TechSpot

Re-Post: Virus stopping all removal programs from running

By swisstonyholmes
Mar 30, 2015
  1. Am re-posting this due to my original thread being locked due to inactivity.

    Have attempted to PM to unlock the thread but no response.

    To anyone who can help,

    Windows 7 operating platform.

    I'm having difficulty helping someone remove a virus or viruses that are primarily stopping all antivirus and locally installed scan tools programs from running.

    I've tried running the Farbar FRST.exe tool as recommended for providing log information but keep getting an "Application Error". I've tried running in safe mode with the same result.

    I've run online web based scan tools these were Eset and Panda which did remove threats but didn't remove the primary virus stopping all antivirus programs from running.

    Any help would be appreciated.

    Update:
    http://www.techspot.com/community/topics/virus-stopping-all-removal-programs-from-running.210481/
    Steps run as per the above thread and results shown below.

    Thanks,

    Tony.


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by SYSTEM on MININT-TFQEVEV on 25-03-2015 19:00:44
    Running from h:\
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery

    The current controlset is ControlSet002
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor)
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
    HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2012-03-16] (Eastman Kodak Company)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-08] (COMODO)
    HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-05-29] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [EKAiO2StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
    HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1284616 2014-08-09] (Easybits)
    HKLM-x32\...\Run: [COMODO] => C:\Program Files\COMODO\COMODO livePCsupport\CLPSLA.exe [215800 2010-08-13] (COMODO)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\Default\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\Default User\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\Guest\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\Guest\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
    HKU\Reg\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
    HKU\Reg\...\Policies\system: [DisableChangePassword] 0

