I ran RogueKiller and it found several PUMs.dns registry keys. The laptop has no access to personal data I use if for interfacing with a weather station. I plan to fix it by re-formatting and reinstalling win7. I also scanned my primary desktop with Roguekiller and found similar results but a few more reg keys. Reformating and reinstalling that PC would be a nightmare.
On the laptop I did go ahead and tell RogueKiller to delete the PUMS reg keys and it says it did, but since then it still has maxed out CPU most of the time and it reboots about 2/3rds of the way through every rogue killer scan. I think it did not eliminate the infection. Because that didn't work I have not done anything with my main pc except put the dds on it and collect the logs. While doing this was the first time I found really bad symptoms. I used a usb stick to put dds onto it and the pc bogged down to the point of being completely unresponsive. I rebooted and was able to copy dds onto the desktop, run it, and get the logs. I will paste them below. I also have the roguekiller log, but I read the "how to ask for help" thread and I won't post that unless someone asks me too. The pc in question is not attached to the network now. I've used a sneakernet to get dds on and the logs off of it. Roguekiller did not find infection on the other pcs on the home network.
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/15/2012 3:25:25 PM
System Uptime: 11/15/2015 7:46:32 PM (0 hours ago)
.
Motherboard: ASRock | | P67 Extreme4 Gen3
Processor: Intel(R) Core(TM) i5-2550K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 120 GiB total, 50.298 GiB free.
D: is FIXED (NTFS) - 1277 GiB total, 860.389 GiB free.
E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP480: 10/27/2015 5:15:19 PM - Installed DirectX
RP481: 10/28/2015 7:41:34 PM - Windows Update
RP482: 11/1/2015 9:51:27 AM - Installed Minutor
RP483: 11/1/2015 7:36:59 PM - Windows Update
RP484: 11/5/2015 7:37:15 PM - Windows Update
RP485: 11/10/2015 5:02:57 PM - Windows Update
RP486: 11/13/2015 5:06:29 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Adobe Flash Player 19 ActiveX
Adobe Flash Player 19 NPAPI
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Software Update
ASUS Gamer OSD
ASUS Smart Doctor
ASUS VGA Driver
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Audiograbber 1.83 SE
Audiograbber MP3 Plugin
Avidemux 2.6
AxCrypt 1.7.2976.0
Batman: Arkham City GOTY
BeerSmith 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Black Ops II
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help English
CDBurnerXP
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CutePDF Writer 2.8
D3DX10
Dual-Core Optimizer
eReg
Etron USB3.0 Host Controller
FLVPlayer4Free Free FLV Player 5.4.0.0
FormatFactory 3.3.3.0
GIMP 2.8.2
Google Chrome
Google Earth
Google Earth Pro
Google Update Helper
GoToMeeting 5.2.0.952
gPodder version 3.8.1
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
hppLaserJetService
hppP1100P1560P1600SeriesLaserJetService
hppusgP1100P1560P1600Series
HPSSupply
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
IrfanView (remove only)
Java 7 Update 55
Java 7 Update 55 (64-bit)
Java Auto Updater
Kerbal Space Program
Kobo
LAME v3.99.3 (for Windows)
LEGO MINDSTORMS EV3
LEGO MINDSTORMS EV3 Home Content
LEGO MINDSTORMS EV3 Home Edition
LEGO MINDSTORMS EV3 Home English Support
LEGO MINDSTORMS EV3 Uninstaller
LEGO MINDSTORMS NXT x64 Driver
Logitech SetPoint 6.65
Luminance HDR 2.3.0-beta1
Malwarebytes Anti-Malware version 2.0.1.1004
MarketResearch
marvell 91xx driver
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Professional Plus 2013 - en-us
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Minecraft
Minutor
Movie Maker
Mozilla Firefox 42.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
NetScaler Gateway Endpoint Analysis
NI .NET Framework 4
NI EulaDepot
NI MDF Support
NI Security Update (KB 67L8LCQW)
NI Security Update (KB 67L8LCQW) (64-bit)
NI Uninstaller
NI VC2008MSMs x64
NI VC2008MSMs x86
No-IP DUC
Notepad++
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OneTouch 4.6
Online Plug-in
Oracle VM VirtualBox 4.2.12
PDF-Viewer
Photo Common
Photo Gallery
Portal
Portal 2
Portal 2 Publishing Tool
Python 2.7 PyGTK 2.24.2
Python 2.7.8
Python 3.4.1
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Return to Castle Wolfenstein
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft .NET Framework 4.5.1 (KB3074230)
Security Update for Microsoft .NET Framework 4.5.1 (KB3074550)
Self-service Plug-in
SketchUp 8
Steam
Team Fortress 2
UFRaw 0.19.2
Utility
Winamp
Winamp Detector Plug-in
Windows 7 Codec Pack 4.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xerox DocuMate 3115 Driver
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
11/8/2015 10:39:19 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
11/15/2015 7:46:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service OneTouch 4.0 Monitor with arguments "-Service" in order to run the server: {F4DC3D43-8228-45B3-9758-5A654AA17B9A}
