1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive windows 7 boots to black screen after renaming rpcss.dll

Discussion in 'Malware and Virus Removal Archive' started by Jazmin14, 2014/10/20.

Thread Status:
Not open for further replies.
  1. 2014/10/20
    Jazmin14

    Jazmin14 Inactive Thread Starter

    Joined:
    2014/10/20
    Messages:
    2
    Likes Received:
    0
    [Inactive] windows 7 boots to black screen after renaming rpcss.dll

    Hi everyone,

    I came by here using google search for my problem.:D
    I have already found a similar problem in another user's thread and followed the instructions as far as relevant to mine.

    Basically, my Laptop running Windows 7-64 has been infected with what i believe is a Trojan virus. After a lot of research and by running a number of free apps including HitMan and Malwarebite I managed to locate the infected file which happens to be rpcss.dll residing in Windows- System-32 folder. Then I read on another forum about some solutions to get rid of the infected file by re-naming and replacing it with a clean one. Unfortunately I did not have the original Windows CD as my LapTop never came with one, so I found one on the Internet. Anyway I entered into safe mode (as instructed on another forum) and managed to rename and replace the infected file with the one I downloaded from Internet, and your guess is as good as mine...after restarting the screen went black:mad:

    As mentioned earlier I have followed the following instructions from another members thread here as far as the following:

    -Download Farbar Recovery Scan Tool 64-Bit
    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    Restart the computer.
    As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    Use the arrow keys to select the Repair your computer menu item.
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    Insert the installation disc.
    Restart your computer.
    If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    Click Repair your computer.
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    Select Command Prompt
    In the command window type in notepad and press Enter.
    The notepad opens. Under File menu select Open.
    Select "Computer" and find your flash drive letter and close the notepad.
    In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
    The tool will start to run.
    When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    So, I have done everything as above and here is the log:

    Oops limited word warning...I will attach the log on a new post:eek:

    I would be grateful if anyone could help please>Thanks:)
     
    Jazmin14,
    #1
  2. 2014/10/20
    Jazmin14

    Jazmin14 Inactive Thread Starter

    Joined:
    2014/10/20
    Messages:
    2
    Likes Received:
    0
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
    Ran by SYSTEM on MININT-6L3M3JR on 20-10-2014 21:44:45
    Running from f:\
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9569096 2012-03-11] (COMODO)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    HKLM\...\RunOnce: [*Restore] => C:\windows\system32\rstrui.exe [296960 2014-08-18] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\Sara\...\Policies\Explorer\Run: [Rainlendar] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2611808 2014-03-16] ()
    HKU\Sara\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\Sara\...\Policies\Explorer: [NoControlPanel] 0
    AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [246024 2012-12-29] (NVIDIA Corporation)
    AppInit_DLLs: C:\windows\system32\guard64.dll => C:\windows\system32\guard64.dll [389840 2012-03-11] (COMODO)
    AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\windows\SysWOW64\guard32.dll => C:\windows\SysWOW64\guard32.dll [301224 2012-03-11] (COMODO)

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
    S2 BBDemon; C:\Program Files\Dassault Systemes\B205\win_b64\code\bin\CATSysDemon.exe [46592 2008-02-01] (Dassault Systemes)
    S2 BFBackupUtilityService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe [320888 2010-04-27] (BUFFALO INC.)
    S2 BFBackupUtilityVSSService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [359288 2010-04-27] (BUFFALO INC.)
    S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2815496 2012-03-11] (COMODO)
    S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S2 DS License Server; C:\Program Files\Dassault Systemes\DS License Server\win_b64\code\bin\DSLicSrv.exe [772928 2011-09-16] (Dassault Systemes)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-01] (IBM Corp.)
    S2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation)
    S2 SPDFToolsReadSpool; C:\Program Files (x86)\SolidDocuments\Solid PDF Tools\SPDFT\SolidPdfToolsServicex64.exe [193352 2012-02-20] (Solid Documents, LLC)
    S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-09] (Toshiba Europe GmbH)
    S2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
    S0 BFRD4G; C:\Windows\System32\DRIVERS\BFRD4G.sys [47232 2010-03-09] (BUFFALO INC.)
    S0 bftpdskc64; C:\Windows\System32\drivers\bftpdskc64.sys [68224 2010-04-18] (BUFFALO INC.)
    S3 bftpusbx64; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-04-20] (BUFFALO INC.)
    S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22696 2012-03-11] (COMODO)
    S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [577824 2012-03-11] (COMODO)
    S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43248 2012-03-11] (COMODO)
    S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [93200 2012-02-03] (COMODO)
    S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
    S1 LUM; C:\windows\system32\drivers\LUM.sys [24848 2007-06-05] (IBM)
    S1 LUMDriver; C:\windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
    S1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-10-08] ()
    S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-01] (IBM Corp.)
    S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-10-01] (IBM Corp.)
    S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-01] (IBM Corp.)
    S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
    S0 Tpkd; C:\Windows\SysWow64\Drivers\Tpkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.)
    S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-19] ()
    S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-20 21:44 - 2014-10-20 21:44 - 00000000 ____D () C:\FRST
    2014-10-20 05:30 - 2014-10-20 16:44 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
    2014-10-20 05:30 - 2014-10-20 05:30 - 00000000 ____D () C:\ProgramData\TweakBit
    2014-10-20 05:30 - 2014-10-20 05:30 - 00000000 ____D () C:\Program Files (x86)\TweakBit
    2014-10-20 05:08 - 2014-10-20 17:29 - 00000000 ____D () C:\Windows\System32\EventProviders
    2014-10-20 04:33 - 2014-10-20 04:33 - 00001081 _____ () C:\Users\Sara\Desktop\DllSuite.lnk
    2014-10-20 04:33 - 2014-10-20 04:33 - 00000000 ____D () C:\Program Files (x86)\DLLSuite
    2014-10-20 04:22 - 2014-10-20 04:22 - 00395776 _____ (Microsoft Corporation) C:\Windows\System32\rpcss.dll
    2014-10-20 02:10 - 2014-10-20 17:29 - 00000000 ____D () C:\Users\Sara\Desktop\Windows 7 Service Pack1
    2014-10-20 02:10 - 2014-10-20 02:10 - 00001072 _____ () C:\Windows\DirectX.log
    2014-10-20 02:10 - 2010-06-01 19:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2014-10-20 02:10 - 2010-06-01 19:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2014-10-20 02:10 - 2010-06-01 19:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2014-10-20 02:10 - 2010-06-01 19:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2014-10-20 02:10 - 2010-06-01 19:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2014-10-20 02:10 - 2010-06-01 19:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2014-10-20 02:10 - 2010-05-26 02:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2014-10-20 02:10 - 2010-02-04 01:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2014-10-20 02:10 - 2010-02-04 01:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2014-10-20 02:10 - 2010-02-04 01:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2014-10-20 02:10 - 2010-02-04 01:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2014-10-20 02:10 - 2010-02-04 01:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2014-10-20 02:10 - 2010-02-04 01:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2014-10-20 02:10 - 2010-02-04 01:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2014-10-20 02:10 - 2010-02-04 01:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2014-10-20 02:10 - 2009-09-04 08:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2014-10-20 02:10 - 2009-09-04 08:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2014-10-20 02:10 - 2009-09-04 08:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2014-10-20 02:10 - 2009-09-04 08:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2014-10-20 02:10 - 2009-09-04 08:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2014-10-20 02:10 - 2009-09-04 08:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2014-10-20 02:10 - 2009-09-04 08:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2014-10-20 02:10 - 2009-09-04 08:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2014-10-20 02:10 - 2009-09-04 08:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2014-10-20 02:10 - 2009-09-04 08:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2014-10-20 02:10 - 2009-03-16 05:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2014-10-20 02:10 - 2009-03-16 05:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2014-10-20 02:10 - 2009-03-16 05:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2014-10-20 02:10 - 2009-03-16 05:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2014-10-20 02:10 - 2009-03-16 05:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2014-10-20 02:10 - 2009-03-16 05:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2014-10-20 02:10 - 2009-03-09 06:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2014-10-20 02:10 - 2009-03-09 06:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2014-10-20 02:10 - 2009-03-09 06:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2014-10-20 02:10 - 2008-10-27 01:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2014-10-20 02:10 - 2008-10-27 01:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2014-10-20 02:10 - 2008-10-27 01:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2014-10-20 02:10 - 2008-10-27 01:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2014-10-20 02:10 - 2008-10-27 01:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2014-10-20 02:10 - 2008-10-27 01:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2014-10-20 02:10 - 2008-10-27 01:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2014-10-20 02:10 - 2008-10-27 01:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2014-10-20 02:10 - 2008-10-09 19:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2014-10-20 02:10 - 2008-10-09 19:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2014-10-20 02:10 - 2008-10-09 19:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2014-10-20 02:10 - 2008-10-09 19:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2014-10-20 02:10 - 2008-10-09 19:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2014-10-20 02:10 - 2008-07-31 01:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2014-10-20 02:10 - 2008-07-31 01:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2014-10-20 02:10 - 2008-07-31 01:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2014-10-20 02:10 - 2008-07-31 01:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2014-10-20 02:10 - 2008-07-31 01:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2014-10-20 02:10 - 2008-07-31 01:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2014-10-20 02:10 - 2008-07-10 02:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2014-10-20 02:10 - 2008-07-10 02:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
    2014-10-20 02:10 - 2008-07-10 02:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2014-10-20 02:10 - 2008-07-10 02:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
    2014-10-20 02:10 - 2008-07-10 02:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2014-10-20 02:10 - 2008-07-10 02:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
    2014-10-20 02:10 - 2008-05-30 05:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2014-10-20 02:10 - 2008-05-30 05:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2014-10-20 02:10 - 2008-05-30 05:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2014-10-20 02:10 - 2008-05-30 05:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2014-10-20 02:10 - 2008-05-30 05:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2014-10-20 02:10 - 2008-05-30 05:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2014-10-20 02:10 - 2008-05-30 05:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2014-10-20 02:10 - 2008-05-30 05:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2014-10-20 02:10 - 2008-05-30 05:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2014-10-20 02:10 - 2008-05-30 05:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2014-10-20 02:10 - 2008-05-30 05:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2014-10-20 02:10 - 2008-05-30 05:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2014-10-20 02:10 - 2008-05-30 05:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2014-10-20 02:10 - 2008-05-30 05:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2014-10-20 02:10 - 2008-03-05 07:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2014-10-20 02:10 - 2008-03-05 07:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2014-10-20 02:10 - 2008-03-05 07:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2014-10-20 02:10 - 2008-03-05 07:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2014-10-20 02:10 - 2008-03-05 07:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2014-10-20 02:10 - 2008-03-05 07:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2014-10-20 02:10 - 2008-03-05 06:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2014-10-20 02:10 - 2008-03-05 06:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2014-10-20 02:10 - 2008-03-05 06:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2014-10-20 02:10 - 2008-03-05 06:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2014-10-20 02:10 - 2008-02-05 14:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2014-10-20 02:10 - 2008-02-05 14:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2014-10-20 02:07 - 2014-10-20 02:10 - 00000000 ____D () C:\Windows\SysWOW64\directx
    2014-10-20 01:48 - 2014-10-20 05:17 - 00000000 ____D () C:\Symbols
    2014-10-20 00:39 - 2014-10-20 00:44 - 32601272 _____ (Microsoft Corporation) C:\Users\Sara\Desktop\Windows-KB890830-x64-V5.17.exe
    2014-10-19 23:55 - 2014-10-20 17:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-10-19 23:55 - 2014-10-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-10-19 22:38 - 2014-10-20 04:58 - 00000224 _____ () C:\Windows\setupact.log
    2014-10-19 22:38 - 2014-10-19 22:38 - 00000000 _____ () C:\Windows\setuperr.log
    2014-10-19 04:01 - 2014-10-20 17:29 - 00000000 ____D () C:\FU_Backup
    2014-10-19 04:01 - 2014-10-19 04:01 - 00001002 _____ () C:\Users\Public\Desktop\Final Uninstaller.lnk
    2014-10-19 04:01 - 2014-10-19 04:01 - 00001002 _____ () C:\ProgramData\Desktop\Final Uninstaller.lnk
    2014-10-19 04:01 - 2014-10-19 04:01 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\CheeseSoft
    2014-10-18 14:53 - 2014-10-19 00:36 - 00000000 ____D () C:\QUARANTINE
    2014-10-18 04:05 - 2014-10-18 04:05 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\McAfee
    2014-10-18 04:04 - 2014-10-18 04:04 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-10-18 04:04 - 2014-10-18 04:03 - 00158832 _____ (McAfee, Inc.) C:\Windows\System32\mfevtps.exe.f12f.deleteme
    2014-10-18 04:04 - 2014-10-18 04:03 - 00099056 _____ (McAfee, Inc.) C:\Windows\System32\MfeOtlkAddin.dll
    2014-10-18 04:04 - 2014-10-18 04:03 - 00074848 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
    2014-10-18 04:04 - 2014-10-18 04:03 - 00022816 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
    2014-10-18 03:55 - 2014-10-18 03:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
    2014-10-18 03:28 - 2013-09-16 13:14 - 00014896 _____ () C:\Windows\System32\Drivers\etc\hosts.20141018-122814.backup
    2014-10-18 03:23 - 2014-10-20 17:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-10-18 03:23 - 2014-10-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2014-10-18 03:23 - 2014-10-18 03:23 - 00001233 _____ () C:\Users\Sara\Desktop\Spybot - Search & Destroy.lnk
    2014-10-18 02:32 - 2014-10-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-10-18 02:32 - 2012-04-04 06:56 - 00024904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2014-10-17 22:42 - 2014-10-19 01:12 - 00005622 _____ () C:\Windows\System32\.crusader
    2014-10-17 13:46 - 2014-10-20 17:29 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-17 13:46 - 2014-10-19 22:44 - 00034808 _____ () C:\Windows\System32\Drivers\TrueSight.sys
    2014-10-17 13:11 - 2014-10-20 17:29 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-10-17 12:15 - 2014-10-19 04:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-17 12:07 - 2014-10-17 12:08 - 15725144 _____ () C:\Users\Sara\Desktop\RogueKiller.exe
    2014-10-17 12:06 - 2014-10-17 12:09 - 11194928 _____ (SurfRight B.V.) C:\Users\Sara\Desktop\HitmanPro_x64.exe
    2014-10-17 08:28 - 2014-10-17 08:28 - 00000005 _____ () C:\Windows\abhchcig.ini
    2014-10-17 08:28 - 2014-10-17 08:28 - 00000005 _____ () C:\Windows\abhchcgp.ini
    2014-10-17 08:28 - 2014-10-17 08:28 - 00000005 _____ () C:\Windows\abhchcfb.ini
    2014-10-17 08:28 - 2014-10-17 08:28 - 00000005 _____ () C:\Windows\abhchcbc.ini
    2014-10-17 08:28 - 2014-10-17 08:28 - 00000005 _____ () C:\Windows\abhchcam.ini
    2014-10-17 06:59 - 2009-08-14 14:46 - 00014848 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\SysWOW64\digicoin.dll
    2014-10-17 06:59 - 2006-12-08 14:21 - 00090112 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\SysWOW64\WinMMFix.dll
    2014-10-17 06:58 - 2009-08-14 17:35 - 00038928 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\SysWOW64\Drivers\dgfwboot.sys
    2014-10-17 06:58 - 2009-08-14 17:35 - 00021520 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\System32\Drivers\diginet.sys
    2014-10-17 06:58 - 2009-08-14 17:34 - 02554622 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\SysWOW64\dgfwdio.dll
    2014-10-17 06:58 - 2009-08-14 14:44 - 00176128 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\SysWOW64\Diomidi.DLL
    2014-10-17 06:58 - 2009-08-14 14:43 - 00368640 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\SysWOW64\digiasio.dll
    2014-10-17 06:58 - 2009-08-14 14:43 - 00196608 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\Windows\SysWOW64\Digi32.dll
    2014-10-17 06:29 - 2014-10-17 06:29 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Leadertech
    2014-10-17 05:54 - 2014-10-17 05:54 - 00000000 ____D () C:\Digidesign Databases
    2014-10-17 01:35 - 2014-10-17 09:44 - 00000000 ____D () C:\Users\Sara\Desktop\New download 2015
    2014-10-17 01:18 - 2014-10-17 01:18 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Daichi
    2014-10-16 07:35 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
    2014-10-16 07:35 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2014-10-16 07:35 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2014-10-16 07:35 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
    2014-10-16 07:35 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
    2014-10-16 07:35 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
    2014-10-16 07:35 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
    2014-10-16 07:35 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
    2014-10-16 07:35 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
    2014-10-16 07:35 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
    2014-10-16 07:35 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2014-10-16 07:35 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-10-16 07:35 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
    2014-10-16 07:35 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
    2014-10-16 07:35 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
    2014-10-16 07:35 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2014-10-16 07:35 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
    2014-10-16 07:35 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
    2014-10-16 07:35 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
    2014-10-16 07:35 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
    2014-10-16 07:35 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
    2014-10-16 07:35 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
    2014-10-16 07:35 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2014-10-16 07:35 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
    2014-10-16 07:35 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
    2014-10-16 07:35 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2014-10-16 07:35 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2014-10-16 07:35 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2014-10-16 07:35 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2014-10-16 07:35 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-10-16 07:35 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-10-16 07:35 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-10-16 07:35 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-10-16 07:35 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-10-16 07:35 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
    2014-10-16 07:35 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2014-10-16 07:35 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
    2014-10-16 01:41 - 2014-10-16 01:41 - 00000000 ____D () C:\Program Files (x86)\Zero-G
    2014-10-16 01:14 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
    2014-10-16 01:14 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
    2014-10-16 01:14 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
    2014-10-16 01:14 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-16 01:14 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-16 01:14 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-16 01:14 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2014-10-16 01:14 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-16 01:14 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
    2014-10-16 01:14 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2014-10-16 01:14 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-10-16 01:14 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-16 01:14 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-16 01:14 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-16 01:14 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2014-10-16 01:14 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-16 01:14 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-16 01:14 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-16 01:13 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2014-10-16 01:13 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2014-10-16 01:13 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-16 01:13 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-16 01:13 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-16 01:13 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2014-10-16 01:13 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2014-10-16 01:13 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
    2014-10-16 01:13 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2014-10-16 01:13 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2014-10-16 01:13 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2014-10-16 01:13 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
    2014-10-16 01:13 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2014-10-16 01:13 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2014-10-16 01:13 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2014-10-16 01:13 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2014-10-16 01:13 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-16 01:13 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
    2014-10-16 01:13 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
    2014-10-16 01:13 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-10-16 01:13 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-16 01:13 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2014-10-16 01:13 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-16 01:13 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2014-10-16 01:13 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-16 01:13 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2014-10-16 01:13 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-16 01:13 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2014-10-16 01:13 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-16 01:13 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-16 01:13 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-16 01:13 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-16 01:13 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2014-10-16 01:13 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2014-10-16 01:13 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2014-10-16 01:13 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-16 01:13 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-16 01:13 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2014-10-16 01:13 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-16 01:13 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2014-10-16 01:13 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-16 01:12 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2014-10-16 01:12 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
    2014-10-16 01:12 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-16 01:12 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-16 01:12 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
    2014-10-16 01:12 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-16 01:12 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
    2014-10-16 01:10 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
    2014-10-16 01:10 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-16 01:10 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
    2014-10-16 01:10 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-16 01:10 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2014-10-16 01:10 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
    2014-10-16 01:10 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
    2014-10-16 01:10 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
    2014-10-16 01:10 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2014-10-16 01:10 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
    2014-10-16 01:10 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
    2014-10-16 01:10 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-16 01:10 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-16 01:10 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-16 01:10 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2014-10-16 01:10 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
    2014-10-16 01:09 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
    2014-10-16 01:09 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-16 01:09 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2014-10-16 01:09 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

    --------------------------------------------------

    Sorry....still too long...I will attach the rest of the log on new post:confused:
     
    Jazmin14,
    #2


  3. to hide this advert.

  4. 2014/10/20
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,157
    Likes Received:
    501
    Hi Jazmin14, Welcome to WindowsBBS. :)
    I would suspect you have a Virus/Malware problem. Your best bet is to Post in our Virus and Malware forum and follow the procedure outlined there.
    DON'T do anything until instructed by Broni (specialist), I'm sure you'll get the best attention possible. Neil.
     
    retiredlearner,
    #3
  5. 2014/10/20
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,901
    Likes Received:
    510
    Hi Jazmin14, Welcome to Windowsbbs! :)

    Please read this post, then post the requested log(s) in this thread in your next reply.

    I moved this thread to the Malware and Virus Removal Forum for you.
     
    Evan Omo,
    #4
  6. 2014/10/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================

    You need to split FRST log between couple of replies.
    I need to see entire log.
     
    broni,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...