Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.DNSChanger - MalwareBytes detects it even after OS reinstallation


  • This topic is locked This topic is locked
52 replies to this topic

#1 reglas

reglas

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 16 January 2015 - 04:12 PM

Hello.
 
For the last few days, I have been trying to get rid of a (fake?) DNS changer trojan. I have been through two clean OS installations (Windows 7, Home Premium 64bit) and I'm getting out of ideas. I'm not a professional, so please be patient with me and sorry for the wall of text. I'm not afraid to start from scratch again, even though I spent almost three days trying to figure it out. Any help is really appreciated. Thank you!
 
 
How it started:
 
I deleted my personal browser settings after a recent Google Chrome update and forgot to reinstall AdBlock. I think I clicked on some ad (a porn page popped up a few times). I ran MalwareBytes immediately after that. MB found this:
pbxnG2B.jpg
 
I let MB clean it, restarted my PC, but it didn't help. I noticed thanks to the following alert - I think it popped up when ESET/MB tried to update after restart or when I opened Chrome: 
8jYRJZy.jpg
 
I ran MB scan again, it found the same two items. I tried to remove it several times with MB, but nothing changed. The svchost.exe kept popping up while I was using the web browser, downloading updates, basically on every data transfer via network. The message is still the same, only the port number always changes.
 
Notes: 
- I noticed a variation of the svchost.exe pop-up with ESET's "ekrn.exe" (I think it popped up a few times during the download stage of a fresh ESET installation after reinstalling OS) 
- MB finds the two items even when I'm disconnected from network
- I didn't notice slowdowns in any way
 
 
What I've done so far:
 
- after MB didn't work, I tried several other antivirus, anti-malware and other "pc fixing" tools such as:  Spybot S&D, Kaspersky TDSS Killer, SUPERAntiSpyware, Windows Defender, ESET NOD32 / ESET Smart Security, ComboFix...     - none of those found any malicious items. All of them had 100% clean reports, so I started to wonder, whether MalwareBytes flagged a fake trojan, maybe after a recent Windows Update which came out exactly on that day. My friend installed MalwareBytes on his Windows 7 to check out, whether he had some problems with it too, but his system was ok.
- I also did HijackThis and DDS scans and nothing seemed out of ordinary, although I'm not a trained expert
- I ran sfc /scannow, everything was 100% ok
- I tried to edit/delete some files in registry (those, that popped up in MB scans and also some mentioned in various guides for DNS trojans, most of them were in HKLM/system/currentcontrolset/services/tcpip), nothing happened
 
After none of mentioned worked, I decided to simply reformat my HDD and reinstall OS. Before reinstalling I plugged in my external HDD to save some files. I reformatted my HDD, reinstalled OS, then installed only some basic drivers from motherboard CD, Windows updates and ESET. I scanned my PC with ESET, the results were clean. Then I downloaded MB and also connected my external HDD, because I though everything was fine. I'm not sure whether this time the svchost.exe pop-ups started before the first MB scan (during the updates download after installation), but anyway, I ran a MB scan and it found the two trojan items again (only the random number/letter directory in the second row in Pic1 changed).  
 
I have to say that I was a bit shocked, but then I realized I might had transferred it with the external drive. I tried multiple antivirus/antispyware tools again, everything was clean according to them, so I decided to do another clean OS install without using the external HDD. Unfortunately, it didn't solve the MB alerts. 
 
I thought that maybe the malicious code hid somewhere in UEFI (I haven't tried resetting it yet*), or in my mouse/keyboard, (Logitech G15 + Razer Taipan), although the G15 was not connected (I used an old PS2 keyboard) and the mouse doesn't have an onboard memory, it uses could storage. 
*One question regarding resetting UEFI - will I be able to install Windows with the same license key? Afaik, the serial key is stored right here, so I'm worried it might not recognize my PC.
 
Next I used Kaspersky Rescue Disk. I burned it to a CD, booted the system with it, ran an update, scanned the computer and it found absolutely nothing.
 
I don't think this is relevant, but I ran TCPView while looking at svchost.exe pop-ups from MalwareBytes and tried to compare and find a match in port number indicated in the MB pop-up and the listing from TCPView. Haven't seen any match, though. Is it even possible to see it, if MB blocks it right away?
 
One more thing regarding this "infected PC", though I don't think it is relevant either - few hours ago, I ran the last MalwareBytes scan on it, same result, two malicious items. I went afk, PC was in stand-by (display was turned off). I looked at the PC after a while and MB was not responding (it was like that when I refreshed the screen). I hit X, "The application is not responding....". I waited for 10-15 minutes. Before I hit "End process" I made a DDS log, if that helps (I shouldn't post it here, according to forum rules). I tried to close it via Task Manager, but it was still in the "not responding mode". Everything else worked just fine.
 
Lastly, in my house, there are multiple PCs. Is it possible, that I got infected from another computer over network? I scanned the other computer (Windows XP 32bit) with ESET - results were clean. I tried to install MalwareBytes on it, but I couldn't because of runtime errors during installation (maybe XP OS was the problem, nevertheless, I tried to uninstall every piece of MalwareBytes software on it with their uninstaller and reinstall several times, nothing worked). I decided to run Kaspersky Rescue Disk on it too.  It doesn't have a dvd drive, so I formatted a USB with Kaspersky USB burn tool. Unfortunately, the USB is faulty, so now I'm trying to format a different USB.
 