11/15/2015 7:44:38 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2015 7:41:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800bdde4e0, 0xfffff88004402740, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111515-20077-01.
11/15/2015 7:37:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/15/2015 7:37:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/15/2015 7:37:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/15/2015 7:37:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/15/2015 7:37:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/15/2015 7:37:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/15/2015 7:37:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/15/2015 7:37:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/15/2015 7:37:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2015 7:37:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2015 7:37:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
11/15/2015 7:32:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/15/2015 7:03:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
11/15/2015 5:47:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
11/15/2015 5:47:30 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/15/2015 12:16:36 PM, Error: Application Popup [1060] - \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
dds.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18057 BrowserJavaVersion: 10.55.2
Run by Mike at 19:49:47 on 2015-11-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.6464 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\No-IP\ducservice.exe
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\No-IP\DUC40.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ochelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [NoIPDUCv4] "C:\Program Files (x86)\No-IP\DUC40.exe" /minimize
uRun: [GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A] "C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: Interfaces\{5039F796-9A3C-4853-A851-000D20138441} : NameServer = 208.67.222.222,208.67.220.220,173.230.156.28,23.226.230.72,69.164.196.21,50.116.23.211
TCP: Interfaces\{5039F796-9A3C-4853-A851-000D20138441} : DHCPNameServer = 208.201.224.11 208.201.224.33
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\msosb.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o2dhv4b0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/privatepage/1#Home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =714647&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee64.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npagee.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npagee64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-9-30 302120]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2012-4-15 16384]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-28 203776]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-18 2780856]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-15 13592]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 124568]
R2 NoIPDUCService4;NO-IP DUC v4;C:\Program Files (x86)\No-IP\ducservice.exe [2013-1-24 11264]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-4-15 116240]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-7 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-7 64512]
R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-4-15 23680]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-4-15 32344]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-15 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-6-14 36328]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-10-13 114688]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2015-10-10 20480]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-2-8 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-21 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-6-14 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-6-14 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-6-14 177640]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-29 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-16 1255736]
.
=============== Created Last 30 ================
.
2015-11-15 21:03:51 -------- d-----w- C:\Users\Mike\AppData\Local\CrashDumps
2015-11-15 20:16:36 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-11-15 20:16:34 -------- d-----w- C:\ProgramData\RogueKiller
2015-11-15 01:07:19 11140960 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7DAB656E-E615-4905-AF80-AC081C36837A}\mpengine.dll
2015-11-14 01:06:41 11140960 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-11-11 03:43:24 5286088 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-11-01 16:52:49 -------- d-----w- C:\Program Files (x86)\Minutor
2015-10-28 02:37:13 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{225B1762-B196-427E-8B79-C18433FF214A}\gapaengine.dll
2015-10-19 01:25:53 -------- d-----w- C:\Program Files\HP
2015-10-19 01:25:49 288768 ----a-w- C:\Windows\System32\HP1100LM.DLL
2015-10-17 19:32:35 49664 ----a-w- C:\Windows\System32\HP1100SMs.dll
2015-10-17 19:32:32 350720 ----a-w- C:\Windows\System32\mvhlewsi.DLL
2015-10-17 19:32:32 1696256 ----a-w- C:\Windows\System32\HP1100SM.EXE
.
