I've been fighting with an infection of MPC cleaner for about a week now.
Using a few tools (Norton Power Eraser, Spyhunter, Adwcleaner) i've managed to get most of it removed.
The only infection left is mpckpt, and nothing i've tried seems to be able to remove it.
I was reading another related thread, and it appears you guys might be able to help.
http://www.techsupportforum.com/foru...e-1113401.html
Thank you for your help.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18347 BrowserJavaVersion: 11.77.2
Run by dhudson at 8:12:32 on 2016-07-30
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.32643.28586 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\HALAN\WinControl 2000\WinControl.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [WinControl] C:\Program Files (x86)\HALAN\WinControl 2000\WinControl.exe
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
uRun: [Pidgin] "C:\Program Files (x86)\Pidgin\pidgin.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
Trusted Zone: lsi-controls.net
Trusted Zone: lsi-industries.com
Trusted Zone: lynxpdx.com
Trusted Zone: virticus.com
Trusted Zone: virticus.info
TCP: NameServer = 10.129.8.1
TCP: Interfaces\{0D6A0639-22C6-4FDA-8024-9E9CEA3C9311} : DHCPNameServer = 10.129.8.1
TCP: Interfaces\{D29F7DCE-B1C9-4B7C-A1C0-81D0B9D4A4AE} : DHCPNameServer = 10.129.8.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 file_tracker;file_tracker;C:\Windows\System32\drivers\file_tracker.sys [2015-3-10 296736]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2015-3-10 126752]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-24 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2015-3-10 1328928]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2015-3-10 248096]
R1 FortiFilter;Fortinet NDIS6 Packet Filter Service;C:\Windows\System32\drivers\FortiFilter.sys [2014-12-11 25312]
R1 FortiShield;FortiShield;C:\Windows\System32\drivers\FortiShield.sys [2015-10-6 72064]
R1 MPCKpt;MPCKpt;C:\Windows\System32\drivers\MPCKpt.sys [2016-7-26 60136]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2015-3-21 98208]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2015-3-10 3992568]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2016-2-21 149440]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2016-7-18 144560]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-10-1 330136]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2016-3-29 21184]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-3-21 290520]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-5-18 327064]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-7-10 754784]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-8-20 6847712]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-3-11 5495056]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-7-6 856728]
R3 ft_vnic;Fortinet network virtual adapter;C:\Windows\System32\drivers\ftvnic.sys [2016-2-6 16928]
R3 GeneStor;Genesys Logic Storage Driver;C:\Windows\System32\drivers\GeneStor.sys [2015-7-9 115704]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-24 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-24 791608]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 133816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2015-7-23 54024]
S1 FortiFW;FortiFW;C:\Windows\System32\drivers\fortifw2.sys [2015-10-6 37248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 TrueCryptSystemFavorites;TrueCrypt System Favorites;C:\Windows\SysWOW64\TrueCrypt.exe [2015-3-13 1516496]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-5-20 1916416]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2015-3-10 15768]
S3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
S3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-7-10 120416]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2016-7-28 22704]
S3 fortiapd;fortiapd;C:\Windows\System32\drivers\fortiapd.sys [2015-10-6 17792]
S3 Fortips;Fortips;C:\Windows\System32\drivers\fortips.sys [2015-10-6 145792]
S3 fortisniff;fortisniff;C:\Windows\System32\drivers\fortisniff2.sys [2015-10-6 38272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-6-14 114688]
