windows tmp.exe errors and malicious web blocking

Psychotic · December 8, 2014

Are you able to boot the computer into safe mode when disconnected?

MsJoJo · December 8, 2014

Yes, but it's not useable because it has the same repeated flashing (between desktop and blue screen). I get an application error from explorer.exe about memory that can't be written at 0x00000000. When I click OK to terminate the program the error just keeps repeating. So, safe mode would be good if I could get rid of that flashing problem again somehow.

I also tried system restore again - it actually said I had a restore point this time - from the 8th - exactly when the flashing problem started again. So, I tried to restore to that point and I got an error that "...system restore failed while copying the registry from the restore point. An unspecified error occurred during system restore (0x80070570)".

Help! whimper...

Psychotic · December 9, 2014

OK, please do another FRST scan from Recovery Environment.

Don´t do anything else - rather post the log here.

Don´t try to boot into windows!

Scan with FRST (Recovery Environment)

To run FRST on Vista and Windows7:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt

In the command window:
type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MsJoJo · December 12, 2014

Here it is:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014 ([color=red]ATTENTION: ====> FRST version is 24 days old and could be outdated[/color])Ran by SYSTEM on MININT-POTF904 on 11-12-2014 19:46:47Running from d:\Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: RecoveryThe current controlset is ControlSet001[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-03] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [320168 2010-02-03] ()HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,Winlogon\Notify\igfxcui: igfxdev.dll [X]Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))HKU\Default\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Media_\SwitchUserVideoKey.reg"HKU\Default User\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Media_\SwitchUserVideoKey.reg"HKU\Joanne\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()HKU\Joanne\...\Run: [PCShowServer] => C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-07-28] (NDS Technologies)HKU\Joanne\...\Run: [VueMinder] => C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [9164288 2014-11-13] (VueSoft)HKU\Joanne\...\Run: [Emvrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Joanne\AppData\Local\Idgsoft\GdText.dllStartup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Calendar Free.lnkShortcutTarget: Efficient Calendar Free.lnk -> C:\Program Files (x86)\Efficient Calendar Free\EfficientCalendarFree.exe (No File)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)BootExecute: autocheck autochk * sdnclean64.exe==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider)S2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] ()S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-26] (Avast Software)S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-27] (Lexmark International, Inc.)S2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )S2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)S2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-08] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)S2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-26] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-05 04:21 - 2014-12-05 04:38 - 00000016 _____ () C:\InjectIntoProcess crash2014-12-04 20:10 - 2014-12-04 20:10 - 00000197 _____ () C:\Windows\System32\2014-12-05-04-10-25.070-AvastVBoxSVC.exe-2504.log2014-12-04 15:35 - 2014-12-04 15:35 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Lazy Turtle Games2014-12-04 15:21 - 2014-12-04 15:21 - 00002062 _____ () C:\Users\Public\Desktop\Play The Far Kingdoms - Elements.lnk2014-12-04 15:21 - 2014-12-04 15:21 - 00001284 _____ () C:\Users\Public\Desktop\More Great Games.lnk2014-12-04 15:21 - 2014-12-04 15:21 - 00000000 ____D () C:\Program Files (x86)\The Far Kingdoms - Elements2014-12-04 15:12 - 2014-12-04 15:12 - 00002067 _____ () C:\Users\Public\Desktop\Play True Fear - Forsaken Souls.lnk2014-12-04 15:11 - 2014-12-04 15:12 - 00000000 ____D () C:\Program Files (x86)\True Fear - Forsaken Souls2014-12-04 14:39 - 2014-12-04 14:40 - 00000247 _____ () C:\Windows\System32\2014-12-04-22-39-57.066-aswFe.exe-3344.log2014-12-04 14:20 - 2014-12-04 14:39 - 00000247 _____ () C:\Windows\System32\2014-12-04-22-20-37.023-aswFe.exe-5408.log2014-12-04 14:20 - 2014-12-04 14:20 - 00000197 _____ () C:\Windows\System32\2014-12-04-22-20-35.019-AvastVBoxSVC.exe-4092.log2014-12-04 14:01 - 2014-12-04 14:16 - 00000247 _____ () C:\Windows\System32\2014-12-04-22-01-33.076-aswFe.exe-3816.log2014-12-04 14:01 - 2014-12-04 14:01 - 00000197 _____ () C:\Windows\System32\2014-12-04-22-01-31.068-AvastVBoxSVC.exe-3560.log2014-12-04 10:30 - 2014-12-04 10:30 - 00000000 ____D () C:\Program Files (x86)\ESET2014-12-04 09:46 - 2014-12-04 09:46 - 00000000 __SHD () C:\Users\Joanne\AppData\Local\EmieBrowserModeList2014-12-04 09:32 - 2014-12-04 09:32 - 00000197 _____ () C:\Windows\System32\2014-12-04-17-32-38.013-AvastVBoxSVC.exe-3504.log2014-12-03 14:44 - 2014-12-05 09:09 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-12-03 14:44 - 2014-12-04 09:30 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft2014-12-02 12:44 - 2014-12-02 12:44 - 00000197 _____ () C:\Windows\System32\2014-12-02-20-44-14.043-AvastVBoxSVC.exe-5112.log2014-12-01 19:14 - 2014-12-01 19:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Mad Head Games2014-12-01 17:14 - 2014-12-01 17:14 - 00002164 _____ () C:\Users\Public\Desktop\Play Paranormal Pursuit - The Gifted One.lnk2014-12-01 17:12 - 2014-12-01 17:14 - 00000000 ____D () C:\Program Files (x86)\Paranormal Pursuit - The Gifted One2014-12-01 17:12 - 2014-12-01 17:12 - 00002074 _____ () C:\Users\Public\Desktop\Play Fear for Sale - The 13 Keys.lnk2014-12-01 17:11 - 2014-12-01 17:12 - 00000000 ____D () C:\Program Files (x86)\Fear for Sale - The 13 Keys2014-12-01 17:07 - 2014-12-01 17:07 - 00002129 _____ () C:\Users\Public\Desktop\Play Echoes of the Past - Wolf Healer.lnk2014-12-01 17:05 - 2014-12-01 17:07 - 00000000 ____D () C:\Program Files (x86)\Echoes of the Past - Wolf Healer2014-12-01 17:05 - 2014-12-01 17:05 - 00002089 _____ () C:\Users\Public\Desktop\Play Dreampath - The Two Kingdoms.lnk2014-12-01 17:04 - 2014-12-01 17:05 - 00000000 ____D () C:\Program Files (x86)\Dreampath - The Two Kingdoms2014-11-30 15:13 - 2014-11-30 15:13 - 00000197 _____ () C:\Windows\System32\2014-11-30-23-13-41.002-AvastVBoxSVC.exe-4476.log2014-11-30 10:28 - 2014-11-30 10:28 - 00002182 _____ () C:\Users\Public\Desktop\Play Rite of Passage - Child of the Forest.lnk2014-11-30 10:27 - 2014-11-30 10:28 - 00000000 ____D () C:\Program Files (x86)\Rite of Passage - Child of the Forest2014-11-30 10:08 - 2014-11-30 10:08 - 00002162 _____ () C:\Users\Public\Desktop\Play Legacy Tales - Mercy of the Gallows.lnk2014-11-30 10:07 - 2014-11-30 10:08 - 00000000 ____D () C:\Program Files (x86)\Legacy Tales - Mercy of the Gallows2014-11-30 09:44 - 2014-11-30 09:44 - 00237568 _____ (Big Fish Games) C:\Users\Joanne\Downloads\bigfishgames_p225147848_s1_l1.exe2014-11-29 14:42 - 2014-11-29 14:43 - 00000197 _____ () C:\Windows\System32\2014-11-29-22-42-35.086-AvastVBoxSVC.exe-3244.log2014-11-28 11:12 - 2014-11-28 11:12 - 00237568 _____ (Big Fish Games) C:\Users\Joanne\Downloads\bigfishgames_p224989807_s1_l1.exe2014-11-26 08:52 - 2014-11-26 08:52 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-52-07.025-aswFe.exe-23296.log2014-11-26 08:31 - 2014-11-26 08:51 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-31-49.008-aswFe.exe-17588.log2014-11-26 08:13 - 2014-11-26 08:28 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-13-41.048-aswFe.exe-7968.log2014-11-26 08:13 - 2014-11-26 08:13 - 00000197 _____ () C:\Windows\System32\2014-11-26-16-13-39.038-AvastVBoxSVC.exe-6300.log2014-11-26 08:08 - 2014-11-26 08:09 - 00000000 ____D () C:\Windows\SysWOW64\vbox2014-11-26 08:08 - 2014-11-26 08:09 - 00000000 ____D () C:\Windows\System32\vbox2014-11-26 07:51 - 2014-11-26 07:51 - 00001990 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2014-11-26 07:51 - 2014-11-26 07:50 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe2014-11-26 07:50 - 2014-11-26 07:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-11-21 11:56 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll2014-11-21 11:56 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys2014-11-21 11:56 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys2014-11-21 11:56 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2014-11-21 11:56 - 2014-09-09 22:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2014-11-21 11:56 - 2014-09-07 19:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2014-11-21 11:56 - 2014-09-07 19:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2014-11-21 11:56 - 2014-09-07 14:08 - 00389176 _____ () C:\Windows\System32\ApnDatabase.xml2014-11-21 11:56 - 2014-09-04 14:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll2014-11-21 11:56 - 2014-09-04 14:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll2014-11-21 11:56 - 2014-09-03 19:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll2014-11-21 11:56 - 2014-09-03 18:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll2014-11-21 11:56 - 2014-09-03 17:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll2014-11-21 11:56 - 2014-09-03 16:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll2014-11-21 11:56 - 2014-08-30 16:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS2014-11-21 11:56 - 2014-08-30 16:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2014-11-21 11:56 - 2014-08-30 14:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-11-21 11:56 - 2014-08-30 14:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\System32\FXSCOMEX.dll2014-11-21 11:56 - 2014-08-30 13:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\FXSAPI.dll2014-11-21 11:56 - 2014-08-30 13:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll2014-11-21 11:56 - 2014-08-30 12:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll2014-11-21 11:56 - 2014-08-30 12:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2014-11-21 11:56 - 2014-08-27 18:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2014-11-21 11:56 - 2014-08-27 16:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll2014-11-21 11:56 - 2014-08-27 16:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-11-21 11:56 - 2014-08-22 21:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll2014-11-21 11:56 - 2014-08-22 21:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2014-11-21 11:56 - 2014-08-22 20:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll2014-11-21 11:56 - 2014-08-01 16:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\untfs.dll2014-11-21 11:56 - 2014-08-01 16:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll2014-11-21 11:55 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2014-11-21 11:55 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-21 11:55 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2014-11-21 11:55 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll2014-11-21 11:55 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll2014-11-21 11:55 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-11-21 11:55 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wuaext.dll2014-11-21 11:55 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2014-11-21 11:55 