34 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-03-31 19:34 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-03-31 19:34 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-03-31 19:34 - 2014-10-31 14:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-03-31 19:34 - 2014-06-27 16:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-03-31 19:34 - 2014-06-27 16:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-03-31 19:34 - 2012-10-03 08:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-03-31 19:34 - 2012-10-03 08:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-03-31 00:14 - 2015-03-31 00:14 - 00005655 _____ () C:\Users\LIAM MCMAHON\AppData\Roaming\9jqP9SlWa2MQ20z
2015-03-24 17:23 - 2015-03-24 17:23 - 00224736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdriverx.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 21:41 - 2014-12-10 13:48 - 01793896 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 21:37 - 2009-07-13 20:39 - 00036464 _____ () C:\Windows\setupact.log
2015-04-06 16:22 - 2009-07-13 20:34 - 00033568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 16:22 - 2009-07-13 20:34 - 00033568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 18:48 - 2010-11-20 13:01 - 00778150 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-05 17:05 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-05 09:14 - 2009-07-13 20:33 - 00267016 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-04-05 09:11 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\tracing
2015-04-05 08:29 - 2010-11-20 13:48 - 00068066 _____ () C:\Windows\PFRO.log
2015-04-05 08:27 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\security
2015-04-05 08:25 - 2014-12-10 14:23 - 00000000 ____D () C:\ProgramData\Norton
2015-04-05 06:18 - 2014-12-13 23:44 - 00000000 ____D () C:\Program Files\STab
2015-04-05 06:17 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\L2Schemas
2015-04-05 06:15 - 2014-12-13 23:41 - 00000000 ____D () C:\Program Files\globalUpdate
2015-04-05 06:15 - 2014-12-13 23:41 - 00000000 ____D () C:\Program Files\6f02b0b0-d1bc-4e24-9898-61b41ae527eb
2015-04-05 06:15 - 2014-12-10 14:23 - 00000000 ____D () C:\Program Files\Amazon
2015-04-05 05:42 - 2011-03-03 03:33 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-04-05 05:19 - 2014-12-10 14:24 - 00000000 ____D () C:\Program Files\Symantec
2015-04-05 05:03 - 2014-12-10 00:51 - 00000000 ____D () C:\Users\LIAM MCMAHON\AppData\Roaming\uTorrent
2015-04-05 04:14 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
2015-04-05 02:25 - 2014-12-09 21:26 - 00002298 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-05 00:45 - 2009-07-13 18:04 - 00000505 _____ () C:\Windows\win.ini
2015-04-03 01:54 - 2014-12-09 20:38 - 00000000 ____D () C:\users\LIAM MCMAHON
2015-04-03 01:54 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\wfp
2015-04-03 01:53 - 2014-12-10 14:24 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-04-03 01:53 - 2014-12-10 14:23 - 00000000 ____D () C:\Windows\System32\Drivers\NIS
2015-04-03 01:53 - 2014-12-10 14:23 - 00000000 ____D () C:\Program Files\Norton Internet Security
2015-04-03 01:53 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2015-04-02 22:17 - 2014-12-31 18:46 - 00000000 ____D () C:\Windows\System32\MRT
2015-04-02 22:17 - 2014-12-29 14:46 - 00000000 ____D () C:\Users\LIAM MCMAHON\AppData\Local\Tific
2015-04-01 13:19 - 2010-11-20 16:46 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-01 13:19 - 2009-07-13 18:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-01 13:19 - 2009-07-13 18:37 - 00000000 ___RD () C:\users\Public
2015-04-01 13:03 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
 
Some content of TEMP:
====================
C:\Users\LIAM MCMAHON\AppData\Local\Temp\MSNAC48.exe
C:\Users\LIAM MCMAHON\AppData\Local\Temp\Runner2.exe
C:\Users\LIAM MCMAHON\AppData\Local\Temp\Runner4.exe
C:\Users\LIAM MCMAHON\AppData\Local\Temp\ttv.exe
C:\Users\LIAM MCMAHON\AppData\Local\Temp\uttB8D9.tmp.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point made on: 2015-04-05 05:18:50
Restore point made on: 2015-04-05 05:37:45
Restore point made on: 2015-04-05 05:41:34
Restore point made on: 2015-04-05 06:59:42
Restore point made on: 2015-04-05 07:47:24
Restore point made on: 2015-04-05 07:48:37
Restore point made on: 2015-04-05 08:00:05
Restore point made on: 2015-04-05 08:02:14
Restore point made on: 2015-04-05 08:17:55
Restore point made on: 2015-04-05 09:00:38
Restore point made on: 2015-04-05 16:16:09
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 4060.89 MB
Available physical RAM: 3592.52 MB
Total Pagefile: 4059.18 MB
Available Pagefile: 3599.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.25 MB
 
==================== Drives ================================
 
Drive c: (S3A9451D002) (Fixed) (Total:452.79 GB) (Free:425.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:3.81 GB) (Free:3.8 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 54BC7C24)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2015-04-02 22:44
 
==================== End Of Log ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.
 
See if it will boot normally now or perhaps in Safe Mode with networking
Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 
 
If you can get it to boot normally uninstall either Norton or AVG.  You don't want both.  Also 
 
Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 20 
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
 
Run FRST again (from a normal or safe mode boot if possible), check the Additions box and then Scan.  You will get two logs.  Post them both.
 
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP