Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2015 Ran by SYSTEM on MININT-PEXF12 (01-08-2015 17:22:39) Running from X:\Users\Default\Desktop Platform: WIN_8 (X64) Language: English (United States) Boot Mode: Recovery ATTENTION: Could not load system hive. ERROR: The configuration registry database is corrupt. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) ATTENTION: Software hive is not loaded. GroupPolicyUsers\S-1-5-21-3053974345-2293372465-1268832192-1005\User: Group Policy Restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3053974345-2293372465-1268832192-1001\User: Group Policy Restriction detected <======= ATTENTION (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-01 17:22 - 2015-08-01 17:22 - 00000000 ____D C:\FRST 2015-07-28 00:33 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll 2015-07-25 19:53 - 2014-04-15 16:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\System32\aspnet_counters.dll 2015-07-20 10:51 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2015-07-20 10:51 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll 2015-07-18 04:54 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2015-07-18 04:45 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2015-07-18 04:44 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2015-07-18 04:44 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2015-07-18 04:41 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2015-07-18 04:41 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2015-07-18 04:41 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2015-07-18 04:41 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2015-07-18 04:41 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2015-07-18 04:41 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2015-07-18 04:41 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2015-07-18 04:41 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2015-07-18 04:41 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2015-07-18 04:41 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll 2015-07-18 04:41 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2015-07-18 04:41 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2015-07-18 04:41 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2015-07-18 04:41 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll 2015-07-18 04:41 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2015-07-18 04:41 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2015-07-18 04:24 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2015-07-17 10:01 - 2015-07-17 10:01 - 00001448 _____ C:\Users\Jean-Claude\Desktop\ROBLOX Player.lnk 2015-07-17 09:37 - 2015-07-17 09:37 - 00279288 _____ C:\Windows\Minidump\071715-39046-01.dmp 2015-07-17 04:06 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe 2015-07-17 04:06 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2015-07-17 04:06 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll 2015-07-17 04:06 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll 2015-07-17 04:06 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll 2015-07-17 04:06 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll 2015-07-17 04:06 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2015-07-16 09:34 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2015-07-16 09:34 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll 2015-07-16 09:34 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2015-07-16 09:34 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2015-07-16 09:34 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2015-07-16 09:34 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll 2015-07-16 09:34 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2015-07-16 09:34 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2015-07-16 09:34 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2015-07-16 09:34 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll 2015-07-16 09:34 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll 2015-07-16 09:33 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2015-07-16 09:33 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2015-07-16 09:33 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2015-07-16 09:33 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys 2015-07-16 09:33 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys 2015-07-16 09:33 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys 2015-07-16 09:33 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll 2015-07-16 09:33 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2015-07-16 09:33 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2015-07-16 09:33 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2015-07-16 09:33 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\WiFiDisplay.dll 2015-07-16 09:32 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\msiexec.exe 2015-07-16 09:32 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll 2015-07-16 09:32 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll 2015-07-16 09:32 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\werdiagcontroller.dll 2015-07-16 09:32 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2015-07-16 09:32 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2015-07-16 09:32 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll 2015-07-16 09:32 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll 2015-07-16 09:32 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\System32\GeofenceMonitorService.dll 2015-07-16 09:32 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2015-07-16 09:32 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys 2015-07-16 09:30 