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe2014-11-21 11:55 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2014-11-21 11:55 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll2014-11-21 11:55 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll2014-11-21 11:55 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll2014-11-21 11:55 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll2014-11-21 11:55 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-11-21 11:55 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-11-21 11:55 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-11-21 11:55 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-11-21 11:55 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll2014-11-21 11:55 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-21 11:55 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe2014-11-21 11:55 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll2014-11-21 11:55 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-21 11:55 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2014-11-21 11:55 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys2014-11-21 11:55 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2014-11-21 11:55 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll2014-11-21 11:55 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll2014-11-21 11:55 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll2014-11-21 11:55 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll2014-11-21 11:55 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\rfxvmt.dll2014-11-21 11:55 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll2014-11-21 11:55 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll2014-11-21 11:55 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-21 11:55 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-21 11:55 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-11-21 11:55 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2014-11-21 11:55 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll2014-11-21 11:55 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll2014-11-21 11:55 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll2014-11-21 11:55 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-11-21 11:55 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll2014-11-21 11:55 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll2014-11-21 11:55 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll2014-11-21 11:55 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\System32\dpapisrv.dll2014-11-21 11:55 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-21 11:55 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys2014-11-21 11:55 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\winshfhc.dll2014-11-21 11:55 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll2014-11-21 11:54 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe2014-11-21 11:54 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe2014-11-21 11:54 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe2014-11-21 11:54 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2014-11-21 11:54 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2014-11-21 11:54 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2014-11-21 11:54 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2014-11-21 11:54 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2014-11-21 11:54 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll2014-11-21 11:54 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2014-11-21 11:54 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2014-11-21 11:54 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2014-11-21 11:54 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2014-11-21 11:54 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\hlink.dll2014-11-21 11:54 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2014-11-21 11:54 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2014-11-21 11:54 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2014-11-21 11:54 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2014-11-21 11:54 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2014-11-21 11:54 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2014-11-21 11:54 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2014-11-21 11:54 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll2014-11-21 11:54 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2014-11-21 11:54 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx2014-11-21 11:54 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll2014-11-21 11:54 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2014-11-21 11:54 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2014-11-21 11:54 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2014-11-21 11:54 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll2014-11-21 11:54 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2014-11-21 11:54 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll2014-11-21 11:54 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll2014-11-21 11:54 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll2014-11-21 11:54 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2014-11-21 11:54 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2014-11-21 11:54 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2014-11-21 11:54 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2014-11-21 11:54 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2014-11-21 11:54 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2014-11-21 11:54 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll2014-11-21 11:54 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll2014-11-21 11:54 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2014-11-21 11:54 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2014-11-21 11:54 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-11-21 11:54 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2014-11-21 11:54 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2014-11-21 11:54 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-11-21 11:54 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-21 11:54 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-11-21 11:54 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-11-21 11:54 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2014-11-21 11:54 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-11-21 11:54 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-11-21 11:54 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2014-11-21 11:54 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-21 11:54 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-21 11:54 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-11-21 11:54 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2014-11-21 11:54 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-11-21 11:54 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll2014-11-21 11:54 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-11-21 11:54 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-21 11:54 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-11-21 11:54 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2014-11-21 11:54 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-21 11:54 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2014-11-21 11:54 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-11-21 11:54 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-11-21 11:54 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-21 11:54 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2014-11-21 11:54 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-21 11:54 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2014-11-21 11:54 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-21 11:54 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2014-11-21 11:54 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2014-11-21 11:54 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-21 11:54 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-11-21 11:54 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-21 11:54 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-21 11:54 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2014-11-21 11:54 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2014-11-21 11:54 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-21 11:54 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-21 11:54 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-11-21 11:50 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll2014-11-21 11:50 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-21 11:50 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2014-11-21 11:50 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll2014-11-21 11:50 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-21 11:49 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll2014-11-21 11:49 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-11-21 11:49 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll2014-11-21 11:49 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-11-21 11:49 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe2014-11-21 11:49 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll2014-11-21 11:49 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-21 11:49 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-21 11:49 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-21 11:49 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll2014-11-21 11:49 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll2014-11-21 11:16 - 2014-11-21 11:16 - 00000000 _____ () C:\Recovery.txt2014-11-16 15:04 - 2014-11-16 15:06 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Nero2014-11-16 08:50 - 2014-12-05 08:21 - 00000000 ____D () C:\FRST2014-11-15 09:01 - 2014-11-15 09:01 - 00005764 _____ () C:\Users\Joanne\Desktop\Rkill.txt2014-11-15 08:31 - 2014-11-15 08:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix2014-11-15 08:29 - 2014-11-15 08:29 - 00025164 _____ () C:\Users\Joanne\Desktop\How to Fix icons.dll Error.html2014-11-13 16:14 - 2014-11-13 16:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\ERS Game Studios2014-11-13 12:36 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files\7-Zip2014-11-12 09:52 - 2014-11-12 09:52 - 00152096 _____ () C:\Users\Joanne\Desktop\Dental Plans Search Results - Dental Plan List _ Dental Plans.htm==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-11 19:44 - 2014-01-06 22:42 - 01248686 _____ () C:\Windows\WindowsUpdate.log2014-12-11 19:44 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-11 19:28 - 2013-10-07 03:31 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI2014-12-11 19:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness2014-12-11 19:25 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp2014-12-08 06:51 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI2014-12-08 06:45 - 2014-04-14 07:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys2014-12-08 06:45 - 2014-03-11 13:31 - 00000000 ___DO () C:\Users\Joanne\SkyDrive2014-12-06 13:37 - 2014-03-12 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-12-06 12:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru2014-12-06 00:16 - 2014-03-11 13:27 - 00000000 ____D () C:\users\Joanne2014-12-05 23:08 - 2014-01-06 23:12 - 00000000 ____D () C:\ProgramData\Temp2014-12-05 12:15 - 2014-03-11 13:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-459074797-2405321923-3278989467-10012014-12-05 