==================== Find3M ====================
.
2015-11-11 03:43:35 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-11-11 03:43:35 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-01 18:06:49 692672 ----a-w- C:\Windows\System32\winload.efi
2015-10-01 18:04:11 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-10-01 18:00:59 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-10-01 18:00:43 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-10-01 18:00:43 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-10-01 18:00:06 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-10-01 18:00:06 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-10-01 17:50:35 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-10-01 17:00:54 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-09-29 03:16:51 5569472 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-09-29 03:13:50 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-09-29 03:11:19 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-09-29 03:11:19 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-09-29 03:11:19 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-09-29 03:11:19 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-09-29 03:11:06 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-09-29 03:11:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-09-29 03:11:01 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-09-29 03:11:01 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-09-29 03:10:59 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-09-29 03:10:56 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-09-29 03:10:55 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-09-29 03:10:53 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-09-29 03:10:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2015-09-29 03:10:47 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-09-29 03:10:47 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-09-29 03:10:47 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-09-29 03:10:30 112640 ----a-w- C:\Windows\System32\smss.exe
2015-09-29 03:10:25 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-09-29 03:09:59 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-09-29 03:09:53 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-09-29 03:05:56 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-09-29 03:05:36 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-09-29 03:05:01 3990976 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-09-29 03:05:01 3936192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-09-29 03:02:09 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-09-29 02:59:20 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-09-29 02:59:17 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-09-29 02:59:16 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-09-29 02:59:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-09-29 02:59:08 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-09-29 02:59:04 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-09-29 02:58:57 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-09-29 02:58:57 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-09-29 02:58:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-09-29 02:58:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-09-29 02:58:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-09-29 02:57:53 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-09-29 02:57:53 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-09-29 02:57:52 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-09-29 02:53:44 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-09-29 02:53:28 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-09-29 01:50:29 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-09-29 01:49:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-09-29 01:49:31 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-09-29 01:43:29 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-09-29 01:43:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-09-29 01:40:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-09-29 01:40:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-29 01:40:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-29 01:40:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-09-25 18:07:19 98816 ----a-w- C:\Windows\System32\wudriver.dll
2015-09-25 18:07:19 3168768 ----a-w- C:\Windows\System32\wucltux.dll
2015-09-25 18:07:19 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2015-09-25 18:06:54 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-09-25 18:06:44 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-09-25 18:06:40 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-09-25 17:59:08 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-09-25 17:59:08 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-09-25 17:58:25 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-09-16 04:36:53 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-09-16 04:36:43 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-09-16 04:22:21 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-09-16 04:21:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-09-16 04:21:33 417792 ----a-w- C:\Windows\System32\html.iec
2015-09-16 04:21:27 585728 ----a-w- C:\Windows\System32\vbscript.dll
2015-09-16 04:21:17 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-09-16 04:09:30 5990912 ----a-w- C:\Windows\System32\jscript9.dll
2015-09-16 04:08:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-09-16 04:08:38 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-09-16 04:08:23 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-09-16 04:01:30 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-09-16 03:50:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-09-16 03:45:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-09-16 03:33:26 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-09-16 03:33:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-09-16 03:32:33 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-09-16 03:32:24 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-09-16 03:31:57 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-09-16 03:28:33 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-09-16 03:26:47 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-09-16 03:23:01 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-09-16 03:22:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-09-16 03:11:12 2487808 ----a-w- C:\Windows\System32\wininet.dll
2015-09-16 03:10:46 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-09-16 03:05:51 4527616 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-09-16 02:55:49 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-09-16 02:55:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
.
============= FINISH: 19:50:46.85 ===============