 
Next step:
 
Soo...that's basically where I am now. As I mentioned above, I will try to run Kaspersky Rescue Disk from a different USB on the other computer and also, when I'm done with that, I will try to update the firmware on my router.
 
Do you think it's a false alarm? I've never had a problem with MalwareBytes. I have been using it in combination with ESET NOD32 for a few years now. Today I heard that MB may not be the perfect choice, because it acts kind of like an antivirus too and can interfere with other antivirus software. Can you explain, please?
 
I may have forgotten to mention something, but please, just ask. Any help is greatly appreciated. 
 
Thank you.

Edited by Chris Cosgrove, 16 January 2015 - 07:02 PM.
Moved to Virus, trojan etc logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 PM

Posted 17 January 2015 - 10:35 AM

Greetings reglas and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 reglas

reglas
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 17 January 2015 - 04:35 PM

Hi, Gary,
 
Thank you for your time. You can call me Kristina.
 
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Pocitac (administrator) on POCITAC-PC on 17-01-2015 22:13:24
Running from C:\Users\Pocitac\Desktop
Loaded Profiles: Pocitac (Available profiles: Pocitac)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1417933193-3588393809-776322925-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (Dokumenty Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Disk Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Hľadať v Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Tabuľky Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (Peňaženka Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-17 22:09 - 2015-01-17 22:09 - 00015166 _____ () C:\Users\Pocitac\Desktop\Addition.txt
2015-01-17 22:08 - 2015-01-17 22:13 - 00008325 _____ () C:\Users\Pocitac\Desktop\FRST.txt
2015-01-17 22:07 - 2015-01-17 22:13 - 00000000 ____D () C:\FRST
2015-01-17 22:05 - 2015-01-17 22:06 - 02125824 _____ (Farbar) C:\Users\Pocitac\Desktop\FRST64.exe
2015-01-16 21:31 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-16 21:31 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-16 21:31 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-16 21:31 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-16 21:31 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-16 21:31 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-16 21:31 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-16 21:31 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-16 21:31 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-16 21:31 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-16 21:31 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-16 21:31 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-16 21:31 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-16 21:31 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-16 21:31 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-16 21:31 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-16 21:31 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-16 21:31 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-16 21:31 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-16 21:31 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-16 21:31 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-16 21:31 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-16 21:31 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-16 21:31 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-16 21:31 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-16 21:31 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-16 21:31 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-16 21:31 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-16 21:31 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-16 21:31 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-16 21:31 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-16 21:31 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-16 21:31 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-16 21:31 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-16 21:31 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-16 21:31 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-16 21:31 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-16 21:31 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-16 21:31 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-16 21:31 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-16 21:31 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-16 21:31 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-16 21:31 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-16 21:31 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-16 21:31 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-16 21:31 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-16 21:31 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-16 21:31 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-16 21:31 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-16 21:31 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-16 21:31 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-16 21:31 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-16 21:31 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-16 21:31 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-16 21:31 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-16 21:31 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-16 21:29 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-16 21:29 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-16 21:29 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-16 21:29 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-16 21:18 - 2015-01-16 21:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 21:18 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 21:13 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-16 21:13 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-16 21:08 - 2015-01-16 21:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-16 21:05 - 2015-01-16 21:05 - 00000000 ____D () C:\Users\Pocitac\AppData\Roaming\Adobe
2015-01-16 20:47 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-01-16 20:43 - 2015-01-16 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-16 20:43 - 2015-01-16 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-16 20:43 - 2015-01-16 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-16 20:43 - 2015-01-16 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-16 20:43 - 2015-01-16 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-16 20:43 - 2015-01-16 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-16 20:43 - 2015-01-16 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-16 20:43 - 2015-01-16 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-16 20:43 - 2015-01-16 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-16 20:42 - 2015-01-16 20:42 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-01-16 20:42 - 2015-01-16 20:42 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-01-16 20:42 - 2015-01-16 20:42 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-01-16 20:42 - 2015-01-16 20:42 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-01-16 20:42 - 2015-01-16 20:42 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-01-16 20:42 - 2015-01-16 20:42 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-01-16 20:42 - 2015-01-16 20:42 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-01-16 20:42 - 2015-01-16 20:42 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-16 20:38 - 2015-01-16 20:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-16 20:37 - 2015-01-16 20:37 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-01-16 20:37 - 2015-01-16 20:37 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-01-16 20:35 - 2015-01-16 20:47 - 00016060 _____ () C:\Windows\IE11_main.log
2015-01-16 20:13 - 2012-03-01 07:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-01-16 20:13 - 2012-03-01 07:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-01-16 20:13 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-01-16 20:09 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-16 20:09 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-16 20:09 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-16 20:09 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-16 20:09 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-16 20:09 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-16 20:09 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-16 20:09 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-16 19:39 - 2015-01-16 19:39 - 00011304 _____ () C:\Users\Pocitac\Desktop\DDS1.txt
2015-01-16 19:39 - 2015-01-16 19:39 - 00002114 _____ () C:\Users\Pocitac\Desktop\Attach1.txt
2015-01-16 14:58 - 2015-01-16 14:58 - 00688992 ____R (Swearware) C:\Users\Pocitac\Downloads\dds.com
2015-01-16 14:45 - 2015-01-16 14:45 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d03192c031b53e
2015-01-16 14:45 - 2015-01-16 14:45 - 00002267 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 14:45 - 2015-01-16 14:45 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03192c031b53e.job
2015-01-16 14:45 - 2015-01-16 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 14:43 - 2015-01-16 14:45 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-16 14:43 - 2015-01-16 14:45 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 14:43 - 2015-01-16 14:45 - 00000000 ____D () C:\Users\Pocitac\AppData\Local\Google
2015-01-16 14:43 - 2015-01-16 14:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-16 14:32 - 2015-01-16 14:32 - 21033184 _____ (SUPERAntiSpyware) C:\Users\Pocitac\Downloads\SUPERAntiSpywarePro.exe
2015-01-16 14:15 - 2015-01-16 14:15 - 00000000 ____D () C:\Users\Pocitac\Downloads\avira_antivir_antirootkit_en
2015-01-16 13:58 - 2015-01-16 13:58 - 00291606 _____ () C:\Users\Pocitac\Downloads\TCPView.zip
2015-01-16 13:58 - 2015-01-16 13:58 - 00000000 ____D () C:\Users\Pocitac\Downloads\TCPView