11:30 - 2014-03-12 08:37 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\uTorrent2014-12-05 10:26 - 2014-03-11 17:54 - 00039236 _____ () C:\Windows\System32\lvcoinst.log2014-12-05 09:28 - 2014-03-12 10:10 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Deployment2014-12-05 08:17 - 2014-03-12 14:52 - 00000000 ___RD () C:\Users\Joanne\Desktop\UsefulTools2014-12-04 20:06 - 2013-10-07 03:25 - 00113390 _____ () C:\Windows\PFRO.log2014-12-04 20:05 - 2014-04-14 07:08 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-04 20:05 - 2014-04-14 07:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-03 15:09 - 2014-03-18 05:15 - 00000000 ____D () C:\Users\Joanne\Desktop\BWAC2014-12-03 15:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports2014-12-03 12:31 - 2014-03-11 17:21 - 00000000 ____D () C:\ProgramData\Lx_cats2014-12-02 11:50 - 2014-03-11 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-11-30 18:54 - 2014-03-11 20:56 - 00000000 ____D () C:\BigFishCache2014-11-30 15:26 - 2014-03-11 13:42 - 00000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2014-11-29 16:05 - 2014-03-12 06:23 - 00000000 ____D () C:\Windows\System32\MRT2014-11-29 16:02 - 2014-03-12 06:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2014-11-29 16:02 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM2014-11-28 19:27 - 2014-03-12 09:50 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Eipix2014-11-26 09:53 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache2014-11-26 08:37 - 2014-03-12 11:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-26 08:01 - 2014-11-10 08:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-11-26 07:51 - 2014-03-11 14:56 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys2014-11-26 07:50 - 2014-05-02 12:08 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00436624 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00267632 _____ () C:\Windows\System32\Drivers\aswVmm.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00116728 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00083280 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys2014-11-24 08:00 - 2013-08-22 06:44 - 05002664 _____ () C:\Windows\System32\FNTCACHE.DAT2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-21 11:51 - 2014-03-12 10:08 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-11-21 11:39 - 2014-08-19 17:42 - 00001907 _____ () C:\Users\Public\Desktop\VueMinder Ultimate.lnk2014-11-21 11:29 - 2014-11-10 08:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-11-21 11:29 - 2014-11-10 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-21 11:29 - 2014-03-13 13:31 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Free Desktop Clock 32014-11-21 11:29 - 2014-03-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Amnesia2014-11-21 11:29 - 2014-03-12 10:41 - 00000000 ____D () C:\Users\Joanne\Documents\Amnesia2014-11-21 11:29 - 2014-03-12 08:50 - 00000000 ____D () C:\Program Files (x86)\East Side Story2014-11-21 11:29 - 2014-03-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 __RSD () C:\Windows\Media2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\setup2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera2014-11-21 11:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\registration2014-11-21 11:23 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\System32\Sysprep2014-11-21 11:22 - 2014-03-11 13:29 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Packages2014-11-21 11:21 - 2014-08-19 17:41 - 00000000 ____D () C:\Program Files (x86)\VueSoft2014-11-21 11:21 - 2013-10-07 03:40 - 00000000 ____D () C:\Program Files (x86)\Nero2014-11-21 06:14 - 2014-04-14 07:07 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys2014-11-21 06:14 - 2014-04-14 07:07 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys2014-11-21 06:14 - 2014-03-11 17:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2014-11-20 12:51 - 2014-05-02 07:48 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-20 12:51 - 2014-05-02 07:48 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-16 08:39 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\NDF2014-11-16 07:41 - 2013-08-22 06:46 - 00023906 _____ () C:\Windows\setupact.log==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe[2014-09-14 20:29] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEAC:\Windows\SysWOW64\explorer.exe[2014-09-14 20:29] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595C:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll[2014-11-21 11:56] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6CC:\Windows\SysWOW64\User32.dll[2014-11-21 11:56] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1BC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2014-09-14 20:29] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB==================== Restore Points  =========================Restore point made on: 2014-12-06 10:59:33==================== Memory info =========================== Percentage of memory in use: 9%Total physical RAM: 10043.08 MBAvailable physical RAM: 9089.07 MBTotal Pagefile: 10043.08 MBAvailable Pagefile: 9124.67 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.87 MB==================== Drives ================================Drive c: (Local Disk) (Fixed) (Total:914.75 GB) (Free:750.41 GB) NTFSDrive d: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.23 GB) FATDrive f: (Recovery) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFSDrive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 107C8CDB)Partition: GPT Partition Type.========================================================Disk: 1 (Size: 246 MB) (Disk ID: 1BFA02B9)Partition 1: (Active) - (Size=246 MB) - (Type=06)LastRegBack: 2014-12-02 10:08==================== End Of Log ============================