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 CLPSLS; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [158120 2010-08-13] (COMODO)
    S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-08] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-08] (COMODO)
    S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
    S2 lxbv_device; C:\Windows\system32\lxbvcoms.exe [566704 2007-04-25] ( )
    S2 lxbv_device; C:\Windows\SysWOW64\lxbvcoms.exe [537520 2007-04-25] ( )
    S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
    S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-08] (COMODO)
    S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-08] (COMODO)
    S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-08] (COMODO)
    S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-08] (COMODO)
    S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-25 19:00 - 2015-03-25 19:00 - 00000000 ____D () C:\FRST
    2015-03-18 14:32 - 2015-03-18 14:32 - 00001031 _____ () C:\Users\Public\Desktop\COMODO Cloud Scanner.lnk
    2015-03-18 14:30 - 2015-03-18 14:31 - 18570816 _____ (COMODO) C:\Users\Reg\Downloads\CCS_Setup_2.0.162151.21_xp_vista_server2003_win7.exe
    2015-03-18 12:02 - 2015-03-18 12:02 - 02347384 _____ (ESET) C:\Users\Reg\Downloads\esetsmartinstaller_enu (2).exe
    2015-03-18 11:56 - 2015-03-18 11:56 - 00000000 ____D () C:\Users\Reg\AppData\Roaming\Comodo
    2015-03-18 11:15 - 2013-04-29 00:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
    2015-03-18 11:14 - 2015-03-18 11:14 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
    2015-03-18 11:14 - 2015-03-18 11:14 - 00000000 ____D () C:\Program Files (x86)\Panda Security
    2015-03-18 11:13 - 2015-03-18 11:14 - 31660040 _____ (Panda Security ) C:\Users\Reg\Downloads\PandaCloudCleaner.exe
    2015-03-18 11:03 - 2015-03-18 11:03 - 00000000 ____D () C:\Windows\pss
    2015-03-18 10:57 - 2015-03-18 10:57 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-03-18 10:57 - 2015-03-18 10:57 - 00000000 ____D () C:\Program Files\CCleaner
    2015-03-18 10:55 - 2015-03-18 10:56 - 05325696 _____ (Piriform Ltd) C:\Users\Reg\Downloads\ccsetup503.exe
    2015-03-17 23:50 - 2015-03-17 23:50 - 02347384 _____ (ESET) C:\Users\Reg\Downloads\esetsmartinstaller_enu (1).exe
    2015-03-17 23:48 - 2015-03-17 23:48 - 00005733 _____ () C:\Users\Reg\Documents\eset.txt
    2015-03-17 09:55 - 2015-03-17 09:55 - 02347384 _____ (ESET) C:\Users\Reg\Downloads\esetsmartinstaller_enu.exe
    2015-03-17 09:53 - 2015-03-17 09:53 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-03-16 02:50 - 2015-03-16 02:50 - 00000000 ____D () C:\Users\Reg\AppData\Local\{685C176B-9948-400D-AD1C-CD34817F942A}
    2015-03-16 02:46 - 2015-03-16 02:46 - 00000000 ____D () C:\Users\Reg\AppData\Local\{3732BC87-914B-4B21-92B7-5CD5651D06D8}
    2015-03-16 02:42 - 2015-03-16 02:42 - 00000000 ____D () C:\Users\Reg\AppData\Local\{83ACEE8E-9F17-46F6-A048-EA4431B6D7A0}
    2015-03-15 08:21 - 2015-02-19 20:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
    2015-03-15 08:21 - 2015-02-19 20:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
    2015-03-15 08:21 - 2015-02-19 20:40 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
    2015-03-15 08:21 - 2015-02-19 20:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
    2015-03-15 08:21 - 2015-02-19 20:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-15 08:21 - 2015-02-19 20:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-15 08:21 - 2015-02-19 20:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-15 08:21 - 2015-02-19 20:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-15 08:21 - 2015-02-19 19:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2015-03-15 08:21 - 2015-02-19 19:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-15 08:17 - 2015-02-02 19:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
    2015-03-15 08:17 - 2015-02-02 19:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
    2015-03-15 08:17 - 2015-02-02 19:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2015-03-15 08:17 - 2015-02-02 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
    2015-03-15 08:17 - 2015-02-02 19:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2015-03-15 08:17 - 2015-02-02 19:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2015-03-15 08:17 - 2015-02-02 19:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
    2015-03-15 08:17 - 2015-02-02 19:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
    2015-03-15 08:17 - 2015-02-02 19:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
    2015-03-15 08:17 - 2015-02-02 19:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
    2015-03-15 08:17 - 2015-02-02 19:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
    2015-03-15 08:17 - 2015-02-02 19:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
    2015-03-15 08:17 - 2015-02-02 19:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
    2015-03-15 08:17 - 2015-02-02 19:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2015-03-15 08:17 - 2015-02-02 19:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
    2015-03-15 08:17 - 2015-02-02 19:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
    2015-03-15 08:17 - 2015-02-02 19:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
    2015-03-15 08:17 - 2015-02-02 19:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
    2015-03-15 08:17 - 2015-02-02 19:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
    2015-03-15 08:17 - 2015-02-02 19:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
    2015-03-15 08:17 - 2015-02-02 19:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
    2015-03-15 08:17 - 2015-02-02 19:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
    2015-03-15 08:17 - 2015-02-02 19:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
    2015-03-15 08:17 - 2015-02-02 19:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-15 08:17 - 2015-02-02 19:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-15 08:17 - 2015-02-02 19:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-15 08:17 - 2015-02-02 18:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
    2015-03-15 08:17 - 2014-10-31 14:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
    2015-03-15 08:17 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2015-03-15 08:17 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
    2015-03-15 08:16 - 2015-02-02 19:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2015-03-15 08:16 - 2015-02-02 19:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
    2015-03-15 08:16 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
    2015-03-15 08:16 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
    2015-03-15 08:16 - 2015-02-02 19:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
    2015-03-15 08:16 - 2015-02-02 19:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2015-03-15 08:16 - 2015-02-02 19:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
    2015-03-15 08:16 - 2015-02-02 19:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
    2015-03-15 08:16 - 2015-02-02 19:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2015-03-15 08:16 - 2015-02-02 19:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2015-03-15 08:16 - 2015-02-02 19:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
    2015-03-15 08:16 - 2015-02-02 19:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2015-03-15 08:16 - 2015-02-02 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
    2015-03-15 08:16 - 2015-02-02 19:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-15 08:16 - 2015-02-02 19:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-15 08:16 - 2015-02-02 19:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-15 08:16 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-15 08:16 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-15 08:16 - 2015-02-02 19:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-15 08:16 - 2015-02-02 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-15 08:16 - 2015-02-02 19:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-15 08:16 - 2015-02-02 19:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-15 08:16 - 2015-01-30 19:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2015-03-15 08:16 - 2015-01-30 19:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2015-03-15 08:16 - 2015-01-30 15:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2015-03-15 08:13 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
    2015-03-15 08:13 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-15 08:11 - 2015-02-12 21:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-15 08:11 - 2015-02-12 21:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2015-03-15 08:10 - 2015-03-05 21:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2015-03-15 08:10 - 2015-03-05 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2015-03-15 08:10 - 2015-03-05 21:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2015-03-15 08:10 - 2015-03-05 21:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
    2015-03-15 08:10 - 2015-03-05 21:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
    2015-03-15 08:10 - 2015-03-05 21:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2015-03-15 08:10 - 2015-03-05 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
    2015-03-15 08:10 - 2015-03-05 21:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
    2015-03-15 08:10 - 2015-03-05 21:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
    2015-03-15 08:10 - 2015-03-05 21:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-15 08:10 - 2015-03-05 21:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-15 08:10 - 2015-03-05 21:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-15 08:10 - 2015-03-05 21:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-15 08:10 - 2015-03-05 21:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-15 08:10 - 2015-03-05 21:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-15 08:10 - 2015-03-05 21:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-15 08:10 - 2015-03-05 21:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-15 08:10 - 2015-03-05 21:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-15 08:10 - 2015-03-05 21:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-15 08:10 - 2015-03-05 21:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-15 08:10 - 2015-03-05 21:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-15 08:10 - 2015-03-05 21:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-15 08:10 - 2015-01-30 15:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2015-03-15 08:00 - 2015-01-16 18:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
    2015-03-15 08:00 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-15 07:59 - 2015-02-25 19:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2015-03-15 07:59 - 2015-02-02 19:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2015-03-15 07:59 - 2015-02-02 19:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-15 07:18 - 2015-02-23 19:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2015-03-15 07:18 - 2015-02-23 18:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-15 07:18 - 2015-02-20 17:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2015-03-15 07:18 - 2015-02-20 16:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-15 07:18 - 2015-02-20 16:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-15 07:18 - 2015-02-20 16:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-15 07:18 - 2015-02-20 16:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-15 07:18 - 2015-02-20 15:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2015-03-15 07:18 - 2015-02-20 15:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-15 07:18 - 2015-02-19 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2015-03-15 07:18 - 2015-02-19 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
    2015-03-15 07:18 - 2015-02-19 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2015-03-15 07:18 - 2015-02-19 18:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2015-03-15 07:18 - 2015-02-19 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
    2015-03-15 07:18 - 2015-02-19 18:48 - 02886144 _____ () C:\Windows\System32\iertutil.dll
    2015-03-15 07:18 - 2015-02-19 18:47 - 00088064 _____ () C:\Windows\System32\MshtmlDac.dll
    2015-03-15 07:18 - 2015-02-19 18:41 - 00054784 _____ () C:\Windows\System32\jsproxy.dll
    2015-03-15 07:18 - 2015-02-19 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2015-03-15 07:18 - 2015-02-19 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2015-03-15 07:18 - 2015-02-19 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2015-03-15 07:18 - 2015-02-19 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
    2015-03-15 07:18 - 2015-02-19 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
    2015-03-15 07:18 - 2015-02-19 18:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2015-03-15 07:18 - 2015-02-19 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-03-15 07:18 - 2015-02-19 18:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-15 07:18 - 2015-02-19 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2015-03-15 07:18 - 2015-02-19 18:13 - 00077824 _____ () C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-03-15 07:18 - 2015-02-19 18:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-15 07:18 - 2015-02-19 18:08 - 00199680 _____ () C:\Windows\System32\msrating.dll
    2015-03-15 07:18 - 2015-02-19 18:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-15 07:18 - 2015-02-19 18:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-15 07:18 - 2015-02-19 18:06 - 00064000 _____ () C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-15 07:18 - 2015-02-19 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2015-03-15 07:18 - 2015-02-19 18:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-15 07:18 - 2015-02-19 18:01 - 00047104 _____ () C:\Windows\SysWOW64\jsproxy.dll
    2015-03-15 07:18 - 2015-02-19 18:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-15 07:18 - 2015-02-19 17:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-15 07:18 - 2015-02-19 17:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-15 07:18 - 2015-02-19 17:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-15 07:18 - 2015-02-19 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2015-03-15 07:18 - 2015-02-19 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2015-03-15 07:18 - 2015-02-19 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2015-03-15 07:18 - 2015-02-19 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2015-03-15 07:18 - 2015-02-19 17:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2015-03-15 07:18 - 2015-02-19 17:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-15 07:18 - 2015-02-19 17:37 - 00168960 _____ () C:\Windows\SysWOW64\msrating.dll
    2015-03-15 07:18 - 2015-02-19 17:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-15 07:18 - 2015-02-19 17:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2015-03-15 07:18 - 2015-02-19 17:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-15 07:18 - 2015-02-19 17:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-15 07:18 - 2015-02-19 17:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-15 07:18 - 2015-02-19 17:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2015-03-15 07:18 - 2015-02-19 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2015-03-15 07:18 - 2015-02-19 17:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-15 07:18 - 2015-02-19 16:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-15 07:18 - 2015-02-19 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-15 07:17 - 2015-02-03 19:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2015-03-15 07:17 - 2015-02-03 18:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-15 06:50 - 2015-03-15 06:50 - 00000000 ____D () C:\Users\Reg\AppData\Local\{EA2385DD-90C6-45FD-B1E0-779C8C534095}
    2015-03-15 05:16 - 2015-03-15 05:16 - 00000000 ____D () C:\Users\Reg\AppData\Local\{D14ABCFB-2BE1-4EFF-8DB4-BD5406D562C2}
    2015-03-15 04:29 - 2015-03-15 04:29 - 00000000 ____D () C:\Users\Reg\AppData\Local\{98CE62F5-0A72-470A-8A81-701B8F94D3EF}
    2015-03-15 04:13 - 2015-03-15 04:13 - 00000000 ____D () C:\Users\Reg\AppData\Local\{EC61C9C3-9663-4E3E-A0EB-EBAC9398A36C}
    2015-03-15 03:36 - 2015-03-15 03:36 - 00000000 ____D () C:\Users\Reg\AppData\Local\{9B7BBD85-9AD2-46A1-ABB1-E05CB15971DB}
    2015-03-15 02:55 - 2015-03-15 02:55 - 00000000 ____D () C:\Users\Reg\AppData\Local\{0EC5CFB6-C8B4-44B6-82C8-BF6B785F7075}
    2015-03-14 05:27 - 2015-03-14 05:27 - 00000000 ____D () C:\Users\Reg\AppData\Local\{65F673EA-39F2-456A-B7C6-7E94245E7E30}
    2015-03-08 07:00 - 2015-03-08 07:00 - 00001682 _____ () C:\Users\Reg\Documents\First border at school 1928 Head mistress Miss Millar(school now a hotel)_.eml
    2015-03-08 06:42 - 2015-03-08 06:42 - 00000000 ____D () C:\Users\Reg\AppData\Local\{39E5AE16-83A8-40A7-ACBB-B11808F362B7}
    2015-03-08 06:29 - 2015-03-08 06:29 - 00000000 ____D () C:\Users\Reg\AppData\Local\{795680DF-BC8D-4345-AD44-997BC60EDFB6}
    2015-03-05 05:26 - 2015-03-05 05:26 - 00950272 _____ (Microsoft Corporation) C:\Windows\System32\perftrack.dll
    2015-03-05 05:26 - 2015-03-05 05:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\wdi.dll
    2015-03-05 05:26 - 2015-03-05 05:26 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-03-05 05:26 - 2015-03-05 05:26 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\powertracker.dll
    2015-03-03 10:41 - 2015-03-03 10:41 - 00000000 ____D () C:\Users\Reg\AppData\Local\{434B3EBB-D9A1-4832-8B89-A750D4AEF227}
    2015-03-03 10:05 - 2015-03-03 10:05 - 00000000 ____D () C:\Users\Reg\AppData\Local\{1FAE4B5D-A877-4C94-9E74-2003657C6B2A}
    2015-03-01 07:08 - 2015-03-01 07:08 - 00000000 ____D () C:\Users\Reg\AppData\Local\{B4AED424-B0EB-4110-B2CD-237A8081E2EC}
    2015-02-28 09:49 - 2015-02-28 09:50 - 00000000 ____D () C:\Users\Reg\AppData\Local\{2B6BFA77-DB96-4E29-BAC5-DA3B70ED6927}
    2015-02-26 03:16 - 2015-02-26 03:17 - 00000000 ____D () C:\Users\Reg\AppData\Local\{245DD6E4-84E1-4686-BA12-24DB0ABA87A9}
    2015-02-25 09:23 - 2015-01-08 15:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-25 09:23 - 2015-01-08 15:43 - 00419936 _____ () C:\Windows\System32\locale.nls
    2015-02-25 09:15 - 2015-02-25 09:15 - 00000000 ____D () C:\Users\Reg\AppData\Local\{F7685397-C61F-4C66-970C-EEAE3D874694}
    2015-02-24 03:49 - 2015-02-24 03:50 - 00000000 ____D () C:\Users\Reg\AppData\Local\{7E760ECB-D225-450B-9770-940DE74CD478}

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-24 08:45 - 2010-08-17 00:31 - 01740782 _____ () C:\Windows\WindowsUpdate.log
    2015-03-24 08:06 - 2013-08-23 09:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-24 07:55 - 2011-01-07 08:31 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-24 07:07 - 2011-06-26 04:10 - 00000000 ____D () C:\ProgramData\Kodak
    2015-03-24 02:55 - 2011-01-07 08:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-23 23:06 - 2013-10-11 03:55 - 01474832 _____ () C:\Windows\System32\Drivers\sfi.dat
    2015-03-21 14:01 - 2009-07-13 20:45 - 00026192 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-21 14:01 - 2009-07-13 20:45 - 00026192 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-21 09:53 - 2015-01-21 09:00 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForReg
    2015-03-21 09:53 - 2013-12-17 09:32 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForReg.job
    2015-03-18 14:32 - 2011-11-23 11:38 - 00000000 ____D () C:\Program Files\COMODO
    2015-03-18 14:26 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-18 14:26 - 2009-07-13 20:51 - 00160542 _____ () C:\Windows\setupact.log
    2015-03-18 11:09 - 2011-07-18 11:06 - 00000000 ____D () C:\Users\Reg\AppData\Roaming\TeamViewer
    2015-03-18 11:04 - 2009-07-13 20:45 - 00427216 _____ () C:\Windows\System32\FNTCACHE.DAT
    2015-03-18 05:21 - 2014-06-02 09:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2015-03-17 10:21 - 2013-10-10 07:38 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2015-03-17 09:55 - 2010-11-22 11:08 - 00114384 _____ () C:\Users\Reg\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-17 09:53 - 2010-11-22 11:01 - 00000000 ____D () C:\users\Reg
    2015-03-17 07:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-15 14:06 - 2011-07-10 03:43 - 00000000 ____D () C:\users\Guest
    2015-03-15 14:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-03-15 14:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
    2015-03-15 08:58 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-03-15 08:51 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-15 08:51 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
    2015-03-15 08:22 - 2010-11-23 11:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-15 08:09 - 2013-08-15 15:23 - 00000000 ____D () C:\Windows\System32\MRT
    2015-03-15 08:01 - 2010-11-22 11:40 - 122905848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2015-03-15 06:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
    2015-03-15 02:44 - 2013-10-27 07:48 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D2A0ECBE-83F4-46E8-8706-38CF8AC5C617}
    2015-03-14 05:07 - 2013-10-11 03:55 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
    2015-03-14 05:03 - 2011-01-07 08:31 - 00000000 ____D () C:\ProgramData\Real
    2015-03-13 08:12 - 2010-12-19 03:03 - 00254976 ___SH () C:\Users\Reg\Documents\Thumbs.db
    2015-03-05 08:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
    2015-03-03 03:07 - 2009-07-13 21:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    Some content of TEMP:
    ====================
    C:\Users\Reg\AppData\Local\Temp\sp64126.exe
    C:\Users\Reg\AppData\Local\Temp\UninstallHPSA.exe


    ==================== Known DLLs (Whitelisted) ================

    [2015-03-15 07:18] - [2015-02-19 18:48] - 2886144 ____A () C:\Windows\System32\IERTUTIL.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================

    Restore point made on: 2015-03-14 10:30:33
    Restore point made on: 2015-03-14 13:53:15
    Restore point made on: 2015-03-15 05:26:50
    Restore point made on: 2015-03-15 07:17:18
    Restore point made on: 2015-03-15 07:57:16
    Restore point made on: 2015-03-22 16:00:18

    ==================== Memory info ===========================

    Percentage of memory in use: 23%
    Total physical RAM: 3002.92 MB
    Available physical RAM: 2309.68 MB
    Total Pagefile: 3001.07 MB
    Available Pagefile: 2305.84 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:217.29 GB) (Free:140.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (RECOVERY) (Fixed) (Total:15.3 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    Drive h: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 80F49AF4)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=217.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ========================================================
    Disk: 1 (Size: 972.5 MB) (Disk ID: 000BB7AD)
    Partition 1: (Not Active) - (Size=972 MB) - (Type=0B)


    LastRegBack: 2015-03-17 07:29

    ==================== End Of Log ============================
     
    Last edited: Mar 30, 2015
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    I've never received any PM from you.

    Re-run FRST again.
    Type the following in the edit box after "Search Files:".

    IERTUTIL.dll

    Click Search button and post the log (Search.txt) it makes in your reply.
     
  3. swisstonyholmes

    swisstonyholmes TS Rookie Topic Starter Posts: 98

    Was this the "search files" option or "search registry option"?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

     
  5. swisstonyholmes

    swisstonyholmes TS Rookie Topic Starter Posts: 98

    Search Files results


    Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by SYSTEM at 2015-03-31 19:51:07
    Running from h:\
    Boot Mode: Recovery

    ================== Search Files: "IERTUTIL.dll" =============

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20580_none_606b0a10c019afd1\iertutil.dll
    [2013-03-29 10:20][2013-02-01 19:29] 1796096 ____A (Microsoft Corporation) 5FDA7467F5B3B41A63DCD7E542B994B4

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20573_none_6078dadac00edfe5\iertutil.dll
    [2013-03-02 09:33][2013-01-08 12:33] 1796096 ____A (Microsoft Corporation) ADA72DC8CA2FC44D05B4070054F8A2A1

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20565_none_6085ab5ac004f6a2\iertutil.dll
    [2012-12-19 11:31][2012-11-13 17:27] 1793024 ____A (Microsoft Corporation) 9B35FC2316CBF198E5EEA405D96777F2

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20562_none_6082aa7cc007aa9d\iertutil.dll
    [2012-11-14 03:11][2012-10-07 23:31] 1793024 ____A (Microsoft Corporation) F72FB9A16B8544BD3F3F58106E1CAC58

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20557_none_60927bdabffb0d5f\iertutil.dll
    [2012-11-04 03:26][2012-08-23 23:07] 1793024 ____A (Microsoft Corporation) C5BF51D58A85AD2B8D392E21BB9A5D86

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20554_none_608f7afcbffdc15a\iertutil.dll
    [2012-08-17 12:07][2012-06-28 14:46] 1793024 ____A (Microsoft Corporation) EC6CF836399ED2C4AAB70F17D65F7884

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20553_none_608e7ab2bffea803\iertutil.dll
    [2012-07-12 06:30][2012-06-02 00:11] 1793024 ____A (Microsoft Corporation) 4739AD40B8240A177815D4976CD552AB

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20551_none_608c7a1ec0007555\iertutil.dll
    [2012-06-24 02:42][2012-05-17 14:12] 1793024 ____A (Microsoft Corporation) A598B6A45346A21960D661C6A1E7552E

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20548_none_609e4c10bff20ac5\iertutil.dll
    [2012-04-10 13:52][2012-02-27 16:53] 1792000 ____A (Microsoft Corporation) 9BC2189BB54C7416D32E91BA692508F4

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20546_none_609c4b7cbff3d817\iertutil.dll
    [2012-02-14 14:03][2011-12-13 18:23] 1792000 ____A (Microsoft Corporation) B93C966BC42CF9D0DD00752DD85C06F6

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20544_none_609a4ae8bff5a569\iertutil.dll
    [2011-12-15 10:34][2011-11-03 15:01] 1792000 ____A (Microsoft Corporation) 65F7B4AE72F3D2983F2DFF7E98E83419

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20537_none_60a81bb2bfead57d\iertutil.dll
    [2011-10-12 16:10][2011-08-31 17:51] 1791488 ____A (Microsoft Corporation) A8CF11C575D22934378C78983B3D4755

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20534_none_60a51ad4bfed8978\iertutil.dll
    [2011-08-12 13:58][2011-07-21 17:44] 1791488 ____A (Microsoft Corporation) 066598ABE67062039F5B336059065096