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-16 13:15 - 2015-01-16 13:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-16 13:15 - 2015-01-16 13:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-16 13:15 - 2015-01-16 13:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-16 13:15 - 2015-01-16 13:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-16 13:15 - 2015-01-16 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-16 13:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-16 12:51 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-16 12:51 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-16 12:47 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 12:47 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-16 12:47 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-16 12:47 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-16 12:47 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-16 12:47 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-16 12:47 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-16 12:47 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-16 12:47 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-16 12:47 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-16 12:47 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-16 12:47 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-01-16 12:47 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-01-16 12:47 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-01-16 12:47 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-16 12:47 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-01-16 12:47 - 2011-02-05 18:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-01-16 12:47 - 2011-02-05 18:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2015-01-16 12:47 - 2011-02-05 18:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2015-01-16 12:47 - 2011-02-05 18:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2015-01-16 12:47 - 2011-02-05 18:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-01-16 12:47 - 2011-02-05 18:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-01-16 12:47 - 2011-02-05 18:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-01-16 12:46 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 12:46 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-01-16 12:46 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-01-16 12:46 - 2011-06-15 11:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2015-01-16 12:46 - 2011-06-15 11:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2015-01-16 12:46 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2015-01-16 12:46 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2015-01-16 12:46 - 2011-06-15 09:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2015-01-16 12:46 - 2011-06-15 09:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2015-01-16 12:46 - 2011-06-15 09:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2015-01-16 12:46 - 2011-06-15 09:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2015-01-16 12:46 - 2011-06-15 09:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2015-01-16 12:45 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-16 12:45 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-16 12:45 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-01-16 12:45 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-01-16 12:45 - 2011-10-26 06:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-01-16 12:45 - 2011-10-26 06:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-16 12:45 - 2011-10-26 05:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-01-16 12:45 - 2011-10-26 05:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-16 12:45 - 2010-12-23 11:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-01-16 12:45 - 2010-12-23 11:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-01-16 12:45 - 2010-12-23 11:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-01-16 12:45 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2015-01-16 12:45 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2015-01-16 12:45 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2015-01-16 12:44 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 12:44 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-16 12:44 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-16 12:44 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-16 12:44 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-16 12:44 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-16 12:44 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-16 12:44 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-16 12:44 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-01-16 12:44 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-16 12:44 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-01-16 12:44 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-16 12:44 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-16 12:44 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-01-16 12:44 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-01-16 12:44 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-01-16 12:44 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-16 12:44 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-16 12:44 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-01-16 12:44 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-01-16 12:44 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-01-16 12:44 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-01-16 12:44 - 2013-04-12 15:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-01-16 12:44 - 2011-11-17 07:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-01-16 12:44 - 2011-11-17 06:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-01-16 12:44 - 2011-07-09 03:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-01-16 12:44 - 2011-04-27 03:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-01-16 12:44 - 2011-04-27 03:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-01-16 12:43 - 2015-01-16 13:12 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Pocitac\Downloads\spybot-2.4.exe
2015-01-16 12:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 12:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 12:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-16 12:43 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-16 12:43 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-01-16 12:43 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-01-16 12:43 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-01-16 12:43 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-16 12:43 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-16 12:42 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-01-16 12:42 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-01-16 12:42 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-01-16 12:42 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-01-16 12:42 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-01-16 12:42 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-01-16 12:42 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-01-16 12:42 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-01-16 12:42 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-01-16 12:42 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-01-16 12:42 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-01-16 12:42 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-01-16 12:42 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-01-16 12:42 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-01-16 12:42 - 2011-03-11 07:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-01-16 12:42 - 2011-03-11 07:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-01-16 12:42 - 2011-03-11 06:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-01-16 12:42 - 2011-03-11 06:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-01-16 12:41 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-16 12:41 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-16 12:41 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-16 12:41 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-16 12:41 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-16 12:41 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-01-16 12:41 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-16 12:41 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-01-16 12:41 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-01-16 12:41 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-16 12:41 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-01-16 12:41 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-16 12:41 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-01-16 12:40 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-16 12:40 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-16 12:40 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-16 12:40 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-16 12:40 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-16 12:40 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-16 12:40 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-16 12:40 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-16 12:40 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-01-16 12:40 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-01-16 12:40 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-01-16 12:40 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-01-16 12:40 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-01-16 12:40 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-01-16 12:40 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-01-16 12:40 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-01-16 12:40 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-01-16 12:40 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-01-16 12:40 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-01-16 12:40 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-01-16 12:40 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-01-16 12:40 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-01-16 12:40 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-01-16 12:40 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-01-16 12:40 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-01-16 12:40 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-01-16 12:40 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-01-16 12:40 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-01-16 12:40 - 2013-02-12 05:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-01-16 12:40 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-01-16 12:40 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-01-16 12:40 - 2012-11-28 23:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-01-16 12:40 - 2012-11-02 06:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-01-16 12:40 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-01-16 12:40 - 2011-03-03 07:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-01-16 12:40 - 2011-03-03 07:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-01-16 12:40 - 2011-03-03 07:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2015-01-16 12:40 - 2011-03-03 06:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-01-16 12:40 - 2011-03-03 06:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2015-01-16 12:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-16 12:39 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-16 12:39 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-16 12:39 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-01-16 12:39 - 2011-08-17 06:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2015-01-16 12:39 - 2011-08-17 06:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2015-01-16 12:39 - 2011-08-17 05:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2015-01-16 12:39 - 2011-08-17 05:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2015-01-16 12:39 - 2011-04-29 04:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-01-16 12:39 - 2011-04-29 04:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-01-16 12:39 - 2011-04-29 04:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-01-16 12:39 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-01-16 12:38 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-16 12:38 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-16 12:38 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-16 12:38 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-16 12:38 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-16 12:38 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-16 12:38 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-16 12:38 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-16 12:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-16 12:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-16 12:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-16 12:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-16 12:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-16 12:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-16 12:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-16 12:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-16 12:38 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-16 12:38 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-16 12:38 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-01-16 12:38 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-01-16 12:38 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-01-16 12:38 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-01-16 12:38 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-01-16 12:38 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-16 12:38 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-01-16 12:38 - 2012-11-23 04:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-01-16 12:38 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2015-01-16 12:38 - 2012-09-25 23:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-01-16 12:38 - 2012-03-17 08:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-01-16 12:37 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 12:37 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 12:37 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 12:37 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 12:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 12:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 12:37 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 12:37 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-16 12:37 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-16 12:37 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-16 12:37 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-16 12:37 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-16 12:37 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-16 12:37 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-16 12:37 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-16 12:37 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-16 12:37 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-16 12:37 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-16 12:37 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-16 12:37 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-16 12:37 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-16 12:37 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-16 12:37 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-16 12:37 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-16 12:37 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-16 12:37 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-16 12:37 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-16 12:37 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-16 12:37 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-16 12:37 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-01-16 12:37 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-16 12:37 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-16 12:37 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-01-16 12:37 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-01-16 12:37 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-01-16 12:37 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-01-16 12:37 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-16 12:37 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-16 12:37 - 2013-02-15 07:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-16 12:37 - 2013-02-15 07:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-01-16 12:37 - 2013-02-15 04:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-16 12:37 - 2012-04-26 06:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-01-16 12:37 - 2012-04-26 06:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-01-16 12:37 - 2011-05-24 12:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-01-16 12:37 - 2011-05-24 11:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2015-01-16 12:37 - 2011-05-24 11:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2015-01-16 12:37 - 2011-05-24 11:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2015-01-16 12:37 - 2011-05-24 11:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-01-16 12:36 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-16 12:36 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-16 12:36 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-01-16 12:36 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-01-16 12:36 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-01-16 12:36 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-01-16 12:36 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-01-16 12:36 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-01-16 12:36 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-01-16 12:36 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-01-16 12:36 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-01-16 12:36 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-01-16 12:36 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-01-16 12:36 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-01-16 12:36 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-01-16 12:36 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-01-16 12:36 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-01-16 12:36 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-01-16 12:36 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-01-16 12:36 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-01-16 12:36 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-01-16 12:36 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-01-16 12:36 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-01-16 12:36 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-01-16 12:36 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-01-16 12:36 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-01-16 12:36 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-01-16 12:36 - 2012-07-04 23:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-01-16 12:36 - 2012-07-04 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-01-16 12:36 - 2012-07-04 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-01-16 12:36 - 2012-07-04 22:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2015-01-16 12:36 - 2012-07-04 22:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2015-01-16 12:36 - 2011-12-16 09:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-01-16 12:36 - 2011-12-16 08:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2015-01-16 12:36 - 2011-05-03 06:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-01-16 12:36 - 2011-05-03 05:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-01-16 12:36 - 2011-02-12 12:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2015-01-16 12:35 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-16 12:35 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-16 12:35 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-16 12:35 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-16 12:35 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-01-16 12:35 - 2012-06-06 07:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-01-16 12:35 - 2012-06-06 06:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2015-01-16 12:35 - 2012-05-14 06:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-16 12:35 - 2011-10-15 07:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-01-16 12:35 - 2011-10-15 06:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2015-01-16 12:35 - 2011-08-27 06:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2015-01-16 12:35 - 2011-08-27 05:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2015-01-16 12:35 - 2011-02-23 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-01-16 12:17 - 2015-01-16 12:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pocitac\Downloads\HijackThis.exe
2015-01-16 12:15 - 2015-01-16 12:15 - 00000000 ____D () C:\Users\Pocitac\AppData\Roaming\ESET
2015-01-16 12:15 - 2015-01-16 12:15 - 00000000 ____D () C:\Users\Pocitac\AppData\Local\ESET
2015-01-16 12:14 - 2015-01-16 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-01-16 12:14 - 2015-01-16 12:14 - 00000000 ____D () C:\ProgramData\ESET
2015-01-16 12:14 - 2015-01-16 12:14 - 00000000 ____D () C:\Program Files\ESET
2015-01-16 12:10 - 2015-01-16 12:10 - 01660616 _____ (ESET) C:\Users\Pocitac\Downloads\eset_smart_security_live_installer_.exe
2015-01-16 00:20 - 2015-01-16 01:21 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2015-01-15 22:42 - 2015-01-15 22:42 - 00057560 _____ () C:\Users\Pocitac\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 22:41 - 2015-01-15 22:41 - 00316571 _____ () C:\Users\Pocitac\Downloads\ISOburn_Installer.exe
2015-01-15 22:41 - 2015-01-15 22:41 - 00001859 _____ () C:\Users\Public\Desktop\ISOburn.lnk
2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISOburn
2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files (x86)\ISOburn
2015-01-15 22:30 - 2015-01-15 22:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-15 21:56 - 2015-01-15 21:56 - 313886720 _____ () C:\Users\Pocitac\Downloads\kav_rescue_10.iso
2015-01-15 21:49 - 2015-01-15 21:49 - 201527352 _____ (Kaspersky Lab) C:\Users\Pocitac\Downloads\kav15.0.1.415en.exe
2015-01-15 21:25 - 2012-02-17 07:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-01-15 21:25 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-01-15 21:25 - 2012-02-17 05:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-01-15 21:22 - 2015-01-17 22:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 21:22 - 2015-01-15 21:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-15 21:22 - 2015-01-15 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-15 21:22 - 2015-01-15 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 21:22 - 2015-01-15 21:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-15 21:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-15 21:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 21:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 21:17 - 2015-01-15 21:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2015-01-15 21:17 - 2015-01-15 21:17 - 00000000 ____D () C:\Temp