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-16 09:30 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll 2015-07-15 06:50 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll 2015-07-15 06:50 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2015-07-15 06:50 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\System32\fhcpl.dll 2015-07-15 06:50 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\System32\apphelp.dll 2015-07-15 06:50 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\System32\locale.nls 2015-07-15 06:50 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\System32\msftedit.dll 2015-07-15 06:49 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll 2015-07-15 06:49 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll 2015-07-15 06:49 - 2015-05-01 16:33 - 00410739 _____ C:\Windows\System32\ApnDatabase.xml 2015-07-06 05:22 - 2015-07-17 09:37 - 460775991 _____ C:\Windows\MEMORY.DMP 2015-07-06 05:22 - 2015-07-06 05:23 - 00279288 _____ C:\Windows\Minidump\070615-22546-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-01 04:23 - 2015-02-05 07:49 - 02060711 _____ C:\Windows\WindowsUpdate.log 2015-08-01 04:10 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\System32\sru 2015-07-31 11:17 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Microsoft.NET 2015-07-31 11:05 - 2015-02-07 04:28 - 00011256 _____ C:\Windows\setupact.log 2015-07-28 11:03 - 2012-07-26 00:59 - 00000000 ____D C:\Windows\CbsTemp 2015-07-27 12:04 - 2014-11-05 10:50 - 00000000 ____D C:\users\Lolin 2015-07-27 12:04 - 2014-11-05 10:50 - 00000000 ____D C:\users\Jean-Claude 2015-07-27 10:56 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\SysWOW64 2015-07-27 10:33 - 2012-11-22 05:58 - 00000000 ____D C:\ProgramData\Temp 2015-07-27 09:31 - 2013-12-01 09:45 - 00000000 ____D C:\Users\Jean-Claude\AppData\Roaming\.minecraft 2015-07-27 07:13 - 2015-01-15 07:09 - 00000000 ____D C:\Users\Jean-Claude\AppData\Roaming\Raptr 2015-07-25 08:35 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness 2015-07-25 06:18 - 2015-04-05 01:00 - 00000000 ___SD C:\Windows\System32\GWX 2015-07-23 22:29 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache 2015-07-22 04:24 - 2014-11-05 11:33 - 00000000 ____D C:\Users\Jean-Claude\OneDrive 2015-07-20 14:18 - 2013-08-22 07:44 - 00484144 _____ C:\Windows\System32\FNTCACHE.DAT 2015-07-20 14:17 - 2013-08-22 06:25 - 01310720 ___SH C:\Windows\System32\config\BBI 2015-07-17 09:48 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\WinStore 2015-07-17 09:37 - 2014-12-11 15:12 - 00000000 ____D C:\Windows\System32\appraiser 2015-07-17 09:37 - 2014-09-24 11:10 - 00000000 ___SD C:\Windows\System32\CompatTel 2015-07-17 09:37 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData 2015-07-17 09:37 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\System32\fr-FR 2015-07-16 09:46 - 2013-09-04 12:45 - 00000000 ____D C:\Windows\System32\MRT 2015-07-16 09:09 - 2013-08-22 06:36 - 00000000 ___RD C:\Program Files (x86) 2015-07-15 10:44 - 2014-12-14 08:25 - 00000000 ____D C:\Users\Jean-Claude\AppData\Local\Deployment 2015-07-12 13:29 - 2015-02-07 04:28 - 00096896 _____ C:\Windows\PFRO.log 2015-07-06 05:22 - 2015-03-25 05:02 - 00000000 ____D C:\Windows\Minidump 2015-07-05 03:08 - 2014-10-01 11:56 - 00300704 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2015-07-02 23:43 - 2013-05-24 00:22 - 130333168 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe Some files in TEMP: ==================== C:\Users\Jean-Claude\AppData\Local\Temp\drm_dyndata_7380014.dll C:\Users\Lolin\AppData\Local\Temp\drm_dyndata_7380014.dll ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe [2015-03-10 11:07] - [2015-01-27 16:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88 C:\Windows\System32\winlogon.exe [2015-03-11 15:16] - [2014-10-28 18:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437 C:\Windows\System32\wininit.exe [2015-03-11 15:12] - [2014-10-28 18:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380 C:\Windows\System32\svchost.exe [2015-03-11 15:10] - [2014-10-28 21:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47 C:\Windows\System32\services.exe [2015-05-13 03:27] - [2015-04-08 15:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45 C:\Windows\System32\User32.dll [2015-03-11 15:21] - [2014-10-28 21:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5 C:\Windows\System32\userinit.exe [2015-03-11 15:07] - [2014-10-28 18:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F C:\Windows\System32\rpcss.dll [2015-03-11 15:20] - [2014-10-28 18:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2014-09-24 08:44] - [2014-09-24 08:44] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB ==================== Restore Points ========================= Restore point made on: 2015-07-10 08:47:14 Restore point made on: 2015-07-15 07:09:28 Restore point made on: 2015-07-18 13:55:32 Restore point made on: 2015-07-25 19:49:53 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 3800.02 MB Available physical RAM: 2923.38 MB Total Virtual: 3800.02 MB Available Virtual: 1421.5 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:1.5 GB) (Free:1.46 GB) NTFS Drive c: (Acer) (Fixed) (Total:922.76 GB) (Free:729.1 GB) NTFS Drive d: (DATA) (Fixed) (Total:924.01 GB) (Free:861.76 GB) NTFS Drive e: (KINGSTON) (Removable) (Total:14.46 GB) (Free:13.68 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.24 GB) (Free:0.24 GB) NTFS Drive y: (WIN8PESE) (CDROM) (Total:0.42 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 14.5 GB) (Disk ID: 04030201) Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C) LastRegBack: 2015-07-31 11:16 ==================== End of log ============================