S3 libusbK;libusbK USB Driver 12/25/2013 - 3.0.6.0;C:\Windows\System32\drivers\libusbK.sys [2015-3-10 47200]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-9 19456]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTWlanU.sys [2015-3-9 2890456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-7-10 213088]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2015-3-9 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-9 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-3-9 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service;C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2016-3-22 56552]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-3-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-30 23200]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2016-07-30 15:00:19 -------- d-----w- C:\FRST
2016-07-30 14:11:14 110080 ----a-r- C:\Users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2016-07-30 14:11:14 110080 ----a-r- C:\Users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2016-07-30 14:11:14 -------- d-----w- C:\sh4ldr
2016-07-30 13:49:41 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-30 13:34:32 -------- d-----w- C:\Users\dhudson\AppData\Local\NPE
2016-07-30 13:34:31 -------- d-----w- C:\ProgramData\Norton
2016-07-30 13:33:44 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E8D5ACC-E29B-40E8-87D6-003F2FAC2D53}\mpengine.dll
2016-07-30 13:28:35 -------- d-----w- C:\Program Files\Registrar Registry Manager
2016-07-29 15:32:14 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2016-07-29 15:32:04 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-07-29 15:32:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2016-07-29 03:39:32 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-07-29 03:39:30 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF016C99-95CD-4C46-84B9-DAF7076D7F52}\gapaengine.dll
2016-07-28 23:15:30 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2016-07-28 23:09:10 -------- d-----w- C:\ProgramData\Innovative Solutions
2016-07-28 23:09:09 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions
2016-07-28 23:09:07 -------- d-----w- C:\Users\dhudson\AppData\Local\Innovative Solutions
2016-07-27 15:10:56 -------- d-sh--w- C:\$RECYCLE.BIN
2016-07-27 14:54:02 98816 ----a-w- C:\Windows\sed.exe
2016-07-27 14:54:02 256000 ----a-w- C:\Windows\PEV.exe
2016-07-27 14:54:02 208896 ----a-w- C:\Windows\MBR.exe
2016-07-27 02:12:30 -------- d-----w- C:\Users\dhudson\AppData\Local\CEF
2016-07-26 15:17:47 -------- d-----w- C:\Program Files (x86)\winrule
2016-07-26 15:16:10 -------- d-----w- C:\AdwCleaner
2016-07-26 15:14:12 60136 ------w- C:\Windows\System32\drivers\MPCKpt.sys
2016-07-26 15:14:04 -------- d-----w- C:\Users\dhudson\AppData\Roaming\Desktop
2016-07-26 15:13:18 -------- d-----w- C:\Windows\System32\SSL
2016-07-26 15:12:35 815312 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2016-07-26 15:12:35 392136 ---h--w- C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2016-07-21 14:34:11 -------- d-----w- C:\Users\dhudson\AppData\Roaming\uTorrent
2016-07-21 14:32:56 -------- d-----w- C:\Users\dhudson\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-07-18 17:44:44 -------- d-----w- C:\Program Files\EpsonNet
2016-07-18 17:44:42 466944 ----a-w- C:\Windows\System32\esxw2ud.dll
2016-07-18 17:44:42 144560 ----a-w- C:\Windows\System32\escsvc64.exe
2016-07-15 19:01:13 -------- d-----w- C:\Users\dhudson\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2016-07-10 15:24:11 213088 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2016-07-10 15:24:11 120416 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2016-07-10 15:23:41 144664 ----a-w- C:\Windows\SysWow64\secman.dll
2016-07-10 15:23:41 -------- d-----w- C:\Users\dhudson\AppData\Roaming\Samsung
2016-07-10 15:23:34 -------- d-----w- C:\Program Files (x86)\Samsung
2016-07-07 02:38:54 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2016-07-07 02:38:54 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2016-07-07 02:38:32 -------- d-----w- C:\Program Files\SAMSUNG
2016-07-07 02:38:01 -------- d-----w- C:\ProgramData\Samsung
2016-07-07 02:31:01 -------- d-----w- C:\Users\dhudson\AppData\Local\oneClickRoot
2016-07-07 02:31:01 -------- d-----w- C:\Users\dhudson\AppData\Local\AWSToolkit
2016-07-07 02:30:53 -------- d-----w- C:\Program Files (x86)\One Click Root
2016-07-07 02:28:34 -------- d-----w- C:\Users\dhudson\AppData\Roaming\One Click Root
.
==================== Find3M ====================
.
2016-07-27 19:25:34 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-13 05:23:15 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-13 05:23:15 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-06 16:58:26 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-06 16:50:13 1204224 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-03 13:05:46 1413120 ----a-w- C:\Windows\System32\appraiser.dll
2016-05-27 13:06:26 569856 ----a-w- C:\Windows\System32\generaltel.dll
2016-05-27 13:06:26 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-05-27 13:06:26 276480 ----a-w- C:\Windows\System32\invagent.dll
2016-05-27 13:06:26 265216 ----a-w- C:\Windows\System32\centel.dll
2016-05-23 03:04:22 683520 ----a-w- C:\Windows\System32\termsrv.dll
2016-05-22 13:06:29 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-05-20 22:27:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-05-20 22:27:02 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-05-20 22:14:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-05-20 22:10:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-05-20 22:09:21 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-05-20 22:09:13 417792 ----a-w- C:\Windows\System32\html.iec
2016-05-20 22:09:03 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-05-20 22:08:46 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-05-20 22:02:50 6051328 ----a-w- C:\Windows\System32\jscript9.dll
2016-05-20 21:57:57 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-05-20 21:57:20 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-05-20 21:57:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-05-20 21:56:44 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-05-20 21:55:35 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-05-20 21:54:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-05-20 21:54:44 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-05-20 21:54:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-05-20 21:45:27 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-05-20 21:44:11 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-05-20 21:43:35 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-05-20 21:33:22 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-05-20 21:27:58 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-05-20 21:14:05 4610048 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-05-20 21:08:42 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-05-20 21:07:52 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-05-20 21:07:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-05-20 21:06:48 2131968 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-05-20 20:46:53 2597888 ----a-w- C:\Windows\System32\wininet.dll
2016-05-20 20:42:45 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-16 23:22:36 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-05-16 23:19:32 706280 ----a-w- C:\Windows\System32\winload.efi
2016-05-16 23:19:31 5546216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-16 23:19:30 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-16 23:19:30 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-16 23:18:39 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-05-16 23:18:39 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-05-16 23:17:39 1732888 ----a-w- C:\Windows\System32\ntdll.dll
2016-05-16 23:16:18 1314136 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-05-16 21:23:50 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-05-16 21:23:46 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-05-16 21:23:46 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-05-16 21:23:02 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-16 21:19:53 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-05-16 21:19:01 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-05-16 21:16:17 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-16 21:15:43 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-16 21:15:40 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-16 21:14:58 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-16 21:14:55 112640 ----a-w- C:\Windows\System32\smss.exe
2016-05-16 21:14:20 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-16 21:10:29 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-05-16 21:10:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-05-16 21:10:27 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-05-16 21:10:26 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-05-16 21:09:40 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-16 21:09:32 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-05-16 21:09:32 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-16 21:09:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-16 21:09:32 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:34 98816 ----a-w- C:\Windows\System32\wudriver.dll
2016-05-13 22:09:34 3156480 ----a-w- C:\Windows\System32\wucltux.dll
2016-05-13 22:09:34 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 22:07:23 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:53:00 37888 ----a-w- C:\Windows\System32\wuapp.exe
2016-05-13 21:52:49 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:50:05 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:38:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2016-05-13 21:38:30 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:15:04 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-05-12 17:15:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-05-12 17:14:58 373760 ----a-w- C:\Windows\System32\polstore.dll
2016-05-12 17:14:57 862208 ----a-w- C:\Windows\System32\oleaut32.dll
2016-05-12 17:14:48 502272 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2016-05-12 17:14:46 96256 ----a-w- C:\Windows\System32\gpapi.dll
2016-05-12 17:14:46 794624 ----a-w- C:\Windows\System32\gpsvc.dll
2016-05-12 17:14:46 793088 ----a-w- C:\Windows\System32\gpprefcl.dll
.
============= FINISH: 8:13:15.74 ===============
Using a few tools (Norton Power Eraser, Spyhunter, Adwcleaner) i've managed to get most of it removed.
The only infection left is mpckpt, and nothing i've tried seems to be able to remove it.
I was reading another related thread, and it appears you guys might be able to help.
http://www.techsupportforum.com/foru...e-1113401.html
Thank you for your help.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18347 BrowserJavaVersion: 11.77.2
Run by dhudson at 8:12:32 on 2016-07-30
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.32643.28586 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\HALAN\WinControl 2000\WinControl.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [WinControl] C:\Program Files (x86)\HALAN\WinControl 2000\WinControl.exe
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
uRun: [Pidgin] "C:\Program Files (x86)\Pidgin\pidgin.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
Trusted Zone: lsi-controls.net
Trusted Zone: lsi-industries.com
Trusted Zone: lynxpdx.com
Trusted Zone: virticus.com
Trusted Zone: virticus.info
TCP: NameServer = 10.129.8.1
TCP: Interfaces\{0D6A0639-22C6-4FDA-8024-9E9CEA3C9311} : DHCPNameServer = 10.129.8.1
TCP: Interfaces\{D29F7DCE-B1C9-4B7C-A1C0-81D0B9D4A4AE} : DHCPNameServer = 10.129.8.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 file_tracker;file_tracker;C:\Windows\System32\drivers\file_tracker.sys [2015-3-10 296736]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2015-3-10 126752]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-24 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2015-3-10 1328928]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2015-3-10 248096]
R1 FortiFilter;Fortinet NDIS6 Packet Filter Service;C:\Windows\System32\drivers\FortiFilter.sys [2014-12-11 25312]
R1 FortiShield;FortiShield;C:\Windows\System32\drivers\FortiShield.sys [2015-10-6 72064]
R1 MPCKpt;MPCKpt;C:\Windows\System32\drivers\MPCKpt.sys [2016-7-26 60136]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2015-3-21 98208]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2015-3-10 3992568]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2016-2-21 149440]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2016-7-18 144560]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-10-1 330136]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2016-3-29 21184]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-3-21 290520]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-5-18 327064]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-7-10 754784]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-8-20 6847712]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-3-11 5495056]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-7-6 856728]
R3 ft_vnic;Fortinet network virtual adapter;C:\Windows\System32\drivers\ftvnic.sys [2016-2-6 16928]
R3 GeneStor;Genesys Logic Storage Driver;C:\Windows\System32\drivers\GeneStor.sys [2015-7-9 115704]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-24 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-24 791608]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 133816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2015-7-23 54024]
S1 FortiFW;FortiFW;C:\Windows\System32\drivers\fortifw2.sys [2015-10-6 37248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 TrueCryptSystemFavorites;TrueCrypt System Favorites;C:\Windows\SysWOW64\TrueCrypt.exe [2015-3-13 1516496]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-5-20 1916416]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2015-3-10 15768]
S3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
S3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-7-10 120416]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2016-7-28 22704]
S3 fortiapd;fortiapd;C:\Windows\System32\drivers\fortiapd.sys [2015-10-6 17792]
S3 Fortips;Fortips;C:\Windows\System32\drivers\fortips.sys [2015-10-6 145792]
S3 fortisniff;fortisniff;C:\Windows\System32\drivers\fortisniff2.sys [2015-10-6 38272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-6-14 114688]
S3 libusbK;libusbK USB Driver 12/25/2013 - 3.0.6.0;C:\Windows\System32\drivers\libusbK.sys [2015-3-10 47200]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-9 19456]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTWlanU.sys [2015-3-9 2890456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-7-10 213088]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2015-3-9 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-9 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-3-9 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service;C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2016-3-22 56552]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-3-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-30 23200]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2016-07-30 15:00:19 -------- d-----w- C:\FRST
2016-07-30 14:11:14 110080 ----a-r- C:\Users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2016-07-30 14:11:14 110080 ----a-r- C:\Users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2016-07-30 14:11:14 -------- d-----w- C:\sh4ldr
2016-07-30 13:49:41 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-30 13:34:32 -------- d-----w- C:\Users\dhudson\AppData\Local\NPE
2016-07-30 13:34:31 -------- d-----w- C:\ProgramData\Norton
2016-07-30 13:33:44 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E8D5ACC-E29B-40E8-87D6-003F2FAC2D53}\mpengine.dll
2016-07-30 13:28:35 -------- d-----w- C:\Program Files\Registrar Registry Manager
2016-07-29 15:32:14 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2016-07-29 15:32:04 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-07-29 15:32:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2016-07-29 03:39:32 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-07-29 03:39:30 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF016C99-95CD-4C46-84B9-DAF7076D7F52}\gapaengine.dll
2016-07-28 23:15:30 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2016-07-28 23:09:10 -------- d-----w- C:\ProgramData\Innovative Solutions
2016-07-28 23:09:09 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions
2016-07-28 23:09:07 -------- d-----w- C:\Users\dhudson\AppData\Local\Innovative Solutions
2016-07-27 15:10:56 -------- d-sh--w- C:\$RECYCLE.BIN
2016-07-27 14:54:02 98816 ----a-w- C:\Windows\sed.exe
2016-07-27 14:54:02 256000 ----a-w- C:\Windows\PEV.exe
2016-07-27 14:54:02 208896 ----a-w- C:\Windows\MBR.exe
2016-07-27 02:12:30 -------- d-----w- C:\Users\dhudson\AppData\Local\CEF
2016-07-26 15:17:47 -------- d-----w- C:\Program Files (x86)\winrule
2016-07-26 15:16:10 -------- d-----w- C:\AdwCleaner
2016-07-26 15:14:12 60136 ------w- C:\Windows\System32\drivers\MPCKpt.sys
2016-07-26 15:14:04 -------- d-----w- C:\Users\dhudson\AppData\Roaming\Desktop
2016-07-26 15:13:18 -------- d-----w- C:\Windows\System32\SSL
2016-07-26 15:12:35 815312 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2016-07-26 15:12:35 392136 ---h--w- C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2016-07-21 14:34:11 -------- d-----w- C:\Users\dhudson\AppData\Roaming\uTorrent
2016-07-21 14:32:56 -------- d-----w- C:\Users\dhudson\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-07-18 17:44:44 -------- d-----w- C:\Program Files\EpsonNet
2016-07-18 17:44:42 466944 ----a-w- C:\Windows\System32\esxw2ud.dll
2016-07-18 17:44:42 144560 ----a-w- C:\Windows\System32\escsvc64.exe
2016-07-15 19:01:13 -------- d-----w- C:\Users\dhudson\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2016-07-10 15:24:11 213088 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2016-07-10 15:24:11 120416 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2016-07-10 15:23:41 144664 ----a-w- C:\Windows\SysWow64\secman.dll
2016-07-10 15:23:41 -------- d-----w- C:\Users\dhudson\AppData\Roaming\Samsung
2016-07-10 15:23:34 -------- d-----w- C:\Program Files (x86)\Samsung
2016-07-07 02:38:54 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2016-07-07 02:38:54 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2016-07-07 02:38:32 -------- d-----w- C:\Program Files\SAMSUNG
2016-07-07 02:38:01 -------- d-----w- C:\ProgramData\Samsung
2016-07-07 02:31:01 -------- d-----w- C:\Users\dhudson\AppData\Local\oneClickRoot
2016-07-07 02:31:01 -------- d-----w- C:\Users\dhudson\AppData\Local\AWSToolkit
2016-07-07 02:30:53 -------- d-----w- C:\Program Files (x86)\One Click Root
2016-07-07 02:28:34 -------- d-----w- C:\Users\dhudson\AppData\Roaming\One Click Root
.