2015-01-15 21:17 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-15 21:17 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-15 21:17 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-15 21:17 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-15 21:17 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-15 21:17 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-15 21:17 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-15 21:17 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-15 21:17 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-15 21:17 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-15 21:17 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-15 21:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-15 21:17 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-15 21:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-15 21:17 - 2013-04-26 03:24 - 00786416 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2015-01-15 21:17 - 2013-04-26 03:24 - 00368112 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2015-01-15 21:17 - 2013-04-26 03:24 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\ProgramData\Intel
2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\Program Files\Intel
2015-01-15 21:16 - 2013-03-12 13:19 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2015-01-15 21:15 - 2015-01-15 21:16 - 00000086 _____ () C:\Windows\MEI.log
2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\Users\Pocitac\AppData\Roaming\InstallShield
2015-01-15 21:15 - 2013-03-12 13:19 - 00064624 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2015-01-15 21:14 - 2015-01-15 21:15 - 00000189 _____ () C:\Windows\LAN.log
2015-01-15 21:14 - 2012-12-26 18:26 - 00805088 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-15 21:14 - 2012-12-26 18:26 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-01-15 21:14 - 2012-12-26 18:26 - 00074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-15 21:13 - 2015-01-15 21:13 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-15 21:13 - 2015-01-15 21:13 - 00000000 ____D () C:\Program Files\Realtek
2015-01-15 21:12 - 2015-01-15 21:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-15 21:12 - 2015-01-15 21:14 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-15 21:12 - 2015-01-15 21:13 - 00002217 _____ () C:\RHDSetup.log
2015-01-15 21:12 - 2015-01-15 21:13 - 00000206 _____ () C:\Windows\audio.log
2015-01-15 21:12 - 2015-01-15 21:13 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-15 21:12 - 2012-11-20 12:58 - 00378949 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-15 21:12 - 2012-11-20 12:13 - 04213904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-15 21:12 - 2012-11-20 10:32 - 00118928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-15 21:12 - 2012-11-20 10:27 - 10619904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-01-15 21:12 - 2012-11-19 11:18 - 02714720 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-15 21:12 - 2012-11-13 11:56 - 03673232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-01-15 21:12 - 2012-10-23 09:03 - 09546616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-01-15 21:12 - 2012-10-23 09:03 - 02080120 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-01-15 21:12 - 2012-10-22 12:48 - 01269904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-15 21:12 - 2012-10-03 10:56 - 00772224 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-01-15 21:12 - 2012-10-02 07:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-01-15 21:12 - 2012-10-02 07:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-01-15 21:12 - 2012-10-02 07:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-01-15 21:12 - 2012-09-20 15:44 - 01460600 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-01-15 21:12 - 2012-09-19 17:59 - 00869752 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-15 21:12 - 2012-09-12 02:51 - 02743440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-15 21:12 - 2012-09-09 07:34 - 02028920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-15 21:12 - 2012-08-31 12:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-01-15 21:12 - 2012-08-31 12:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-01-15 21:12 - 2012-08-31 12:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-01-15 21:12 - 2012-08-31 12:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-01-15 21:12 - 2012-08-31 12:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-01-15 21:12 - 2012-08-21 07:51 - 00881808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-15 21:12 - 2012-08-13 11:06 - 01561744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-15 21:12 - 2012-08-03 11:18 - 01706640 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-15 21:12 - 2012-07-15 14:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-01-15 21:12 - 2012-07-15 14:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-01-15 21:12 - 2012-06-20 10:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-15 21:12 - 2012-03-08 04:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-15 21:12 - 2012-03-08 04:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-15 21:12 - 2012-01-30 04:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-01-15 21:12 - 2012-01-10 03:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-01-15 21:12 - 2011-12-20 08:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-15 21:12 - 2011-11-22 09:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-15 21:12 - 2011-09-02 07:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-01-15 21:12 - 2011-09-02 07:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-01-15 21:12 - 2011-09-02 07:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-01-15 21:12 - 2011-08-23 10:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-01-15 21:12 - 2011-05-31 02:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-01-15 21:12 - 2011-03-17 05:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-01-15 21:12 - 2011-03-07 10:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-01-15 21:12 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-15 21:12 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-15 21:12 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-15 21:12 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-15 21:12 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-15 21:12 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-15 21:12 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-15 21:12 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-15 21:12 - 2010-07-22 09:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-01-15 21:12 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-15 21:12 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-15 21:12 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-15 21:12 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-15 21:11 - 2015-01-15 21:17 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-15 21:11 - 2015-01-15 21:11 - 00000000 ____D () C:\Intel
2015-01-15 21:11 - 2013-01-28 05:36 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\Windows\AsusInstAll
2015-01-15 21:08 - 2011-02-25 07:25 - 00296320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-01-15 21:07 - 2015-01-15 21:18 - 00056143 _____ () C:\Windows\Ascd_log.ini
2015-01-15 21:07 - 2015-01-15 21:07 - 00000000 ____H () C:\Windows\system32\Drivers\MsftWdf_user_01_11_00.Wdf
2015-01-15 21:07 - 2015-01-15 21:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
2015-01-15 21:07 - 2015-01-15 21:07 - 00000000 _____ () C:\Windows\Ascd_err.ini
2015-01-15 21:07 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-01-15 21:07 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-01-15 21:07 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-01-15 21:07 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-01-15 21:07 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-01-15 21:07 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-01-15 21:07 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-01-15 21:07 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-01-15 21:06 - 2015-01-15 21:07 - 00040011 _____ () C:\Windows\Ascd_tmp.ini
2015-01-15 21:06 - 2015-01-15 21:07 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-01-15 21:06 - 2015-01-15 21:06 - 00001769 _____ () C:\Windows\Language_trs.ini
2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\Program Files\ASUS
2015-01-15 21:06 - 2012-08-21 19:54 - 00015232 ____R () C:\Windows\SysWOW64\Drivers\AsIO.sys
2015-01-15 21:06 - 2012-08-17 03:57 - 02356592 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll
2015-01-15 21:06 - 2010-06-28 17:41 - 00028672 ____R (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2015-01-15 21:03 - 2015-01-16 21:05 - 00001413 _____ () C:\Users\Pocitac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-15 21:02 - 2015-01-17 22:01 - 01853432 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 21:02 - 2015-01-16 12:18 - 00000000 ____D () C:\Users\Pocitac\AppData\Local\VirtualStore
2015-01-15 21:02 - 2015-01-15 21:02 - 00000020 ___SH () C:\Users\Pocitac\ntuser.ini
2015-01-15 21:02 - 2015-01-15 21:02 - 00000000 __SHD () C:\Recovery
2015-01-15 21:02 - 2015-01-15 21:02 - 00000000 ____D () C:\Users\Pocitac
2015-01-15 21:02 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Pocitac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-15 21:02 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Pocitac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-15 20:58 - 2015-01-15 20:58 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-01-15 20:58 - 2015-01-15 20:58 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-01-15 20:57 - 2015-01-15 20:57 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-15 20:54 - 2015-01-15 21:02 - 00000000 ____D () C:\Windows\Panther
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-17 22:08 - 2009-07-14 06:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 22:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 22:02 - 2009-07-14 05:51 - 00027357 _____ () C:\Windows\setupact.log
2015-01-17 22:02 - 2009-07-14 05:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 22:02 - 2009-07-14 05:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-01-17 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-01-17 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-16 22:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-16 21:01 - 2009-07-14 05:45 - 00265944 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-16 20:58 - 2011-04-12 14:41 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-16 20:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-16 20:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-16 20:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-16 20:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-16 20:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-16 20:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-16 20:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-16 20:57 - 2010-11-21 04:47 - 00005856 _____ () C:\Windows\PFRO.log
2015-01-15 22:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-15 21:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-15 21:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-15 20:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-15 20:58 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-15 20:57 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-15 20:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-15 20:54 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-15 20:54 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Pocitac\AppData\Local\Temp\_isC64A.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-15 22:03
 