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16470_none_5fec3d31a6f3f416\iertutil.dll
    [2013-03-29 10:20][2013-02-01 19:23] 1796096 ____A (Microsoft Corporation) 73BDB1C0801D44BEA5F6749FD340CC0F

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16464_none_5ffb0e45a6e83d81\iertutil.dll
    [2013-03-02 09:33][2013-01-08 13:56] 1796096 ____A (Microsoft Corporation) D171EAA745A2C0C583CDDA13D9088EE4

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16457_none_6008df0fa6dd6d95\iertutil.dll
    [2012-12-19 11:31][2012-11-13 17:46] 1793024 ____A (Microsoft Corporation) 780E80E5502015EDAEC91DC0A0C96A79

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16455_none_6006de7ba6df3ae7\iertutil.dll
    [2012-11-14 03:11][2012-10-07 23:41] 1793024 ____A (Microsoft Corporation) 3178C47DB9F1615E5334029607BD3459

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16450_none_6001dd09a6e3bc34\iertutil.dll
    [2012-11-04 03:26][2012-08-23 22:44] 1793024 ____A (Microsoft Corporation) EB8A00E8E9931A7EC04F920B09D880D8

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16448_none_6014af45a6d46afb\iertutil.dll
    [2012-08-17 12:07][2012-06-28 16:01] 1793024 ____A (Microsoft Corporation) B17ADBBBDC97148D28F995F32C380F2E

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16447_none_6013aefba6d551a4\iertutil.dll
    [2012-07-12 06:30][2012-06-02 00:19] 1793024 ____A (Microsoft Corporation) C516284DE6DB833E77CC0E5217CDC6AA

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16446_none_6012aeb1a6d6384d\iertutil.dll
    [2012-06-24 02:42][2012-05-17 14:27] 1793024 ____A (Microsoft Corporation) E0C68CE8A3C548B101ABC01DB3DDB7CA

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16443_none_600fadd3a6d8ec48\iertutil.dll
    [2012-04-10 13:52][2012-02-27 17:04] 1792000 ____A (Microsoft Corporation) 1341915D4705A3BA68BC49E83024ADE0

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16441_none_600dad3fa6dab99a\iertutil.dll
    [2012-02-14 14:03][2011-12-13 18:52] 1792000 ____A (Microsoft Corporation) CDF5B6AEC538E02D5579E2E791042A1A

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16440_none_600cacf5a6dba043\iertutil.dll
    [2011-12-15 10:34][2011-11-03 14:32] 1792000 ____A (Microsoft Corporation) 1416AB557BE700FA117323B6B8F32882

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16437_none_601e7ee7a6cd35b3\iertutil.dll
    [2011-10-12 16:10][2011-08-31 18:23] 1791488 ____A (Microsoft Corporation) 217557259182C86A6D3ADE11BC42B74A

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16434_none_601b7e09a6cfe9ae\iertutil.dll
    [2011-08-12 13:58][2011-07-21 18:44] 1791488 ____A (Microsoft Corporation) AB0E44C70C5C732C1E312EAEABECC1D5

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16430_none_60177ce1a6d38452\iertutil.dll
    [2011-07-18 11:24][2011-07-18 11:24] 1785344 ____A (Microsoft Corporation) 733C7F11B06892F9DC283D4BB34ABD25

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.21718_none_64f2fb557ae24418\iertutil.dll
    [2011-06-16 06:30][2011-05-01 21:38] 2064384 ____A (Microsoft Corporation) F76BC64151ED46D9B81D4E1CBA5C29D4

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17608_none_64742e7661bc885d\iertutil.dll
    [2011-06-16 06:30][2011-04-28 20:54] 2064384 ____A (Microsoft Corporation) 3B10CE9257F58352B555FADD898C5F12

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_64655b7c61c841cb\iertutil.dll
    [2011-06-23 13:51][2010-11-20 04:19] 2064384 ____A (Microsoft Corporation) 683E0C9DA9E1EB9E4691DFAE0EC83E36

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20949_none_62ed2ed57dd34556\iertutil.dll
    [2011-06-16 06:30][2011-04-22 11:13] 2063872 ____A (Microsoft Corporation) 07FF40742E8CAE88204B5B4F24270F6E

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20908_none_63176e3b7db3bc3b\iertutil.dll
    [2011-04-28 11:50][2011-02-23 21:44] 2063872 ____A (Microsoft Corporation) D1E6AE1A6AF76DF281AA2394FB44063D

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20861_none_62cf8ac77deab559\iertutil.dll
    [2011-02-09 08:03][2010-12-17 21:27] 2063872 ____A (Microsoft Corporation) 4F1C954B2815E8D88DD9431385050072

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20831_none_62effa8b7dd26186\iertutil.dll
    [2010-12-15 12:57][2010-11-03 21:51] 2063872 ____A (Microsoft Corporation) 251282C40ED85E8F924A8497131DAF25

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20795_none_62b31a457dff7161\iertutil.dll
    [2010-11-22 11:37][2010-09-07 20:30] 2058752 ____A (Microsoft Corporation) 50DCB7E007B68ABFB06DB91EFAAA00F6

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16800_none_6285cf20649d51b9\iertutil.dll
    [2011-06-16 06:30][2011-04-22 11:31] 2063360 ____A (Microsoft Corporation) 570C6B12E7BD623A85EA1F01C75C346A

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16766_none_624aef6e64c89442\iertutil.dll
    [2011-04-28 11:50][2011-02-23 21:29] 2063360 ____A (Microsoft Corporation) D630864CC31756067D9B19A14A9C6DDB

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16722_none_62722df664abbf22\iertutil.dll
    [2011-02-09 08:03][2010-12-17 21:29] 2063360 ____A (Microsoft Corporation) F2B289B2DBB4F6C24370D90761061D01

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16700_none_6285cd3a649d5492\iertutil.dll
    [2010-12-15 12:57][2010-11-03 21:48] 2063360 ____A (Microsoft Corporation) 24A06A51EE1DFD976E6EC01F8EC0B6AF

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16671_none_623b1c2a64d53459\iertutil.dll
    [2010-11-22 11:37][2010-09-07 20:28] 2058752 ____A (Microsoft Corporation) DE03C0797D592582317A0AA6CDA3A0C4

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16385_none_623447b464d9be31\iertutil.dll
    [2009-07-13 15:44][2009-07-13 17:15] 2058240 ____A (Microsoft Corporation) 13D1F490AF6C7649F51BA29F9CCBB778

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17691_none_cdce256fe93e23b6\iertutil.dll
    [2015-03-15 07:18][2015-02-19 18:03] 2278400 ____A (Microsoft Corporation) 52B4DECDC70B8758380D37EA2CDD4254

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17633_none_cdc7f623e943beee\iertutil.dll
    [2015-02-21 05:19][2015-01-11 18:02] 2277888 ____A (Microsoft Corporation) 9A91F9B5035F54C2D0BA92CF9B16EE34

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17501_none_cdcff2c1e93e23b6\iertutil.dll
    [2014-12-15 10:14][2014-11-21 18:01] 2277888 ____A (Microsoft Corporation) 01777AB557997E98691E322225314E57

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17420_none_cddcda09e93420d2\iertutil.dll
    [2014-11-13 01:12][2014-11-05 19:05] 2277376 ____A (Microsoft Corporation) FA310BD4A5DE904445DDDE54C5A654F2

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17358_none_cde9f493e92a1dee\iertutil.dll
    [2014-10-17 03:24][2014-09-18 16:55] 2187264 ____A (Microsoft Corporation) 55A400FDB21D157E947A0EE65AEDB1B3

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17280_none_cdf87b9de91e80fa\iertutil.dll
    [2014-09-24 10:03][2014-08-18 13:42] 2185728 ____A (Microsoft Corporation) FD96C05DE700F5FD26273D6DDB6495A7

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17239_none_cdf2ad23e923e8f0\iertutil.dll
    [2014-08-13 23:29][2014-07-25 04:21] 2184704 ____A (Microsoft Corporation) FF4A917DD7C387BD2715A5F67307FED1

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17207_none_cdefd9d5e92669a9\iertutil.dll
    [2014-07-10 04:45][2014-06-18 15:32] 2179072 ____A (Microsoft Corporation) 084FB28A790685F32A6D7D003777696D

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17126_none_cdfcc11de91c66c5\iertutil.dll
    [2014-06-11 07:15][2014-05-30 00:38] 2179072 ____A (Microsoft Corporation) 9EAAB4305536829D6B7D9C3A47E92861