==================== Find3M ====================
.
2016-07-27 19:25:34 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-13 05:23:15 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-13 05:23:15 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-06 16:58:26 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-06 16:50:13 1204224 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-03 13:05:46 1413120 ----a-w- C:\Windows\System32\appraiser.dll
2016-05-27 13:06:26 569856 ----a-w- C:\Windows\System32\generaltel.dll
2016-05-27 13:06:26 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-05-27 13:06:26 276480 ----a-w- C:\Windows\System32\invagent.dll
2016-05-27 13:06:26 265216 ----a-w- C:\Windows\System32\centel.dll
2016-05-23 03:04:22 683520 ----a-w- C:\Windows\System32\termsrv.dll
2016-05-22 13:06:29 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-05-20 22:27:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-05-20 22:27:02 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-05-20 22:14:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-05-20 22:10:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-05-20 22:09:21 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-05-20 22:09:13 417792 ----a-w- C:\Windows\System32\html.iec
2016-05-20 22:09:03 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-05-20 22:08:46 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-05-20 22:02:50 6051328 ----a-w- C:\Windows\System32\jscript9.dll
2016-05-20 21:57:57 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-05-20 21:57:20 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-05-20 21:57:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-05-20 21:56:44 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-05-20 21:55:35 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-05-20 21:54:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-05-20 21:54:44 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-05-20 21:54:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-05-20 21:45:27 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-05-20 21:44:11 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-05-20 21:43:35 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-05-20 21:33:22 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-05-20 21:27:58 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-05-20 21:14:05 4610048 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-05-20 21:08:42 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-05-20 21:07:52 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-05-20 21:07:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-05-20 21:06:48 2131968 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-05-20 20:46:53 2597888 ----a-w- C:\Windows\System32\wininet.dll
2016-05-20 20:42:45 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-16 23:22:36 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-05-16 23:19:32 706280 ----a-w- C:\Windows\System32\winload.efi
2016-05-16 23:19:31 5546216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-16 23:19:30 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-16 23:19:30 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-16 23:18:39 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-05-16 23:18:39 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-05-16 23:17:39 1732888 ----a-w- C:\Windows\System32\ntdll.dll
2016-05-16 23:16:18 1314136 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-05-16 21:23:50 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-05-16 21:23:46 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-05-16 21:23:46 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-05-16 21:23:02 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-16 21:19:53 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-05-16 21:19:01 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-05-16 21:16:17 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-16 21:15:43 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-16 21:15:40 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-16 21:14:58 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-16 21:14:55 112640 ----a-w- C:\Windows\System32\smss.exe
2016-05-16 21:14:20 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-16 21:10:29 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-05-16 21:10:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-05-16 21:10:27 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-05-16 21:10:26 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-05-16 21:09:40 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-16 21:09:32 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-05-16 21:09:32 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-16 21:09:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-16 21:09:32 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:34 98816 ----a-w- C:\Windows\System32\wudriver.dll
2016-05-13 22:09:34 3156480 ----a-w- C:\Windows\System32\wucltux.dll
2016-05-13 22:09:34 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 22:07:23 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:53:00 37888 ----a-w- C:\Windows\System32\wuapp.exe
2016-05-13 21:52:49 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:50:05 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:38:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2016-05-13 21:38:30 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:15:04 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-05-12 17:15:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-05-12 17:14:58 373760 ----a-w- C:\Windows\System32\polstore.dll
2016-05-12 17:14:57 862208 ----a-w- C:\Windows\System32\oleaut32.dll
2016-05-12 17:14:48 502272 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2016-05-12 17:14:46 96256 ----a-w- C:\Windows\System32\gpapi.dll
2016-05-12 17:14:46 794624 ----a-w- C:\Windows\System32\gpsvc.dll
2016-05-12 17:14:46 793088 ----a-w- C:\Windows\System32\gpprefcl.dll
.
============= FINISH: 8:13:15.74 ===============