==================== End Of Log ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Pocitac at 2015-01-17 22:13:37
Running from C:\Users\Pocitac\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personálny Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ESET Smart Security (HKLM\...\{DB0164C1-CA70-4F4E-9B62-CD06DF7A8D2E}) (Version: 8.0.304.1 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
ISOburn (HKLM-x32\...\ISOburn) (Version:  - )
Malwarebytes Anti-Malware verzia 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-01-2015 21:08:13 Windows Update
15-01-2015 21:14:25 Nainštalované Realtek Ethernet Controller Driver
15-01-2015 21:17:03 Windows Update
15-01-2015 21:25:27 Windows Update
16-01-2015 20:08:50 Windows Update
16-01-2015 21:18:24 Windows Update
16-01-2015 22:23:03 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0365745D-1CE6-481F-8EAE-E3FC2180C762} - \SUPERAntiSpyware Scheduled Task 21e476c5-8f59-46fa-b191-931b874252ab No Task File <==== ATTENTION
Task: {1984C11B-8297-438E-B3B8-FB8277F86E2F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {575EF8B1-7E23-4185-8CAD-1A0329F292CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {8BC0F2E7-49E5-48BC-BF54-A10666E543FD} - System32\Tasks\GoogleUpdateTaskMachineCore1d03192c031b53e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {A2F96C7B-A78F-4D43-9EC3-01D7DB7B69FE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {BD52B3FE-754E-408F-B383-66E3CAB00C62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03192c031b53e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-15 21:07 - 2012-10-29 08:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2015-01-15 21:07 - 2015-01-17 22:02 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2015-01-15 21:07 - 2012-05-07 17:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2015-01-16 13:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-16 13:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-16 13:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-16 13:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-16 13:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-15 21:15 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1417933193-3588393809-776322925-500 - Administrator - Disabled)
Guest (S-1-5-21-1417933193-3588393809-776322925-501 - Limited - Disabled)
Pocitac (S-1-5-21-1417933193-3588393809-776322925-1000 - Administrator - Enabled) => C:\Users\Pocitac
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/17/2015 10:08:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (01/17/2015 10:08:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (01/17/2015 10:02:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/17/2015 10:00:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/16/2015 09:29:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (01/16/2015 09:29:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (01/16/2015 09:22:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/16/2015 09:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (01/16/2015 09:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (01/16/2015 09:08:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/17/2015 10:01:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Windows Update bola ukončená s nasledujúcou chybou: 
%%-2147467243
 