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17041_none_ce0a0385e911fd5d\iertutil.dll
    [2014-05-07 08:29][2014-03-05 23:47] 2178048 ____A (Microsoft Corporation) 05BD47136DE62FAFE9F95B40E4100144

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.16521_none_cdd1f16fe93c593d\iertutil.dll
    [2014-03-15 08:07][2014-02-28 19:47] 2168320 ____A (Microsoft Corporation) BD5E6C894130E7BB7ECE9A0925383068

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.16518_none_cdd051ade93df34d\iertutil.dll
    [2014-02-15 09:50][2014-02-06 01:57] 2168320 ____A (Microsoft Corporation) 34CBED7698D557DDB43F8732FBC2ACB9

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.16476_none_cde150e5e9303c24\iertutil.dll
    [2013-12-12 11:34][2013-11-26 00:38] 2166784 ____A (Microsoft Corporation) B2E1F7B212502BB49AAD4EFAD37C5CF5

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.16428_none_cddc21e3e934f0b3\iertutil.dll
    [2013-12-08 05:53][2013-12-08 05:53] 2166272 ____A (Microsoft Corporation) B68750104FBA545C633B7E9AEA660208

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20848_none_5271f3265e58f66d\iertutil.dll
    [2013-11-13 14:12][2013-10-11 22:53] 2079744 ____A (Microsoft Corporation) 4FD7E03B78A39EBBB9B2D6DDEC65E7A1

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20831_none_527192545e5929af\iertutil.dll
    [2013-10-11 13:02][2013-09-22 15:36] 2079744 ____A (Microsoft Corporation) A8643E2B03F84E1E919747DD1C2BEE58

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20794_none_52821fa45e4bf2ab\iertutil.dll
    [2013-09-14 01:43][2013-08-09 20:31] 2079744 ____A (Microsoft Corporation) 0074BE5C1A9BCB483497995070C5CD7E

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20768_none_527ec3a65e4f0d2a\iertutil.dll
    [2013-08-18 04:07][2013-07-25 19:09] 2079232 ____A (Microsoft Corporation) 5B1AE83398E466D35BF8212EB43B592F

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20742_none_527d4bc25e5040b6\iertutil.dll
    [2013-07-11 15:05][2013-06-11 20:17] 2078208 ____A (Microsoft Corporation) 15D158525FC2B7C7202238C58232B86F

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20723_none_527b34665e5227a9\iertutil.dll
    [2013-06-15 03:22][2013-06-08 03:44] 2078208 ____A (Microsoft Corporation) DD17FE1F87EAC9A8096DC9C5BE01F9B7

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20719_none_5279ab6c5e53a818\iertutil.dll
    [2013-06-14 13:43][2013-05-16 17:42] 2078208 ____A (Microsoft Corporation) 74DB24608408257702757B2121C4B59E

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20681_none_528c339e5e447080\iertutil.dll
    [2013-05-19 07:51][2013-04-04 21:17] 2078208 ____A (Microsoft Corporation) 340F8FB919C0CFF0D26EDC5D75C8C54A

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20644_none_5287ee1e5e485807\iertutil.dll
    [2013-04-12 09:37][2013-02-24 15:25] 2077696 ____A (Microsoft Corporation) 37E29329656E12E6FB44CC19A6D219BF

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16736_none_694996f444aa2e2e\iertutil.dll
    [2013-11-13 14:12][2013-10-11 23:02] 2049024 ____A (Microsoft Corporation) DA5374911037841F81072A4DCBB02D93

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16721_none_6949089244aa94b2\iertutil.dll
    [2013-10-11 13:02][2013-09-22 15:27] 2048512 ____A (Microsoft Corporation) 122B216B091D06F672CC8D331128FB06

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16686_none_69596852449d90f0\iertutil.dll
    [2013-09-14 01:43][2013-08-09 19:58] 2048000 ____A (Microsoft Corporation) 281A720B0A984E325599EE1F0342E8FB

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16660_none_6957f06e449ec47c\iertutil.dll
    [2013-08-18 04:07][2013-07-25 19:12] 2048512 ____A (Microsoft Corporation) D0E0086BA353C379DCFE8624E8B8F17A

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16635_none_69547da844a1f89c\iertutil.dll
    [2013-07-11 15:05][2013-06-11 15:42] 2046976 ____A (Microsoft Corporation) FE29131E35902038066C924CF9C59DF8

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16618_none_695238bc44a412d1\iertutil.dll
    [2013-06-15 03:22][2013-06-08 03:40] 2046976 ____A (Microsoft Corporation) F383B1AD5D7FDC1ACB0D900B50572F8D

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16614_none_695293dc44a3ac4d\iertutil.dll
    [2013-06-14 13:43][2013-05-16 17:25] 2046976 ____A (Microsoft Corporation) 21B16760CB0D7D7A6DAC89285203DD8F

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16576_none_696337f444965ba8\iertutil.dll
    [2013-05-19 07:51][2013-04-04 21:26] 2046976 ____A (Microsoft Corporation) F59A16A9418044C1D505C53DA370B099

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16540_none_6960bfc6449875dd\iertutil.dll
    [2013-04-12 09:37][2013-02-21 02:29] 2046464 ____A (Microsoft Corporation) B5DEC0D4CBBC333CA99FE10B06D4747E

    C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16521_none_695ea86a449a5cd0\iertutil.dll
    [2013-03-29 10:26][2013-03-29 10:26] 2046464 ____A (Microsoft Corporation) 66D8CDC28A0AADDA34133AE733934658

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20580_none_bc89a59478772107\iertutil.dll
    [2013-03-29 10:20][2013-02-01 23:08] 2147840 ____A (Microsoft Corporation) B114EF01C1A7C70711D778BCAA420157

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20573_none_bc97765e786c511b\iertutil.dll
    [2013-03-02 09:33][2013-01-08 15:47] 2147840 ____A (Microsoft Corporation) 65906015A1E40A29750C3ED05B5B96B1

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20565_none_bca446de786267d8\iertutil.dll
    [2012-12-19 11:31][2012-11-13 19:54] 2144768 ____A (Microsoft Corporation) B44FC029AAEEB5043A75A5E865BA1B11

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20562_none_bca1460078651bd3\iertutil.dll
    [2012-11-14 03:11][2012-10-08 02:03] 2144768 ____A (Microsoft Corporation) 9D43EB7F46737294991EB75E72B7E710

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20557_none_bcb1175e78587e95\iertutil.dll
    [2012-11-04 03:26][2012-08-24 01:47] 2144768 ____A (Microsoft Corporation) 6984FF326BD5C59DF9E962CC4407A4C2

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20554_none_bcae1680785b3290\iertutil.dll
    [2012-08-17 12:07][2012-06-28 17:45] 2144768 ____A (Microsoft Corporation) B3B110B98A135FA154E2E01B8486A850

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20553_none_bcad1636785c1939\iertutil.dll
    [2012-07-12 06:30][2012-06-02 03:03] 2144768 ____A (Microsoft Corporation) 714CB0F07D7C0A48C334B6A672EFFD44

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20551_none_bcab15a2785de68b\iertutil.dll
    [2012-06-24 02:42][2012-05-17 16:40] 2144768 ____A (Microsoft Corporation) D310AFEF54A3815EB14A386DF70F361B

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20548_none_bcbce794784f7bfb\iertutil.dll
    [2012-04-10 13:52][2012-02-27 19:01] 2144256 ____A (Microsoft Corporation) 318F557D3D7773AC201AA04400DC1A32

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20546_none_bcbae7007851494d\iertutil.dll
    [2012-02-14 14:03][2011-12-13 22:03] 2144256 ____A (Microsoft Corporation) C791A78ACAF337DADBFCC7E1D44DFA77

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20544_none_bcb8e66c7853169f\iertutil.dll
    [2011-12-15 10:34][2011-11-03 18:12] 2144256 ____A (Microsoft Corporation) BD834E55DA379318BF425E50B336A2DA

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20537_none_bcc6b736784846b3\iertutil.dll
    [2011-10-12 16:10][2011-08-31 20:34] 2143744 ____A (Microsoft Corporation) 20AE13E8248943F9192CBBB9DD08C648

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20534_none_bcc3b658784afaae\iertutil.dll
    [2011-08-12 13:58][2011-07-21 21:10] 2143232 ____A (Microsoft Corporation) 3B6924745CE57362253E43008E741C3B