Psychotic · December 16, 2014

Fix with FRST (Recovery Environment)

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
```
HKU\Joanne\...\Run: [Emvrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Joanne\AppData\Local\Idgsoft\GdText.dll2014-12-03 14:44 - 2014-12-05 09:09 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-12-03 14:44 - 2014-12-04 09:30 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft
```
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.
Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MsJoJo · December 17, 2014

Here it is - should I try booting into windows now or wait for further instructions??

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014Ran by SYSTEM at 2014-12-16 20:14:01 Run:2Running from d:\Boot Mode: Recovery==============================================Content of fixlist:*****************HKU\Joanne\...\Run: [Emvrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Joanne\AppData\Local\Idgsoft\GdText.dll2014-12-03 14:44 - 2014-12-05 09:09 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-12-03 14:44 - 2014-12-04 09:30 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft*****************HKU\Joanne\Software\Microsoft\Windows\CurrentVersion\Run\\Emvrtion => value deleted successfully.C:\Users\Joanne\AppData\Local\Owzdics => Moved successfully.C:\Users\Joanne\AppData\Local\Idgsoft => Moved successfully.==== End of Fixlog ====

Psychotic · December 17, 2014

Try to boot into safe mode without networking and run a full scan with MBAM.

Post up the log, when ready.

MsJoJo · December 18, 2014

Well, Safe Mode still has the flashing issue making it unusable, however... I decided to try S-mode with C-line and that worked - good old faithful DOS.

MBAM is out of date and I did not connect internet to update it, but it found nothing with the threat scan. Now what? Is it reasonable to assume we'll finally fix this or is it time to give up and simply re-install the OS?

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 12/18/2014Scan Time: 10:35:59 AMLogfile: MbamSafeMode.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2014.12.06.05Rootkit Database: v2014.12.03.01License: PremiumMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: JoanneScan Type: Threat ScanResult: CompletedObjects Scanned: 331958Time Elapsed: 10 min, 0 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)

Psychotic · January 5, 2015

I´m sorry, I´ve been seriously ill the last weeks.

Are you still there?

AdvancedSetup · February 3, 2015

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

windows tmp.exe errors and malicious web blocking

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information