Error: (01/16/2015 09:04:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Windows Modules Installer bola ukončená s nasledujúcou chybou: 
%%16405
 
Error: (01/16/2015 09:00:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Print Spooler zlyhalo kvôli nasledujúcej chybe: 
%%1069
 
Error: (01/16/2015 09:00:14 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Službe Spooler sa nepodarilo s aktuálne nakonfigurovaným heslom prihlásiť ako NT AUTHORITY\SYSTEM kvôli nasledujúcej chybe: 
%%50
 
Ak chcete zabezpečiť správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft Management Console).
 
Error: (01/16/2015 09:00:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Windows Update bola ukončená s nasledujúcou chybou: 
%%-2147467243
 
Error: (01/16/2015 09:00:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Google Update (gupdate) sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
 
Error: (01/16/2015 09:00:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel® Management and Security Application Local Management Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
 
Error: (01/16/2015 09:00:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel® Dynamic Application Loader Host Interface Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
 
Error: (01/16/2015 09:00:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MBAMService sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
 
Error: (01/16/2015 09:00:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MBAMScheduler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2015 10:08:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000
 
Error: (01/17/2015 10:08:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000
 
Error: (01/17/2015 10:02:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/17/2015 10:00:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/16/2015 09:29:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000
 
Error: (01/16/2015 09:29:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000
 
Error: (01/16/2015 09:22:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/16/2015 09:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000
 
Error: (01/16/2015 09:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000
 
Error: (01/16/2015 09:08:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8130.23 MB
Available physical RAM: 6412.73 MB
Total Pagefile: 16258.64 MB
Available Pagefile: 14535.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:899.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 335B35AD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
______________
 
By the way, few hours ago I ran Kaspersky Rescue Disc & SpybotS&D on the other computer and it was completely clean. 
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 PM

Posted 17 January 2015 - 05:11 PM

Hi Kristina and welcome to our family! :)
 

Today I heard that MB may not be the perfect choice, because it acts kind of like an antivirus too and can interfere with other antivirus software. Can you explain, please?

You can have both, see here.
 

*One question regarding resetting UEFI - will I be able to install Windows with the same license key? Afaik, the serial key is stored right here, so I'm worried it might not recognize my PC.

You shouldn't have an issue. I think you have already done a reinstall of the operating system without and problems, correct?