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16470_none_bc0ad8b55f51654c\iertutil.dll
    [2013-03-29 10:20][2013-02-01 22:39] 2147840 ____A (Microsoft Corporation) A54A16DAE7497CDCB8C5A021C0F6FEB8

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16464_none_bc19a9c95f45aeb7\iertutil.dll
    [2013-03-02 09:33][2013-01-08 17:05] 2147840 ____A (Microsoft Corporation) F431C3C86FCCC1C53814F043A6CAD825

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16457_none_bc277a935f3adecb\iertutil.dll
    [2012-12-19 11:31][2012-11-13 21:55] 2144768 ____A (Microsoft Corporation) A0F52880DDD164F968BE903C1FECD27E

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16455_none_bc2579ff5f3cac1d\iertutil.dll
    [2012-11-14 03:11][2012-10-08 03:15] 2144768 ____A (Microsoft Corporation) D25968D163EC487A50C8C6A91D4134B4

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16450_none_bc20788d5f412d6a\iertutil.dll
    [2012-11-04 03:26][2012-08-24 02:12] 2144768 ____A (Microsoft Corporation) D841F7629505EE542E26E5F0A4D20101

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16448_none_bc334ac95f31dc31\iertutil.dll
    [2012-08-17 12:07][2012-06-28 19:42] 2144768 ____A (Microsoft Corporation) E10A0704318A6F7E52787D09717D7C2C

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16447_none_bc324a7f5f32c2da\iertutil.dll
    [2012-07-12 06:30][2012-06-02 03:59] 2144768 ____A (Microsoft Corporation) 78CA24E3B51C624007C1B8A7B8D6C9AF

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16446_none_bc314a355f33a983\iertutil.dll
    [2012-06-24 02:42][2012-05-17 17:54] 2144768 ____A (Microsoft Corporation) B02D84F0923132869E1ABFE08E0D2314

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16443_none_bc2e49575f365d7e\iertutil.dll
    [2012-04-10 13:52][2012-02-27 22:43] 2144256 ____A (Microsoft Corporation) DDDF8F6E16BEA898C07F9B2C8E7F59D2

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16441_none_bc2c48c35f382ad0\iertutil.dll
    [2012-02-14 14:03][2011-12-13 22:59] 2144256 ____A (Microsoft Corporation) E57A6E4941EAA298433623B20F649C8B

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16440_none_bc2b48795f391179\iertutil.dll
    [2011-12-15 10:34][2011-11-03 17:36] 2144256 ____A (Microsoft Corporation) 6CFF67BBACE1DE0AD9BF94C2BCE688C7

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16437_none_bc3d1a6b5f2aa6e9\iertutil.dll
    [2011-10-12 16:10][2011-08-31 21:12] 2143744 ____A (Microsoft Corporation) 51F1A71EF8185B959A6E06D98E489287

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16434_none_bc3a198d5f2d5ae4\iertutil.dll
    [2011-08-12 13:58][2011-07-21 21:33] 2143232 ____A (Microsoft Corporation) FBD511357A9EEA1DAAFD3687E714CD95

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16430_none_bc3618655f30f588\iertutil.dll
    [2011-07-18 11:23][2011-07-18 11:23] 2136064 ____A (Microsoft Corporation) 1D98538193C4206C2800DD0986A0976D

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.21718_none_c11196d9333fb54e\iertutil.dll
    [2011-06-16 06:30][2011-05-01 21:17] 2443776 ____A (Microsoft Corporation) 5137BEECB69F21647E41C72A33633895

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17608_none_c092c9fa1a19f993\iertutil.dll
    [2011-06-16 06:30][2011-04-28 21:51] 2443776 ____A (Microsoft Corporation) 214338D755D4C1E0050D213AFA2A05E8

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_c083f7001a25b301\iertutil.dll
    [2011-06-23 13:52][2010-11-20 05:26] 2444288 ____A (Microsoft Corporation) 5180380D353277D395D3B36D790AA93E

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20949_none_bf0bca593630b68c\iertutil.dll
    [2011-06-16 06:30][2011-04-22 12:11] 2448384 ____A (Microsoft Corporation) C834FFD89950B6B1092180FA28782660

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20908_none_bf3609bf36112d71\iertutil.dll
    [2011-04-28 11:50][2011-02-23 22:23] 2447360 ____A (Microsoft Corporation) 252A2CB00FA9B97CD9604A4E3E60090A

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20861_none_beee264b3648268f\iertutil.dll
    [2011-02-09 08:03][2010-12-17 22:06] 2447360 ____A (Microsoft Corporation) 531939DCD16652D80CD7383E24E06B30

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20831_none_bf0e960f362fd2bc\iertutil.dll
    [2010-12-15 12:57][2010-11-03 22:37] 2447360 ____A (Microsoft Corporation) 8BAE0A181B5463A56E0C95EDADEE1B86

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.20795_none_bed1b5c9365ce297\iertutil.dll
    [2010-11-22 11:37][2010-09-07 21:25] 2442752 ____A (Microsoft Corporation) 09ABA376F07AEAF203C19943888167DA

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16800_none_bea46aa41cfac2ef\iertutil.dll
    [2011-06-16 06:30][2011-04-22 12:13] 2448896 ____A (Microsoft Corporation) 156561022C47CC600130E81E42C4F285

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16766_none_be698af21d260578\iertutil.dll
    [2011-04-28 11:50][2011-02-23 22:24] 2447872 ____A (Microsoft Corporation) 0CDC74065BAA619F595FC99EC0CB8842

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16722_none_be90c97a1d093058\iertutil.dll
    [2011-02-09 08:03][2010-12-17 22:11] 2447872 ____A (Microsoft Corporation) 38ABE826E5934C35D2D33EBAEC042358

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16700_none_bea468be1cfac5c8\iertutil.dll
    [2010-12-15 12:57][2010-11-03 22:31] 2447872 ____A (Microsoft Corporation) E6E7739663F5ADCFADDB7ECD59C5396C

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16671_none_be59b7ae1d32a58f\iertutil.dll
    [2010-11-22 11:37][2010-09-07 21:34] 2441216 ____A (Microsoft Corporation) E8DB77BB2324D91B173A9C9F9ED12F98

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16385_none_be52e3381d372f67\iertutil.dll
    [2009-07-13 15:59][2009-07-13 17:41] 2440704 ____A (Microsoft Corporation) 39570395292A4702FDE94C345DF0C39E

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17691_none_29ecc0f3a19b94ec\iertutil.dll
    [2015-03-15 07:18][2015-02-19 18:48] 2886144 ____A () 4364E8C6FEC5C6E49167CB66B5163706

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17633_none_29e691a7a1a13024\iertutil.dll
    [2015-02-21 05:19][2015-01-11 18:48] 2885632 ____A (Microsoft Corporation) A7A3775B0014B165D75A00A1F632E4B5

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17501_none_29ee8e45a19b94ec\iertutil.dll
    [2014-12-15 10:14][2014-11-21 18:49] 2885120 ____A (Microsoft Corporation) 982B871A25B5078093FAD82D0AB0E3FC

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17420_none_29fb758da1919208\iertutil.dll
    [2014-11-13 01:12][2014-11-05 19:43] 2884096 ____A (Microsoft Corporation) BA4EC6139B8830BBA9CC5D065CA5796C

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17358_none_2a089017a1878f24\iertutil.dll
    [2014-10-17 03:23][2014-09-18 17:41] 2796032 ____A (Microsoft Corporation) 050FD78BA4EFA62417F61F4C098B5B25

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17280_none_2a171721a17bf230\iertutil.dll
    [2014-09-24 10:03][2014-08-18 14:20] 2793984 ____A (Microsoft Corporation) 75498A52C2AE248DEE5BDF5209768963

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17239_none_2a1148a7a1815a26\iertutil.dll
    [2014-08-13 23:29][2014-07-25 05:25] 2774528 ____A (Microsoft Corporation) DB382D89D8004F40BD2C55BAE6A15B30

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17207_none_2a0e7559a183dadf\iertutil.dll
    [2014-07-10 04:45][2014-06-18 16:48] 2768384 ____A (Microsoft Corporation) A21C6231459F4CAC212676A9367A1A68

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17126_none_2a1b5ca1a179d7fb\iertutil.dll
    [2014-06-11 07:15][2014-05-30 01:45] 2768384 ____A (Microsoft Corporation) 063EF4239479F52DAF9F4849B0B304F1

