TechSpot

Trouble with sys/wow64/svhost

By Gryphyn77
May 11, 2013
  1. OI have been reading up on this culprit since 5/6/2013. I Installed Firefox and apparently a few additional programs installed while I wasn't paying attention. One is 24/7 help and the other is PC Fix Speed. I am unable to uninstall these two programs, the error message is the setup files are corrupt and get new copies.
    I have had trouble off and on with explorer and that was the reason for installing Firefox. Now explorer will not open at all and a few things have changed in the last week. I am no longer able to create new folders on desktop with right click and instead of folders it has briefcase. The briefcase has 2 files in it according to properties it contains 294 bytes.
    Since I am a new to Win 7 I am not sure what is going on. In the past I have crashed more then one OS, worked with Linux and a bit of networking.
    I followed windows fixit http://diagnostics.support.microsof...102418&eventseqno=1&buttonclickno=1&_ext=.exe program but have the same problems. These two programs are still locked in place.
    On top of that avast has been blocking "crossmatchx.com" and a net address of "85.195.92.11".
    I tried to figure out how these tie together and here I am. I followed directions and here are the two files requested. Malwarebytes run prior to any scans. I installed a fresh Malwarebytes last week and today it will not ck for updates.Short of re-installing OS I have no idea where to go from here. If it comes to that No Big Deal. Its my gaming computer.
    TIA Gryphyn
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.15.2
    Run by Gryphyn at 13:00:08 on 2013-05-11
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4088.2240 [GMT -4:00]
    .
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
    C:\Windows\syswow64\svchost.exe -k netsvcs
    C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Bar = Preserve
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    uURLSearchHooks: {f92a9fe4-2850-4198-b9d5-279880e49b16} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    BHO: bSaving: {C3675932-C861-11E1-9DFA-2396D5F4BFF2} - C:\Program Files (x86)\bSaving\34edb3b4702f0513a9d4a2c2d15de29b.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{30D7DAED-FB27-4940-AE76-CDA8DFAE7ED5} : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Gryphyn\AppData\Roaming\Mozilla\Firefox\Profiles\0n1po8uo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-1-3 232464]
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-5-9 12368]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-5-9 270824]
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-9 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-9 189936]
    R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-5-11 178728]
    R1 aswFW;avast! TDI Firewall Driver;C:\Windows\System32\drivers\aswFW.sys [2013-5-9 131232]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-5-9 22600]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-3 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-3 378432]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-3 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-3 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-9 46808]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-5-9 137960]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-6-28 173352]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-5-31 1403200]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-1-3 1207808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-3 215040]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-5 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-05-11 16:09:56 -------- d-----w- C:\FRST
    2013-05-11 09:32:58 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4C69F22-FCEA-4265-99DF-F57436DE1274}\offreg.dll
    2013-05-10 07:48:01 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4C69F22-FCEA-4265-99DF-F57436DE1274}\mpengine.dll
    2013-05-10 03:50:09 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2013-05-10 03:50:09 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2013-05-10 03:50:09 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2013-05-10 03:50:09 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-05-10 03:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2013-05-10 03:32:07 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2013-05-10 03:32:06 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2013-05-10 03:32:06 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2013-05-10 03:31:18 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2013-05-10 03:31:18 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2013-05-10 03:31:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2013-05-10 03:31:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2013-05-10 03:31:14 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2013-05-10 03:31:13 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2013-05-10 03:31:13 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2013-05-10 03:27:46 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-05-10 03:27:46 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2013-05-10 03:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
    2013-05-10 03:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-05-10 03:27:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2013-05-10 03:18:13 3213824 ----a-w- C:\Windows\System32\msi.dll
    2013-05-10 03:18:13 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2013-05-10 03:17:49 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-05-10 03:17:49 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-10 03:17:47 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-05-10 03:17:23 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2013-05-10 03:17:19 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2013-05-10 03:17:02 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2013-05-10 03:17:01 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-05-10 03:17:01 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-05-10 03:17:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2013-05-10 03:15:51 1462784 ----a-w- C:\Windows\System32\crypt32.dll
    2013-05-10 03:15:51 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-10 03:15:50 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-10 03:15:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-05-10 03:15:50 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-10 03:15:50 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-10 03:15:24 956416 ----a-w- C:\Windows\System32\localspl.dll
    2013-05-10 03:15:22 58880 ----a-w- C:\Windows\System32\browcli.dll
    2013-05-10 03:15:22 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
    2013-05-10 03:15:22 136704 ----a-w- C:\Windows\System32\browser.dll
    2013-05-10 03:15:20 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-05-09 12:15:05 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2013-05-09 12:15:03 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2013-05-09 12:15:00 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2013-05-09 12:14:57 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-05-09 12:14:54 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-05-09 12:14:53 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
    2013-05-05 02:54:52 -------- d-----w- C:\Users\Gryphyn\AppData\Local\Macromedia
    2013-05-05 01:51:59 -------- d-----w- C:\Users\Gryphyn\AppData\Roaming\Malwarebytes
    2013-05-05 01:51:50 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-05-05 01:51:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-05-05 01:51:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-05 01:51:39 -------- d-----w- C:\Users\Gryphyn\AppData\Local\Programs
    2013-05-05 01:37:38 -------- d-----w- C:\Users\Gryphyn\AppData\Roaming\TeamViewer
    2013-05-05 01:37:27 -------- d-----w- C:\Program Files (x86)\TeamViewer
    2013-05-05 00:48:00 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    2013-05-05 00:48:00 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2013-05-05 00:48:00 43520 ----a-w- C:\Windows\SysWow64\csrr.rs
    2013-05-05 00:46:53 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2013-05-05 00:46:51 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-05-05 00:46:49 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2013-05-05 00:46:49 158208 ----a-w- C:\Windows\System32\aaclient.dll
    2013-05-05 00:46:49 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2013-05-05 00:46:48 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2013-05-05 00:43:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-05-05 00:41:59 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-05-05 00:41:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-05-05 00:41:38 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-05-05 00:40:59 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2013-05-05 00:40:54 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2013-05-05 00:40:53 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2013-05-05 00:40:42 -------- d-----w- C:\Program Files\DomaIQ Uninstaller
    2013-05-05 00:40:03 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-05-05 00:40:03 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-05-05 00:40:01 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2013-05-05 00:40:01 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-05-05 00:40:01 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-05-05 00:34:17 -------- d-----w- C:\Users\Gryphyn\AppData\Local\Strongvault Online Backup
    2013-05-05 00:34:16 -------- d-----w- C:\ProgramData\Strongvault Online Backup
    2013-05-05 00:29:52 -------- d-----w- C:\Program Files (x86)\LessTabs
    2013-05-04 03:45:07 -------- d-----w- C:\Users\Gryphyn\AppData\Roaming\player
    2013-05-04 03:41:11 -------- d-----w- C:\Users\Gryphyn\AppData\Roaming\Strongvault
    2013-05-04 03:40:36 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2013-05-04 03:40:30 -------- d-sh--w- C:\AI_RecycleBin
    2013-05-04 03:39:18 -------- d-----w- C:\Users\Gryphyn\AppData\Local\Mozilla
    2013-05-04 03:25:21 -------- d-----w- C:\Users\Gryphyn\AppData\Roaming\24x7 Help
    2013-05-04 03:20:42 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2013-05-04 03:12:28 -------- d-----w- C:\Program Files (x86)\24x7Help
    2013-05-04 03:12:26 -------- d-----w- C:\Users\Gryphyn\AppData\Roaming\Yontoo
    2013-05-04 03:12:25 -------- d--h--w- C:\ProgramData\Common Files
    2013-05-04 03:12:25 -------- d-----w- C:\Program Files (x86)\Yontoo
    2013-05-04 03:12:21 -------- d-----w- C:\Users\Gryphyn\AppData\Roaming\PCFixSpeed
    2013-05-04 03:12:20 -------- d-----w- C:\ProgramData\PCFixSpeed
    2013-05-04 03:12:16 -------- d-----w- C:\Program Files (x86)\PCFixSpeed
    2013-05-04 03:12:15 -------- d-----w- C:\ProgramData\Tarma Installer
    .
    ==================== Find3M ====================
    .
    2013-05-05 02:54:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-05 02:54:39 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-05-01 23:34:06 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-05-01 23:34:06 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-05-01 23:34:05 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-05-01 23:33:35 41664 ----a-w- C:\Windows\avastSS.scr
    2013-03-23 19:16:18 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2013-03-01 03:32:29 3150848 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-25 17:49:57 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-25 17:49:54 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-02-25 17:49:54 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-02-12 14:02:22 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    .
    ============= FINISH: 13:00:44.00 ===============
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.04.10

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Gryphyn :: GRYPHYN-PC [administrator]

    5/11/2013 12:51:04 PM
    mbam-log-2013-05-11 (12-51-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209824
    Time elapsed: 1 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.04.10

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Gryphyn :: GRYPHYN-PC [administrator]

    5/11/2013 12:51:04 PM
    mbam-log-2013-05-11 (12-51-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209824
    Time elapsed: 1 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.04.10

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Gryphyn :: GRYPHYN-PC [administrator]

    5/11/2013 12:51:04 PM
    mbam-log-2013-05-11 (12-51-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209824
    Time elapsed: 1 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume6
    Install Date: 1/3/2012 1:11:30 AM
    System Uptime: 5/10/2013 4:19:49 PM (21 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A79XTD EVO
    Processor: AMD Athlon(tm) II X4 630 Processor | AM3 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 78 GiB total, 34.395 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 244 GiB total, 243.741 GiB free.
    F: is FIXED (NTFS) - 222 GiB total, 221.247 GiB free.
    H: is FIXED (NTFS) - 149 GiB total, 110.957 GiB free.
    J: is FIXED (NTFS) - 466 GiB total, 435.448 GiB free.
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP165: 5/9/2013 11:19:07 PM - Windows Update
    RP166: 5/10/2013 4:26:44 PM - Windows Update
    RP167: 5/10/2013 4:29:21 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    24x7 Help
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.6)
    ATI Catalyst Install Manager
    avast! Internet Security
    Compatibility Pack for the 2007 Office system
    DomaIQ
    Dropbox
    EPU-4 Engine
    eReg
    Java 7 Update 15
    Java Auto Updater
    Logitech Gaming Software 5.10
    Logitech SetPoint 6.52
    Malwarebytes Anti-Malware version 1.75.0.1300
    marvell 61xx
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office File Validation Add-In
    Microsoft Office Standard Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 20.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Pando Media Booster
    PC Fix Speed 1.2.0.24
    Platform
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    Realtek 8136 8168 8169 Ethernet Driver
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    TeamViewer 5
    The Lord of the Rings Onlineā„¢ v03.08.00.8025
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VIA Platform Device Manager
    ViewSonic Windows 7 Signed Files
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2013 11:43:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft Office File Validation Add-in.
    5/9/2013 11:34:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
    5/7/2013 12:01:31 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    5/7/2013 12:00:32 AM, Error: Service Control Manager [7022] - The Yahoo! Updater service hung on starting.
    5/7/2013 12:00:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    5/6/2013 7:48:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2013 7:48:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    5/6/2013 7:48:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    5/6/2013 7:48:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/6/2013 7:48:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/6/2013 7:48:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/6/2013 7:47:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/6/2013 7:46:08 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
    5/6/2013 7:46:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
    5/6/2013 7:46:07 PM, Error: BROWSER [8017] - The browser has failed to start because the dependent service LanmanWorkstation had invalid service status 4294967295. Status Meaning 1 Service Stopped 2 Start Pending 3 Stop Pending 4 Running 5 Continue Pending 6 Pause Pending 7 Paused
    5/6/2013 7:42:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2013 7:06:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2013 6:33:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
    5/6/2013 6:31:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cab677, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050613-34897-01.
    5/6/2013 4:25:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    5/6/2013 11:49:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
    5/6/2013 11:49:18 PM, Error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/6/2013 11:48:35 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    5/6/2013 11:44:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO aswSnx aswSP aswTdi discache spldr Wanarpv6
    5/4/2013 8:56:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
    5/4/2013 8:14:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.
    5/4/2013 11:09:30 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    5/10/2013 4:30:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2813170).
    5/10/2013 4:30:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
    .
    ==== End Of File ===========================
     
  2. Gryphyn77

    Gryphyn77 TS Rookie Topic Starter

    OH and as the Topic states syswow64/svhost is also part of the warnings avast gives me for blocked info.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  4. Gryphyn77

    Gryphyn77 TS Rookie Topic Starter

    OK, I ran Rogue Killer64 and then Malwarebytes anti root kit and now it wont boot up. Windows splash screan never appeared and it appears it is still in DOS, with a hash mark flashing so something occurred. I tried to enter safe mode F8 to no avail. suggestions? Or does it take a very long time to repair my problem in DOS mode? Currently running on wife's comp since Lap is at work.
    I can think of different things to try but as your instructions regarding repairs I have left it alone
     
  5. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  6. Gryphyn77

    Gryphyn77 TS Rookie Topic Starter

    As Requested.
    TIA Gryphyn
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01
    Ran by SYSTEM on 11-05-2013 18:40:24
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2991856 2013-02-20] (Logitech, Inc.)
    HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\Gryphyn\Desktop\pcdrivers headquarters\PC Drivers HeadQuarters\Driver Detective\mbar\mbar.exe" /cleanup /s [1398856 2013-03-22] (Malwarebytes Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858456 2013-05-01] (AVAST Software)
    HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2171904 2009-06-05] (VIA)
    HKU\Gryphyn\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4270640 2013-03-19] ()

    ==================== Services (Whitelisted) =================

    S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-14] (Microsoft Corporation)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-01] (AVAST Software)
    S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-01] (AVAST Software)
    S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2012-06-16] (TuneUp Software)
    S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-05-31] (TuneUp Software)

    ==================== Drivers (Whitelisted) ====================

    S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
    S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
    S1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-05-01] (AVAST Software)
    S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-01] (AVAST Software)
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-01] (AVAST Software)
    S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-13] (ALWIL Software)
    S0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-05-01] (AVAST Software)
    S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-01] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-01] ()
    S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-01] (AVAST Software)
    S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-01] (AVAST Software)
    S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-01] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-02] ()
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-05-11] ()
    S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [157512 2013-05-11] (Malwarebytes Corporation)
    S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
    S0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.)
    S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
    S3 Via4in1; \??\C:\Users\Gryphyn\AppData\Local\Temp\pftDD7~tmp\Via4in1.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-05-11 13:34 - 2013-05-11 13:34 - 00003855 ____A C:\Users\Gryphyn\Desktop\RKreport[2]_D_05112013_02d1734.txt
    2013-05-11 13:33 - 2013-05-11 13:33 - 00003726 ____A C:\Users\Gryphyn\Desktop\RKreport[1]_S_05112013_02d1733.txt
    2013-05-11 13:29 - 2013-05-11 13:29 - 00157512 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2013-05-11 13:29 - 2013-05-11 13:29 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
    2013-05-11 13:24 - 2013-05-11 13:24 - 12917756 ____A C:\Users\Gryphyn\Downloads\mbar-1.05.0.1001.zip
    2013-05-11 13:16 - 2013-05-11 13:33 - 00000000 ____D C:\Users\Gryphyn\Desktop\RK_Quarantine
    2013-05-11 09:17 - 2013-05-11 09:17 - 00000000 ___RD C:\Users\Gryphyn\Desktop\New Briefcase (2)
    2013-05-11 08:35 - 2013-05-11 09:00 - 00018476 ____A C:\Users\Gryphyn\Desktop\dds.txt
    2013-05-11 08:35 - 2013-05-11 09:00 - 00012405 ____A C:\Users\Gryphyn\Desktop\attach.txt
    2013-05-11 08:32 - 2013-05-11 08:32 - 00091149 ____A C:\Users\Gryphyn\Downloads\FRST.txt
    2013-05-11 08:31 - 2013-05-11 08:31 - 00688992 ____R (Swearware) C:\Users\Gryphyn\Downloads\dds.com
    2013-05-11 08:20 - 2013-05-11 08:20 - 00000000 ___RD C:\Users\Gryphyn\Desktop\New Briefcase
    2013-05-11 08:09 - 2013-05-11 08:09 - 01875978 ____A (Farbar) C:\Users\Gryphyn\Downloads\FRST64.exe
    2013-05-11 08:09 - 2013-05-11 08:09 - 00000000 ____D C:\FRST
    2013-05-09 19:59 - 2013-05-09 19:59 - 00000129 ____A C:\Windows\System32\MRT.INI
    2013-05-09 19:50 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2013-05-09 19:50 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2013-05-09 19:50 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2013-05-09 19:50 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2013-05-09 19:32 - 2012-12-16 08:52 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2013-05-09 19:32 - 2012-12-16 06:40 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2013-05-09 19:32 - 2012-12-16 06:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2013-05-09 19:32 - 2012-12-16 06:25 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2013-05-09 19:31 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2013-05-09 19:31 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2013-05-09 19:31 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2013-05-09 19:31 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2013-05-09 19:31 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2013-05-09 19:31 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2013-05-09 19:31 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2013-05-09 19:31 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2013-05-09 19:27 - 2012-02-29 22:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2013-05-09 19:27 - 2012-02-29 22:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2013-05-09 19:27 - 2012-02-29 22:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2013-05-09 19:27 - 2012-02-29 21:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2013-05-09 19:27 - 2012-02-29 21:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2013-05-09 19:18 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2013-05-09 19:18 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2013-05-09 19:17 - 2013-04-12 06:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-05-09 19:17 - 2013-01-03 21:41 - 01893224 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-05-09 19:17 - 2013-01-03 21:40 - 00287576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-05-09 19:16 - 2012-11-29 15:21 - 00420032 ____A C:\Windows\SysWOW64\locale.nls
    2013-05-09 19:16 - 2012-11-29 15:19 - 00420032 ____A C:\Windows\System32\locale.nls
    2013-05-09 19:16 - 2012-11-22 02:32 - 00801280 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
    2013-05-09 19:16 - 2012-11-22 01:33 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2013-05-09 19:16 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2013-05-09 19:16 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2013-05-09 19:16 - 2012-09-06 09:38 - 00295792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
    2013-05-09 19:16 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2013-05-09 19:16 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2013-05-09 19:16 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2013-05-09 19:16 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2013-05-09 19:16 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2013-05-09 19:16 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2013-05-09 19:16 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2013-05-09 19:15 - 2013-01-23 21:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-05-09 19:15 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2013-05-09 19:15 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2013-05-09 19:15 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2013-05-09 19:15 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2013-05-09 19:15 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2013-05-09 19:15 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-05-09 19:15 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-05-09 19:15 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-05-09 19:15 - 2012-06-01 20:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-05-09 19:15 - 2012-06-01 20:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-05-09 19:15 - 2012-06-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-05-09 19:15 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2013-05-09 04:15 - 2013-05-01 15:34 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
    2013-05-09 04:15 - 2013-05-01 15:34 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
    2013-05-09 04:15 - 2013-05-01 15:34 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
    2013-05-09 04:14 - 2013-05-02 07:44 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
    2013-05-09 04:14 - 2013-05-01 15:34 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
    2013-05-09 04:14 - 2013-03-13 10:01 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
    2013-05-09 04:11 - 2013-05-09 04:11 - 00001926 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2013-05-06 20:29 - 2013-05-06 20:29 - 00467472 ____A (WinZip Computing) C:\Users\Gryphyn\Downloads\WinZipRegistryOptimizer.exe
    2013-05-06 20:24 - 2013-05-06 20:25 - 85713688 ____A (Microsoft Corporation) C:\Users\Gryphyn\Downloads\msert.exe
    2013-05-06 20:18 - 2013-05-06 20:18 - 04951216 ____A (SpeedMaxPc) C:\Users\Gryphyn\Downloads\SpeedMaxpc_installer.exe
    2013-05-06 19:15 - 2013-05-06 19:15 - 00347424 ____A (Microsoft Corporation) C:\Users\Gryphyn\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.133291327151102418.1.1.Run.exe
    2013-05-06 14:31 - 2013-05-06 14:31 - 00275760 ____A C:\Windows\Minidump\050613-34897-01.dmp
    2013-05-04 18:54 - 2013-05-04 18:54 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\Macromedia
    2013-05-04 18:23 - 2013-05-04 18:23 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2013-05-04 18:23 - 2013-05-04 18:23 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2013-05-04 18:23 - 2013-05-04 18:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-04 18:23 - 2013-05-04 18:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-04 18:23 - 2013-05-04 18:23 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-04 18:23 - 2013-05-04 18:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-04 18:23 - 2013-05-04 18:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2013-05-04 18:23 - 2013-05-04 18:23 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-05-04 18:23 - 2013-05-04 18:23 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2013-05-04 18:23 - 2013-05-04 18:23 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2013-05-04 18:23 - 2013-05-04 18:23 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2013-05-04 17:51 - 2013-05-04 17:51 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Gryphyn\Downloads\mbam-setup-1.75.0.1300.exe
    2013-05-04 17:51 - 2013-05-04 17:51 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-04 17:51 - 2013-05-04 17:51 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\Malwarebytes
    2013-05-04 17:51 - 2013-05-04 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-04 17:51 - 2013-05-04 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-04 17:51 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-05-04 17:37 - 2013-05-04 17:37 - 00001166 ____A C:\Users\Public\Desktop\TeamViewer 5.lnk
    2013-05-04 17:37 - 2013-05-04 17:37 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\TeamViewer
    2013-05-04 17:37 - 2013-05-04 17:37 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2013-05-04 17:25 - 2013-05-04 17:26 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\Mozilla
    2013-05-04 17:25 - 2013-05-04 17:25 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2013-05-04 17:25 - 2013-05-04 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-05-04 17:25 - 2013-05-04 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-05-04 16:48 - 2012-12-06 19:45 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
    2013-05-04 16:48 - 2012-12-06 19:21 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2013-05-04 16:48 - 2012-12-06 19:21 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2013-05-04 16:47 - 2012-12-06 21:41 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
    2013-05-04 16:47 - 2012-12-06 21:35 - 02745856 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
    2013-05-04 16:47 - 2012-12-06 21:04 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2013-05-04 16:47 - 2012-12-06 20:57 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2013-05-04 16:47 - 2012-12-06 19:45 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
    2013-05-04 16:47 - 2012-12-06 19:45 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2013-05-04 16:47 - 2012-12-06 19:21 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2013-05-04 16:46 - 2013-02-12 07:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-05-04 16:46 - 2013-02-12 07:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-05-04 16:46 - 2013-02-12 07:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-05-04 16:46 - 2013-02-12 07:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-05-04 16:46 - 2013-02-12 07:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-05-04 16:46 - 2013-02-12 05:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-05-04 16:43 - 2013-01-03 21:30 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-05-04 16:43 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-04 16:43 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-04 16:42 - 2013-01-03 21:37 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-05-04 16:42 - 2013-01-03 21:37 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-05-04 16:42 - 2013-01-03 21:37 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-05-04 16:42 - 2013-01-03 21:36 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-05-04 16:42 - 2013-01-03 21:33 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-05-04 16:42 - 2013-01-03 21:30 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:51 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-05-04 16:42 - 2013-01-03 20:51 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-05-04 16:42 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 19:19 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-05-04 16:42 - 2013-01-03 18:48 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-05-04 16:42 - 2013-01-03 18:48 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-05-04 16:42 - 2013-01-03 18:48 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-05-04 16:42 - 2013-01-03 18:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-05-04 16:42 - 2013-01-03 18:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 18:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 18:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-05-04 16:42 - 2013-01-03 18:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-05-04 16:42 - 2012-11-01 21:30 - 02001408 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-05-04 16:42 - 2012-11-01 21:30 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-05-04 16:42 - 2012-11-01 20:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-05-04 16:41 - 2012-11-08 21:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-05-04 16:41 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-05-04 16:41 - 2012-11-01 20:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-05-04 16:40 - 2012-11-01 21:27 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2013-05-04 16:40 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2013-05-04 16:40 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2013-05-04 16:40 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2013-05-04 16:40 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2013-05-04 16:40 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-05-04 16:40 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-05-04 16:40 - 2012-03-16 23:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2013-05-04 16:39 - 2013-02-28 19:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-04 16:39 - 2013-02-12 06:02 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
    2013-05-04 16:39 - 2012-11-19 21:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-05-04 16:39 - 2012-11-19 21:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-05-04 16:39 - 2012-11-08 21:34 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-05-04 16:39 - 2012-11-08 20:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-05-04 16:39 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-05-04 16:39 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-05-04 16:39 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-05-04 16:39 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-05-04 16:39 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2013-05-04 16:39 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2013-05-04 16:39 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2013-05-04 16:39 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-05-04 16:39 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2013-05-04 16:39 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2013-05-04 16:39 - 2012-03-02 22:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2013-05-04 16:39 - 2012-03-02 22:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-05-04 16:39 - 2012-03-02 22:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2013-05-04 16:39 - 2012-03-02 22:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2013-05-04 16:39 - 2012-03-02 22:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2013-05-04 16:39 - 2012-03-02 21:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2013-05-04 16:39 - 2012-03-02 21:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-05-04 16:39 - 2012-03-02 21:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2013-05-04 16:39 - 2012-03-02 21:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2013-05-04 16:39 - 2012-03-02 21:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2013-05-04 16:34 - 2013-05-04 16:59 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\Strongvault Online Backup
    2013-05-04 16:34 - 2013-05-04 16:59 - 00000000 ____D C:\ProgramData\Strongvault Online Backup
    2013-05-04 16:29 - 2013-05-04 16:49 - 00000000 ____D C:\Program Files (x86)\LessTabs
    2013-05-03 19:45 - 2013-05-06 20:10 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\player
    2013-05-03 19:42 - 2013-05-04 16:35 - 00001064 ____A C:\Windows\KB893803v2.log
    2013-05-03 19:41 - 2013-05-04 16:59 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\Strongvault
    2013-05-03 19:41 - 2013-05-04 16:34 - 00000258 _RASH C:\Users\Gryphyn\ntuser.pol
    2013-05-03 19:40 - 2013-05-04 16:59 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2013-05-03 19:40 - 2013-05-04 16:59 - 00000000 __SHD C:\AI_RecycleBin
    2013-05-03 19:39 - 2013-05-03 19:39 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\Mozilla
    2013-05-03 19:39 - 2013-05-03 19:39 - 00000000 ____D C:\ProgramData\Mozilla
    2013-05-03 19:25 - 2013-05-03 19:25 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\24x7 Help
    2013-05-03 19:20 - 2013-05-03 19:20 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-05-03 19:19 - 2013-05-03 19:19 - 00275760 ____A C:\Windows\Minidump\050313-40638-01.dmp
    2013-05-03 19:18 - 2013-05-06 14:31 - 238560176 ____A C:\Windows\MEMORY.DMP
    2013-05-03 19:14 - 2013-05-03 19:14 - 00275760 ____A C:\Windows\Minidump\050313-46581-01.dmp
    2013-05-03 19:12 - 2013-05-06 19:08 - 00000000 ____D C:\Program Files (x86)\24x7Help
    2013-05-03 19:12 - 2013-05-03 19:55 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\PCFixSpeed
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000967 ____A C:\Users\Public\Desktop\Optimize Your PC.lnk
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\Yontoo
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000000 ____D C:\ProgramData\PCFixSpeed
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\Yontoo
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\PCFixSpeed
    2013-04-12 18:26 - 2013-04-12 18:26 - 00275760 ____A C:\Windows\Minidump\041213-65629-01.dmp
    2013-04-12 18:17 - 2013-04-12 18:17 - 00275760 ____A C:\Windows\Minidump\041213-59951-01.dmp
    2013-04-12 17:40 - 2013-04-12 17:40 - 00275760 ____A C:\Windows\Minidump\041213-45723-01.dmp
    2013-04-12 17:22 - 2013-04-12 17:22 - 00271520 ____A C:\Windows\Minidump\041213-37346-01.dmp
    2013-04-12 17:13 - 2013-04-12 17:13 - 00275760 ____A C:\Windows\Minidump\041213-35474-01.dmp
     
  7. Gryphyn77

    Gryphyn77 TS Rookie Topic Starter

    2nd half of text

    ==================== One Month Modified Files and Folders =======

    2013-05-11 13:47 - 2012-01-02 20:58 - 01837711 ____A C:\Windows\WindowsUpdate.log
    2013-05-11 13:46 - 2012-01-03 00:36 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\PMB Files
    2013-05-11 13:35 - 2010-04-24 18:02 - 00000000 ____D C:\Users\Gryphyn\Desktop\pcdrivers headquarters
    2013-05-11 13:34 - 2013-05-11 13:34 - 00003855 ____A C:\Users\Gryphyn\Desktop\RKreport[2]_D_05112013_02d1734.txt
    2013-05-11 13:33 - 2013-05-11 13:33 - 00003726 ____A C:\Users\Gryphyn\Desktop\RKreport[1]_S_05112013_02d1733.txt
    2013-05-11 13:33 - 2013-05-11 13:16 - 00000000 ____D C:\Users\Gryphyn\Desktop\RK_Quarantine
    2013-05-11 13:29 - 2013-05-11 13:29 - 00157512 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2013-05-11 13:29 - 2013-05-11 13:29 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
    2013-05-11 13:24 - 2013-05-11 13:24 - 12917756 ____A C:\Users\Gryphyn\Downloads\mbar-1.05.0.1001.zip
    2013-05-11 12:57 - 2012-04-07 02:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-11 09:17 - 2013-05-11 09:17 - 00000000 ___RD C:\Users\Gryphyn\Desktop\New Briefcase (2)
    2013-05-11 09:00 - 2013-05-11 08:35 - 00018476 ____A C:\Users\Gryphyn\Desktop\dds.txt
    2013-05-11 09:00 - 2013-05-11 08:35 - 00012405 ____A C:\Users\Gryphyn\Desktop\attach.txt
    2013-05-11 08:32 - 2013-05-11 08:32 - 00091149 ____A C:\Users\Gryphyn\Downloads\FRST.txt
    2013-05-11 08:31 - 2013-05-11 08:31 - 00688992 ____R (Swearware) C:\Users\Gryphyn\Downloads\dds.com
    2013-05-11 08:20 - 2013-05-11 08:20 - 00000000 ___RD C:\Users\Gryphyn\Desktop\New Briefcase
    2013-05-11 08:09 - 2013-05-11 08:09 - 01875978 ____A (Farbar) C:\Users\Gryphyn\Downloads\FRST64.exe
    2013-05-11 08:09 - 2013-05-11 08:09 - 00000000 ____D C:\FRST
    2013-05-11 07:54 - 2012-01-03 00:20 - 00065200 ____A C:\Users\Gryphyn\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-05-10 21:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-05-10 17:01 - 2013-03-29 07:02 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Gryphyn.job
    2013-05-10 12:29 - 2009-07-13 20:45 - 00016240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-10 12:29 - 2009-07-13 20:45 - 00016240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-10 12:27 - 2012-01-04 20:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2013-05-10 12:24 - 2009-07-13 20:51 - 00071679 ____A C:\Windows\setupact.log
    2013-05-10 12:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-10 12:21 - 2009-07-13 20:45 - 00300136 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-10 12:18 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
    2013-05-09 20:09 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
    2013-05-09 20:03 - 2009-07-13 21:13 - 00750342 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-09 19:59 - 2013-05-09 19:59 - 00000129 ____A C:\Windows\System32\MRT.INI
    2013-05-09 17:00 - 2013-03-29 07:02 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Gryphyn.job
    2013-05-09 04:19 - 2013-03-29 07:02 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Gryphyn.job
    2013-05-09 04:14 - 2012-01-03 00:20 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-05-09 04:11 - 2013-05-09 04:11 - 00001926 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2013-05-06 20:29 - 2013-05-06 20:29 - 00467472 ____A (WinZip Computing) C:\Users\Gryphyn\Downloads\WinZipRegistryOptimizer.exe
    2013-05-06 20:25 - 2013-05-06 20:24 - 85713688 ____A (Microsoft Corporation) C:\Users\Gryphyn\Downloads\msert.exe
    2013-05-06 20:18 - 2013-05-06 20:18 - 04951216 ____A (SpeedMaxPc) C:\Users\Gryphyn\Downloads\SpeedMaxpc_installer.exe
    2013-05-06 20:10 - 2013-05-03 19:45 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\player
    2013-05-06 19:31 - 2012-07-22 12:11 - 00000000 ____D C:\Program Files (x86)\qvPDF
    2013-05-06 19:27 - 2012-01-04 21:24 - 00055768 ____A C:\Windows\PFRO.log
    2013-05-06 19:15 - 2013-05-06 19:15 - 00347424 ____A (Microsoft Corporation) C:\Users\Gryphyn\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.133291327151102418.1.1.Run.exe
    2013-05-06 19:08 - 2013-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\24x7Help
    2013-05-06 14:31 - 2013-05-06 14:31 - 00275760 ____A C:\Windows\Minidump\050613-34897-01.dmp
    2013-05-06 14:31 - 2013-05-03 19:18 - 238560176 ____A C:\Windows\MEMORY.DMP
    2013-05-06 14:31 - 2012-02-05 11:00 - 00000000 ____D C:\Windows\Minidump
    2013-05-04 18:54 - 2013-05-04 18:54 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\Macromedia
    2013-05-04 18:54 - 2012-04-07 02:29 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-05-04 18:54 - 2012-01-11 08:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-05-04 18:39 - 2012-01-02 20:20 - 00000000 ____D C:\Windows.old.000
    2013-05-04 18:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-05-04 18:23 - 2013-05-04 18:23 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2013-05-04 18:23 - 2013-05-04 18:23 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2013-05-04 18:23 - 2013-05-04 18:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-04 18:23 - 2013-05-04 18:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-04 18:23 - 2013-05-04 18:23 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-04 18:23 - 2013-05-04 18:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-04 18:23 - 2013-05-04 18:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2013-05-04 18:23 - 2013-05-04 18:23 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-05-04 18:23 - 2013-05-04 18:23 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2013-05-04 18:23 - 2013-05-04 18:23 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2013-05-04 18:23 - 2013-05-04 18:23 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-05-04 18:23 - 2013-05-04 18:23 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-05-04 18:23 - 2013-05-04 18:23 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2013-05-04 18:23 - 2012-01-05 12:19 - 00012069 ____A C:\Windows\IE9_main.log
    2013-05-04 18:01 - 2012-01-10 07:21 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\LogMeIn Rescue Applet
    2013-05-04 17:51 - 2013-05-04 17:51 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Gryphyn\Downloads\mbam-setup-1.75.0.1300.exe
    2013-05-04 17:51 - 2013-05-04 17:51 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-04 17:51 - 2013-05-04 17:51 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\Malwarebytes
    2013-05-04 17:51 - 2013-05-04 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-04 17:51 - 2013-05-04 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-04 17:37 - 2013-05-04 17:37 - 00001166 ____A C:\Users\Public\Desktop\TeamViewer 5.lnk
    2013-05-04 17:37 - 2013-05-04 17:37 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\TeamViewer
    2013-05-04 17:37 - 2013-05-04 17:37 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2013-05-04 17:26 - 2013-05-04 17:25 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\Mozilla
    2013-05-04 17:25 - 2013-05-04 17:25 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2013-05-04 17:25 - 2013-05-04 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-05-04 17:25 - 2013-05-04 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-05-04 16:59 - 2013-05-04 16:34 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\Strongvault Online Backup
    2013-05-04 16:59 - 2013-05-04 16:34 - 00000000 ____D C:\ProgramData\Strongvault Online Backup
    2013-05-04 16:59 - 2013-05-03 19:41 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\Strongvault
    2013-05-04 16:59 - 2013-05-03 19:40 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2013-05-04 16:59 - 2013-05-03 19:40 - 00000000 __SHD C:\AI_RecycleBin
    2013-05-04 16:53 - 2013-03-19 21:23 - 00748994 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-05-04 16:49 - 2013-05-04 16:29 - 00000000 ____D C:\Program Files (x86)\LessTabs
    2013-05-04 16:35 - 2013-05-03 19:42 - 00001064 ____A C:\Windows\KB893803v2.log
    2013-05-04 16:34 - 2013-05-03 19:41 - 00000258 _RASH C:\Users\Gryphyn\ntuser.pol
    2013-05-04 16:34 - 2012-01-02 22:11 - 00000000 ____D C:\users\Gryphyn
    2013-05-03 19:55 - 2013-05-03 19:12 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\PCFixSpeed
    2013-05-03 19:41 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
    2013-05-03 19:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2013-05-03 19:39 - 2013-05-03 19:39 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\Mozilla
    2013-05-03 19:39 - 2013-05-03 19:39 - 00000000 ____D C:\ProgramData\Mozilla
    2013-05-03 19:32 - 2012-01-03 00:20 - 00000000 ____D C:\Program Files (x86)\Google
    2013-05-03 19:25 - 2013-05-03 19:25 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\24x7 Help
    2013-05-03 19:20 - 2013-05-03 19:20 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-05-03 19:19 - 2013-05-03 19:19 - 00275760 ____A C:\Windows\Minidump\050313-40638-01.dmp
    2013-05-03 19:14 - 2013-05-03 19:14 - 00275760 ____A C:\Windows\Minidump\050313-46581-01.dmp
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000967 ____A C:\Users\Public\Desktop\Optimize Your PC.lnk
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000000 ____D C:\Users\Gryphyn\AppData\Roaming\Yontoo
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000000 ____D C:\ProgramData\PCFixSpeed
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\Yontoo
    2013-05-03 19:12 - 2013-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\PCFixSpeed
    2013-05-02 07:44 - 2013-05-09 04:14 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
    2013-05-01 22:06 - 2012-01-02 23:51 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-01 15:34 - 2013-05-09 04:15 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
    2013-05-01 15:34 - 2013-05-09 04:15 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
    2013-05-01 15:34 - 2013-05-09 04:15 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
    2013-05-01 15:34 - 2013-05-09 04:14 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
    2013-05-01 15:34 - 2012-04-29 18:00 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2013-05-01 15:34 - 2012-01-03 00:20 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2013-05-01 15:34 - 2012-01-03 00:20 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2013-05-01 15:34 - 2012-01-03 00:20 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2013-05-01 15:34 - 2012-01-03 00:20 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-05-01 15:34 - 2012-01-03 00:20 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2013-05-01 15:33 - 2012-01-03 00:20 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2013-05-01 15:33 - 2012-01-03 00:19 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
    2013-04-12 18:26 - 2013-04-12 18:26 - 00275760 ____A C:\Windows\Minidump\041213-65629-01.dmp
    2013-04-12 18:17 - 2013-04-12 18:17 - 00275760 ____A C:\Windows\Minidump\041213-59951-01.dmp
    2013-04-12 18:11 - 2013-01-10 08:02 - 00000000 ____D C:\Users\Gryphyn\AppData\Local\Conduit
    2013-04-12 18:03 - 2012-01-02 22:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-04-12 18:00 - 2012-07-22 12:27 - 00000000 ____D C:\Program Files (x86)\bSaving
    2013-04-12 17:40 - 2013-04-12 17:40 - 00275760 ____A C:\Windows\Minidump\041213-45723-01.dmp
    2013-04-12 17:22 - 2013-04-12 17:22 - 00271520 ____A C:\Windows\Minidump\041213-37346-01.dmp
    2013-04-12 17:13 - 2013-04-12 17:13 - 00275760 ____A C:\Windows\Minidump\041213-35474-01.dmp
    2013-04-12 17:04 - 2012-01-11 08:15 - 00000000 ____D C:\ProgramData\Yahoo! Companion
    2013-04-12 06:36 - 2013-05-09 19:17 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-05-09 19:19:24
    Restore point made on: 2013-05-10 12:27:06
    Restore point made on: 2013-05-10 12:29:26
    Restore point made on: 2013-05-11 13:46:55

    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4087.76 MB
    Available physical RAM: 3454.91 MB
    Total Pagefile: 4085.91 MB
    Available Pagefile: 3436.4 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Drives ================================

    Drive c: (Main) (Fixed) (Total:78.12 GB) (Free:34.36 GB) NTFS (Disk=0 Partition=2)
    Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    Drive f: () (Removable) (Total:3.74 GB) (Free:1.68 GB) FAT32 (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (Backup part) (Fixed) (Total:33.66 GB) (Free:29.74 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: FDE5FDE5)
    Partition 1: (Active) - (Size=78 GB) - (Type=OF Extended)
    Partition 2: (Active) - (Size=34 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 4 GB) (Disk ID: F587F587)
    Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


    Last Boot: 2013-05-03 22:15

    ==================== End Of Log ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    See if you can boot normally.
     

    Attached Files:

  9. Gryphyn77

    Gryphyn77 TS Rookie Topic Starter

    No Go. Still hangs before splash screen

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2013 01
    Ran by SYSTEM at 2013-05-11 19:49:41 Run:2
    Running from F:\
    Boot Mode: Recovery
    ==============================================
    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.
    ==== End of Fixlog ==

    I am running 64 bit
     
  10. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    See if you can boot to safe mode.
     
  11. Gryphyn77

    Gryphyn77 TS Rookie Topic Starter

    No unable to enter safe mode.
    Here is a notification I recieve when going back into cmd


    The following startup options will be added:
    Name: Windows 7 Home Premium (recovered)
    Path: Windows
    Windows Device: Partition=D: (79995 MB)
    Name: Windows Recovery Environment (recovered)
    Path: Recovery\f3fa861a-47e6-11df-ab82-f5d83a1447d2\Winre.wim
    Windows Device: Partition=D: (79995 MB)
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    OK, here is the thing.

    None of the scans we performed shows anything malicious there so your issue must be caused by something else.
    Unless you want to try creating new topic in Windows forum my only suggestion would be to reinstall Windows.
    We tried :(
     
  13. Gryphyn77

    Gryphyn77 TS Rookie Topic Starter

    Well I was at that point when we started earlier. Years of experience has taught me not to worry about another Failed Winblows install. I game developers designed games for linux more often I would never have issues like this. Funny thing is I just remembered year or two back I had another account here for my comp hardware business. Had similar issue that we fixed, then it crashed a month or so later so I dropped 2k and went to win 7.
    TTYL and thanks for the help,
    Gryphyn
     
  14. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Good luck then :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...