FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Administrator (administrator) on FORUMADMINS on 03-08-2014 17:16:55
Running from C:\Users\Administrator\Desktop
Platform: Windows Server 2008 R2 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(Apache Software Foundation) C:\elasticsearch-0.90.9\bin\elasticsearch-service-x64.exe
(hMailServer) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
() D:\mysql-5.5.9\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\Administrator\Downloads\NetMeter.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\InetMgr.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Halvar Information) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(The PHP Group) C:\inetpub\php-5.4.22-nts\php-cgi.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(The PHP Group) C:\inetpub\php-5.5.0-nts\php-cgi.exe
(The PHP Group) C:\inetpub\php-5.4.22-nts\php-cgi.exe
(The PHP Group) C:\inetpub\php-5.4.22-nts\php-cgi.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-3518012042-1827334665-130950791-500\...\Run: [NetMeter] => C:\Users\Administrator\Downloads\NetMeter.exe [296960 2009-02-10] ()
Lsa: [Notification Packages] scecli rassfm
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F}
http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\..\Interfaces\{1C892D5B-3031-404C-99FD-33D96921F52B}: [NameServer]4.2.2.2,4.2.2.1,8.8.8.8
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 DeltaCopyService; C:\DeltaCopy\DCServce.exe [683008 2011-01-07] (Synametrics Technologies) [File not signed]
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
R2 elasticsearch-service-x64; C:\elasticsearch-0.90.9\bin\elasticsearch-service-x64.exe [103936 2013-12-22] (Apache Software Foundation) [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-13] (Microsoft Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [6067712 2014-06-07] (hMailServer) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MySQL; D:\mysql-5.5.9\bin\mysqld.exe [9631232 2011-03-13] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 rqs; C:\Windows\system32\rqs.exe [41472 2010-11-20] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-13] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2010-11-21] (Microsoft Corporation)
S2 WinQvods; C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinQvodPlayer.exe -k [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-13] (Microsoft Corporation)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN620.sys [32400 2012-09-01] (Realtek Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S1 qsscomnl; \??\C:\Windows\system32\drivers\qsscomnl.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 VMSMP; system32\DRIVERS\vmswitch.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 17:16 - 2014-08-03 17:17 - 00008573 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-08-03 17:16 - 2014-08-03 17:17 - 00000000 ____D () C:\FRST
2014-08-03 17:16 - 2014-08-03 17:16 - 02094080 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-08-03 17:13 - 2014-08-03 17:13 - 00000000 ____D () C:\Users\Administrator\Documents\Stuff
2014-08-02 23:55 - 2014-08-02 23:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-02 18:03 - 2014-08-02 18:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-08-02 18:03 - 2014-08-02 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-02 18:03 - 2014-08-02 18:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-02 18:03 - 2014-08-02 18:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-02 18:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-02 18:00 - 2014-08-02 18:00 - 00000000 ____D () C:\Users\Administrator\Documents\Malwarebytes_Anti-Malware-for-Business
2014-08-02 18:00 - 2014-08-02 17:59 - 67187077 _____ () C:\Users\Administrator\Documents\Malwarebytes_Anti-Malware-for-Business.zip
2014-08-02 17:43 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 17:43 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 17:43 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 17:43 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 17:43 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 17:43 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 17:43 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 17:43 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 17:43 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 17:43 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 17:43 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 17:43 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 17:43 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 17:43 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 06:19 - 2014-08-02 06:23 - 00004918 __RSH () C:\ProgramData\ntuser.pol
2014-08-02 06:00 - 2014-08-03 17:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2014-08-01 21:43 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-01 21:43 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-01 17:58 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-01 17:58 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-01 17:58 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-01 17:58 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-01 17:58 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-01 17:58 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-01 17:58 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-01 17:58 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-01 17:58 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-01 17:58 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-01 17:58 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-01 17:58 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-01 17:58 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-01 17:58 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-01 17:58 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-01 17:58 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-01 17:58 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-01 17:58 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-27 02:04 - 2014-07-27 02:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-07-26 10:19 - 2014-07-26 10:19 - 00000019 _____ () C:\Users\Administrator\Documents\dns2.txt
2014-07-26 10:18 - 2014-07-26 10:18 - 00001255 _____ () C:\Users\Administrator\Documents\dns.txt
2014-07-13 13:22 - 2014-07-13 13:22 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\Umar_Temp.bmp
2014-07-13 13:21 - 2014-07-13 13:22 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\PhotoFoxRZ.bmp
2014-07-13 13:21 - 2014-07-13 13:21 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\BobS.bmp
2014-07-13 13:21 - 2014-07-13 13:21 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\BeeCeeBee10112011.bmp
2014-07-13 13:21 - 2014-07-13 13:21 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\admini.bmp