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17041_none_2a289f09a16f6e93\iertutil.dll
    [2014-05-07 08:29][2014-03-06 00:53] 2767360 ____A (Microsoft Corporation) 1F8534A19A66275C863DE17645CB2A13

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.16521_none_29f08cf3a199ca73\iertutil.dll
    [2014-03-15 08:07][2014-02-28 20:58] 2765824 ____A (Microsoft Corporation) 76862AAF77C049EC20217FDC209F7F13

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.16518_none_29eeed31a19b6483\iertutil.dll
    [2014-02-15 09:49][2014-02-06 03:12] 2765824 ____A (Microsoft Corporation) 6300AD525D639CECBB3D144B6D7B30F9

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.16476_none_29ffec69a18dad5a\iertutil.dll
    [2013-12-12 11:34][2013-11-26 01:41] 2764288 ____A (Microsoft Corporation) 7016991D493B9F9FA492E75BD13D031D

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.16428_none_29fabd67a19261e9\iertutil.dll
    [2013-12-08 05:53][2013-12-08 05:53] 2764288 ____A (Microsoft Corporation) 092F3E7D054FDF779054E29A0A0D4267

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20848_none_ae908eaa16b667a3\iertutil.dll
    [2013-11-13 14:12][2013-10-11 23:15] 2671616 ____A (Microsoft Corporation) 64A7256627160785215846D96A0F2C75

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20831_none_ae902dd816b69ae5\iertutil.dll
    [2013-10-11 13:02][2013-09-22 15:22] 2671616 ____A (Microsoft Corporation) CA14EC5B69D8FB1CCFCD3F8E1F81FB11

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20794_none_aea0bb2816a963e1\iertutil.dll
    [2013-09-14 01:43][2013-08-09 21:12] 2671104 ____A (Microsoft Corporation) 69E8E46FFC79478C384CA3ACB5804001

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20768_none_ae9d5f2a16ac7e60\iertutil.dll
    [2013-08-18 04:07][2013-07-25 19:58] 2671104 ____A (Microsoft Corporation) 4B9A6402E704C21E48F7D93E2DC462BF

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20742_none_ae9be74616adb1ec\iertutil.dll
    [2013-07-11 15:05][2013-06-11 21:10] 2675200 ____A (Microsoft Corporation) 5A65FFA25D0E9312178702AC9E5DBEDF

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20723_none_ae99cfea16af98df\iertutil.dll
    [2013-06-15 03:22][2013-06-08 04:22] 2675200 ____A (Microsoft Corporation) E277FC260D2A25DE9E48D114F09BA2B2

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20719_none_ae9846f016b1194e\iertutil.dll
    [2013-06-14 13:43][2013-05-16 17:34] 2675200 ____A (Microsoft Corporation) E42B4B68F1263E76127D5929B0B5600E

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20681_none_aeaacf2216a1e1b6\iertutil.dll
    [2013-05-19 07:51][2013-04-04 21:11] 2674688 ____A (Microsoft Corporation) 8B15034F0E7F77763E265F1BFD70A6EA

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.20644_none_aea689a216a5c93d\iertutil.dll
    [2013-04-12 09:37][2013-02-24 15:21] 2674176 ____A (Microsoft Corporation) 2B5DBD2C34757D3BBCC3F9DDDE522112

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16736_none_c5683277fd079f64\iertutil.dll
    [2013-11-13 14:12][2013-10-12 00:43] 2648576 ____A (Microsoft Corporation) A96B3E9D360DE75B09EE77698A54412B

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16721_none_c567a415fd0805e8\iertutil.dll
    [2013-10-11 13:02][2013-09-22 14:54] 2647552 ____A (Microsoft Corporation) 199BD40B1890E1EEFF7438B59787534F

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16686_none_c57803d5fcfb0226\iertutil.dll
    [2013-09-14 01:43][2013-08-09 21:20] 2647040 ____A (Microsoft Corporation) 8E9898BF21FF4232EE07BD5D1D1C6281

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16660_none_c5768bf1fcfc35b2\iertutil.dll
    [2013-08-18 04:07][2013-07-25 21:12] 2647040 ____A (Microsoft Corporation) 65546D87F7A78AB31841A536456CB94D

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16635_none_c573192bfcff69d2\iertutil.dll
    [2013-07-11 15:05][2013-06-11 15:25] 2648576 ____A (Microsoft Corporation) 9E0D8010D7368856617D3FE0FA5DA58F

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16618_none_c570d43ffd018407\iertutil.dll
    [2013-06-15 03:22][2013-06-08 06:06] 2648064 ____A (Microsoft Corporation) 1BDF694C5BA91A1576DA907DA3077EF8

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16614_none_c5712f5ffd011d83\iertutil.dll
    [2013-06-14 13:43][2013-05-16 16:58] 2648064 ____A (Microsoft Corporation) 9ACD5BC528F8FFA885EFF895A95B35C4

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16576_none_c581d377fcf3ccde\iertutil.dll
    [2013-05-19 07:51][2013-04-04 22:50] 2647552 ____A (Microsoft Corporation) 9D6B9124B582F0FBF275B434CE5A672C

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16540_none_c57f5b49fcf5e713\iertutil.dll
    [2013-04-12 09:37][2013-02-21 02:14] 2647040 ____A (Microsoft Corporation) 85F1FE2D5EDBFD26066F5ABB9504A69C

    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_10.2.9200.16521_none_c57d43edfcf7ce06\iertutil.dll
    [2013-03-29 10:26][2013-03-29 10:26] 2647552 ____A (Microsoft Corporation) 23C80181B93AA17DACB08A7474A8558B

    C:\Windows\SysWOW64\iertutil.dll
    [2015-03-15 07:18][2015-02-19 18:03] 2278400 ____A (Microsoft Corporation) 52B4DECDC70B8758380D37EA2CDD4254

    C:\Windows\System32\iertutil.dll
    [2015-03-15 07:18][2015-02-19 18:48] 2886144 ____A () 4364E8C6FEC5C6E49167CB66B5163706

    X:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16385_none_be52e3381d372f67\iertutil.dll
    [2009-07-13 15:59][2009-07-13 17:41] 2440704 ____A (Microsoft Corporation) 39570395292A4702FDE94C345DF0C39E

    X:\Windows\System32\iertutil.dll
    [2009-07-13 15:59][2009-07-13 17:41] 2440704 ____A (Microsoft Corporation) 39570395292A4702FDE94C345DF0C39E

    ====== End Of Search ======
     
  6. swisstonyholmes

    swisstonyholmes TS Rookie Topic Starter Posts: 98

    With regards to the PM messages I sent, did you not receive any of the attached messages?

    PM Messages.JPG
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    This is not really PM. I don't think I ever checked "Profile posts" tab...lol

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Restart computer normally and see if the issue is still there.
     

    Attached Files:

  8. swisstonyholmes

    swisstonyholmes TS Rookie Topic Starter Posts: 98

    Then we have both found out something new tonight then!

    Fixlog txt shown below

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by SYSTEM at 2015-03-31 20:27:37 Run:1
    Running from h:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17633_none_29e691a7a1a13024\iertutil.dll C:\Windows\System32\iertutil.dll
    C:\Users\Reg\AppData\Local\Temp\sp64126.exe
    C:\Users\Reg\AppData\Local\Temp\UninstallHPSA.exe

    *****************

    C:\Windows\System32\iertutil.dll => Moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17633_none_29e691a7a1a13024\iertutil.dll copied successfully to C:\Windows\System32\iertutil.dll
    C:\Users\Reg\AppData\Local\Temp\sp64126.exe => Moved successfully.
    C:\Users\Reg\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.

    ==== End of Fixlog 20:27:37 ====
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    :)

    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  10. swisstonyholmes

    swisstonyholmes TS Rookie Topic Starter Posts: 98

    Results so far...

    Results of screen317's Security Check version 0.99.99
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    COMODO Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Panda Cloud Cleaner
    Java(TM) 6 Update 29
    Java 7 Update 40
    Java version 32-bit out of Date!
    Adobe Reader XI
    Google Chrome (41.0.2272.101)
    Google Chrome (41.0.2272.89)
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````



    Farbar Service Scanner Version: 17-01-2015
    Ran by Reg (administrator) on 01-04-2015 at 18:56:13
    Running from "C:\Users\Reg\Videos\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****


    2015-04-01 18:15:48.762 Sophos Virus Removal Tool version 2.5.4
    2015-04-01 18:15:48.762 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-04-01 18:15:48.762 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-04-01 18:15:48.762 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-04-01 18:15:48.763 Checking for updates...
    2015-04-01 18:15:51.583 Update progress: proxy server not available
    2015-04-01 18:16:08.518 Option all = no
    2015-04-01 18:16:08.518 Option recurse = yes
    2015-04-01 18:16:08.518 Option archive = no
    2015-04-01 18:16:08.518 Option service = yes
    2015-04-01 18:16:08.518 Option confirm = yes
    2015-04-01 18:16:08.518 Option sxl = yes
    2015-04-01 18:16:08.520 Option max-data-age = 35
    2015-04-01 18:16:08.520 Option EnableSafeClean = yes
    2015-04-01 18:16:09.707 Option vdl-logging = yes
    2015-04-01 18:16:09.714 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-04-01 18:16:09.714 Machine ID: 4a94639f722746e5890a869e797c7d4e
    2015-04-01 18:16:09.749 Component SVRTcli.exe version 2.5.4
    2015-04-01 18:16:09.749 Component control.dll version 2.5.4
    2015-04-01 18:16:09.750 Component SVRTservice.exe version 2.5.4
    2015-04-01 18:16:09.750 Component engine\osdp.dll version 1.44.1.2183
    2015-04-01 18:16:09.750 Component engine\veex.dll version 3.58.3.2183
    2015-04-01 18:16:09.750 Component engine\savi.dll version 8.1.5.2183
    2015-04-01 18:16:09.767 Component rkdisk.dll version 1.5.30.0
    2015-04-01 18:16:09.767 Version info: Product version 2.5.4
    2015-04-01 18:16:09.768 Version info: Detection engine 3.58.3
    2015-04-01 18:16:09.768 Version info: Detection data 5.11
    2015-04-01 18:16:09.768 Version info: Build date 03/02/2015
    2015-04-01 18:16:09.768 Version info: Data files added 504
    2015-04-01 18:16:09.768 Version info: Last successful update (not yet updated)
    2015-04-01 18:16:21.123 Downloading updates...
    2015-04-01 18:16:21.126 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-04-01 18:16:21.126 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-04-01 18:16:21.126 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-04-01 18:16:21.126 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-04-01 18:16:21.126 Update progress: [I49502] Found supplement IDE514 LATEST
    2015-04-01 18:16:21.126 Update progress: [I49502] Found supplement IDE515 LATEST
    2015-04-01 18:16:21.126 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-04-01 18:16:21.126 Update progress: [I19463] Syncing product SAVIW32 51
    2015-04-01 18:16:40.373 Update progress: [I19463] Syncing product IDE512 166
    2015-04-01 18:16:41.500 Installing updates...
    2015-04-01 18:16:42.728 Error level 1
    2015-04-01 18:16:43.365 Update progress: [I19463] Syncing product IDE513 171
    2015-04-01 18:16:43.365 Update progress: [I19463] Syncing product IDE514 161
    2015-04-01 18:16:43.365 Update progress: [I19463] Syncing product IDE515 12
    2015-04-01 18:17:14.978 Update successful
    2015-04-01 18:17:44.842 Option all = no
    2015-04-01 18:17:44.842 Option recurse = yes
    2015-04-01 18:17:44.842 Option archive = no
    2015-04-01 18:17:44.842 Option service = yes
    2015-04-01 18:17:44.842 Option confirm = yes
    2015-04-01 18:17:44.842 Option sxl = yes
    2015-04-01 18:17:44.844 Option max-data-age = 35
    2015-04-01 18:17:44.845 Option EnableSafeClean = yes
    2015-04-01 18:17:45.188 Option vdl-logging = yes
    2015-04-01 18:17:45.194 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-04-01 18:17:45.194 Machine ID: 4a94639f722746e5890a869e797c7d4e
    2015-04-01 18:17:45.195 Component SVRTcli.exe version 2.5.4
    2015-04-01 18:17:45.195 Component control.dll version 2.5.4
    2015-04-01 18:17:45.196 Component SVRTservice.exe version 2.5.4
    2015-04-01 18:17:45.196 Component engine\osdp.dll version 1.44.1.2183
    2015-04-01 18:17:45.196 Component engine\veex.dll version 3.58.3.2183
    2015-04-01 18:17:45.196 Component engine\savi.dll version 8.1.5.2183
    2015-04-01 18:17:45.197 Component rkdisk.dll version 1.5.30.0
    2015-04-01 18:17:45.197 Version info: Product version 2.5.4
    2015-04-01 18:17:45.198 Version info: Detection engine 3.58.3
    2015-04-01 18:17:45.198 Version info: Detection data 5.11G
    2015-04-01 18:17:45.198 Version info: Build date 03/02/2015
    2015-04-01 18:17:45.198 Version info: Data files added 503
    2015-04-01 18:17:45.198 Version info: Last successful update 01/04/2015 19:17:14

    2015-04-01 20:28:02.907 Could not open C:\hiberfil.sys
    2015-04-01 20:28:30.811 Could not open C:\pagefile.sys
    2015-04-01 20:55:39.566 >>> Virus 'Mal/FakeAvCn-E' found in file C:\ProgramData\F4D55F3B00002838000149AFB4EB2367\F4D55F3B00002838000149AFB4EB2367
    2015-04-01 21:08:44.841 Could not open C:\System Volume Information\{255f4ad6-ca6f-11e4-848b-60eb691a42a3}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-04-01 21:08:44.842 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-04-01 21:08:44.843 Could not open C:\System Volume Information\{805fe9e0-cb13-11e4-b5d6-60eb691a42a3}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-04-01 21:08:44.843 Could not open C:\System Volume Information\{9021b3ed-cb1c-11e4-bb75-60eb691a42a3}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-04-01 21:08:44.844 Could not open C:\System Volume Information\{9a49a0b2-ca8f-11e4-959d-60eb691a42a3}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-04-01 21:08:44.845 Could not open C:\System Volume Information\{ab150bc3-d894-11e4-8d1d-60eb691a42a3}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-04-01 21:08:44.845 Could not open C:\System Volume Information\{c5832f7d-cb29-11e4-94f6-60eb691a42a3}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-04-01 21:08:44.846 Could not open C:\System Volume Information\{ccc26ced-cdbd-11e4-a1ec-60eb691a42a3}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-04-01 21:09:05.125 Could not open C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Current Session
    2015-04-01 21:09:05.126 Could not open C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
    2015-04-01 21:09:05.212 Could not check C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-04-01 21:09:05.228 Could not check C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-04-01 21:09:06.408 Could not check C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-04-01 21:09:06.873 Could not check C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-04-01 21:25:42.979 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-04-01 21:25:43.028 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-04-01 21:25:52.228 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-04-01 21:25:52.230 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-04-01 21:25:52.233 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-04-01 21:25:52.235 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-04-01 21:25:52.237 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-04-01 22:32:08.908 >>> Virus 'Mal/ZAccConf-A' found in file C:\_OTL\MovedFiles\10092013_225643\C_FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\{aceab5d6-b906-da34-1c5b-5229844f2684}\ \...\‮ﯹ๛\{aceab5d6-b906-da34-1c5b-5229844f2684}\@
    2015-04-01 22:32:19.254 >>> Virus 'Mal/ZAccConf-A' found in file C:\_OTL\MovedFiles\10092013_225643\C_FRST\Quarantine\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{aceab5d6-b906-da34-1c5b-5229844f2684}\@
    2015-04-01 22:32:20.280 The following items will be cleaned up:
    2015-04-01 22:32:20.280 Mal/FakeAvCn-E
    2015-04-01 22:32:20.281 Mal/ZAccConf-A
     
    Last edited: Apr 1, 2015
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    [​IMG] We have one registry issue.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download RemoteAccess.reg
    Double click on downloaded file and confirm the prompt.
    Restart computer.
    Post new FSS log.
     
  12. swisstonyholmes

    swisstonyholmes TS Rookie Topic Starter Posts: 98

    Farbar Service Scanner Version: 17-01-2015
    Ran by Reg (administrator) on 02-04-2015 at 16:47:32
    Running from "C:\Users\Reg\Videos\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  14. swisstonyholmes

    swisstonyholmes TS Rookie Topic Starter Posts: 98

    Looking good,
    Antivirus has started working again and all other programs look ok. Google chrome is working ok but when I try to run internet explorer I get the following error.

    Error message.JPG

    Any ideas?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Still with me?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    The issue seems to be resolved.
     
  18. swisstonyholmes

    swisstonyholmes TS Rookie Topic Starter Posts: 98

    All issues seem to be resolved for now thanks for your help.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...