2014-07-08 22:28 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 22:28 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 22:28 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 22:28 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 22:28 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 22:28 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 22:28 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 22:28 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 22:28 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 22:28 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 22:28 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 22:28 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 22:28 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 22:28 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 22:28 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 22:28 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 22:28 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 22:28 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 22:28 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 22:28 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 22:28 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 22:27 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 22:27 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 22:27 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 22:27 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 22:27 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 22:27 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 22:27 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 22:27 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 22:27 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 22:27 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 22:27 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 22:27 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 22:27 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 22:27 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 22:27 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 22:27 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 22:27 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 22:27 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 22:27 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 22:27 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 22:27 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 22:27 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 22:27 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 22:27 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 22:27 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 22:27 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 22:27 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 22:27 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 22:27 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 22:27 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 22:27 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 22:27 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 22:27 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 22:27 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 22:27 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 22:27 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 22:27 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 22:27 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 22:27 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 22:27 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 22:27 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 22:27 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 22:27 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 22:27 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 22:27 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 22:27 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 22:27 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 22:27 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 22:27 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 22:27 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 22:27 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 22:27 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 22:27 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 22:27 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 22:27 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 22:27 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-03 17:17 - 2014-08-03 17:16 - 00008573 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-08-03 17:17 - 2014-08-03 17:16 - 00000000 ____D () C:\FRST
2014-08-03 17:17 - 2014-08-02 06:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2014-08-03 17:16 - 2014-08-03 17:16 - 02094080 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-08-03 17:13 - 2014-08-03 17:13 - 00000000 ____D () C:\Users\Administrator\Documents\Stuff
2014-08-03 17:12 - 2011-03-12 17:11 - 00000000 ____D () C:\Windows\system32\dns
2014-08-03 17:10 - 2011-03-12 18:29 - 01194560 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 16:35 - 2009-07-13 23:49 - 00024176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 16:35 - 2009-07-13 23:49 - 00024176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 23:55 - 2014-08-02 23:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-02 18:03 - 2014-08-02 18:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-08-02 18:03 - 2014-08-02 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-02 18:03 - 2014-08-02 18:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-02 18:03 - 2014-08-02 18:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-02 18:00 - 2014-08-02 18:00 - 00000000 ____D () C:\Users\Administrator\Documents\Malwarebytes_Anti-Malware-for-Business
2014-08-02 17:59 - 2014-08-02 18:00 - 67187077 _____ () C:\Users\Administrator\Documents\Malwarebytes_Anti-Malware-for-Business.zip
2014-08-02 17:32 - 2011-06-11 06:19 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\PHP_User.bmp
2014-08-02 17:32 - 2011-06-11 06:19 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2014-08-02 14:32 - 2011-03-12 17:11 - 00000000 ____D () C:\inetpub
2014-08-02 06:23 - 2014-08-02 06:19 - 00004918 __RSH () C:\ProgramData\ntuser.pol
2014-08-02 05:58 - 2009-07-14 00:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 05:58 - 2009-07-13 23:56 - 00032453 _____ () C:\Windows\setupact.log
2014-08-01 22:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 21:45 - 2010-11-20 22:47 - 00196556 _____ () C:\Windows\PFRO.log
2014-07-27 02:04 - 2014-07-27 02:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-07-26 16:45 - 2011-10-23 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hMailServer
2014-07-26 16:45 - 2011-10-23 10:09 - 00000000 ____D () C:\Program Files (x86)\hMailServer
2014-07-26 10:19 - 2014-07-26 10:19 - 00000019 _____ () C:\Users\Administrator\Documents\dns2.txt
2014-07-26 10:18 - 2014-07-26 10:18 - 00001255 _____ () C:\Users\Administrator\Documents\dns.txt
2014-07-26 10:14 - 2011-03-12 21:52 - 00000000 ____D () C:\Users\Administrator\Documents\Tools
2014-07-26 00:12 - 2013-04-14 12:41 - 00016585 _____ () C:\Users\Administrator\AppData\Local\Temp\chrome_installer.log
2014-07-26 00:12 - 2013-04-14 12:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-25 23:43 - 2009-07-14 00:10 - 00810646 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 23:35 - 2012-07-04 12:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 23:35 - 2012-07-04 12:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 03:01 - 2012-07-04 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-13 13:22 - 2014-07-13 13:22 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\Umar_Temp.bmp
2014-07-13 13:22 - 2014-07-13 13:21 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\PhotoFoxRZ.bmp
2014-07-13 13:21 - 2014-07-13 13:21 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\BobS.bmp
2014-07-13 13:21 - 2014-07-13 13:21 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\BeeCeeBee10112011.bmp
2014-07-13 13:21 - 2014-07-13 13:21 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\admini.bmp
2014-07-12 23:00 - 2011-03-12 18:33 - 00000000 ____D () C:\Users\Administrator
2014-07-09 03:20 - 2009-07-13 23:49 - 00267240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 03:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 03:03 - 2013-08-13 20:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2011-07-13 16:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 00:35
==================== End Of Log ============================