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Pocitac\AppData\Local\Temp\_isC64A.exe
Task: {0365745D-1CE6-481F-8EAE-E3FC2180C762} - \SUPERAntiSpyware Scheduled Task 21e476c5-8f59-46fa-b191-931b874252ab No Task File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 reglas

reglas
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 17 January 2015 - 06:37 PM

 

You shouldn't have an issue. I think you have already done a reinstall of the operating system without and problems, correct?

 

 

Yep, thanks for the tip. :)
 
As you requested:
 
FRST Fixlog
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by Pocitac at 2015-01-18 00:20:25 Run:1
Running from C:\Users\Pocitac\Desktop
Loaded Profiles: Pocitac (Available profiles: Pocitac)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Pocitac\AppData\Local\Temp\_isC64A.exe
Task: {0365745D-1CE6-481F-8EAE-E3FC2180C762} - \SUPERAntiSpyware Scheduled Task 21e476c5-8f59-46fa-b191-931b874252ab No Task File <==== ATTENTION
*****************
 
C:\Users\Pocitac\AppData\Local\Temp\_isC64A.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0365745D-1CE6-481F-8EAE-E3FC2180C762}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0365745D-1CE6-481F-8EAE-E3FC2180C762}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 21e476c5-8f59-46fa-b191-931b874252ab" => Key deleted successfully.
 
==== End of Fixlog 00:20:25 ====
 
 
RogueKiller log
 
RogueKiller V10.1.2.0 [Jan  7 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Pocitac [Administrator]
Mode : Scan -- Date : 01/18/2015  00:25:59
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 61d0ba1190fefaafc20988ac70127d9a
[BSP] 688ecb65e646bdd35accab8695597882 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
//Oops, I didn't use "Reply to this topic" button. Sorry, I will definitely use it next time, hehe.

Edited by reglas, 17 January 2015 - 06:44 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 PM

Posted 17 January 2015 - 08:41 PM

Greetings Kristina,

I have confirmed the Malwarebytes warning is a false positive. Please click Exclude Website and you shouldn't get the warning anymore.

Please run these for me.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log
  • Any current issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 reglas

reglas
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 17 January 2015 - 09:06 PM

Hi,

 

I did not use Emsisoft Emergency Kit Scan and screen317's Security Check yet.

 

I clicked "Exclude website" and opened the browser. This link popped up (nothing loaded, it is blank).

 

qJCktsk.jpg

 

Also, I noticed "DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)] " in the RogueKiller log I posted. I'm not sure what it means, but if that is supposed to be my location, I am not from Ukraine. 

 

How should I continue, please? I am going to bed now, but I will check the forum first thing tomorrow. 

 

Thank you for your patience.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 PM

Posted 17 January 2015 - 09:26 PM

Hi Kristina,

I was going to ask you about the IP address but I saw some foreign language entries that seemed legitimate leading me to believe the IP address was valid.

Please do this.

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • For Vista/7 users right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Allow the Prescan to finish
  • Click Scan
  • When the Status box shows Scan Finished place a checkmark in the following and select Delete

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)] -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller report
  • Any change?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 reglas

reglas
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 18 January 2015 - 06:14 AM

I was going to ask you about the IP address but I saw some foreign language entries that seemed legitimate leading me to believe the IP address was valid.

 

 

 
Hi, Gary,
 
I thought you might misinterpret that after the first RogueKiller scan. I should have told you sooner, sorry.
 
I ran the scan, deleted the 6 DhcpNameServer items, but the pop-ups did not got away.
 
 
RogueKiller Deletions
 
RogueKiller V10.1.2.0 [Jan  7 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Pocitac [Administrator]
Mode : Delete -- Date : 01/18/2015  12:08:17
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BEADBE70-9F15-4D05-89E5-97D3033DAFD2} | DhcpNameServer : 91.212.124.159 8.8.8.8 [UKRAINE (UA)]  -> Replaced ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 61d0ba1190fefaafc20988ac70127d9a
[BSP] 688ecb65e646bdd35accab8695597882 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_01182015_002559.log - RKreport_SCN_01182015_120724.log


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 PM

Posted 18 January 2015 - 09:57 AM

Greetings Kristina,

Well it was really my fault. I deleted the question about Ukraine just before I posted my reply :( .

I guess I should not assume anything so let me ask you if this language looks odd to you:

Error: (01/16/2015 09:00:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MBAMScheduler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.


Please do these things now.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniToolBox log
  • Combofix log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 reglas

reglas
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 18 January 2015 - 11:35 AM

Hi, Gary,
 

Well it was really my fault. I deleted the question about Ukraine just before I posted my reply  :( .

 

 
funny, I deleted the note about Ukraine just before I posted my reply, too. :)
 

I guess I should not assume anything so let me ask you if this language looks odd to you:

 

 
It is ok, that's slovak (I am from Slovakia). 
 
 
MiniToolBox log
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by Pocitac (administrator) on 18-01-2015 at 16:19:32
Running from "C:\Users\Pocitac\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Lokálne pripojenie (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Pocitac-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Lok�lne pripojenie:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D8-50-E6-DA-37-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2148:2ad6:481e:802f%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 18. janu�ra 2015 15:52:35
   Lease Expires . . . . . . . . . . : 21. janu�ra 2015 15:52:37
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 249057510
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-49-D8-20-D8-50-E6-DA-37-F9
   DNS Servers . . . . . . . . . . . : 91.212.124.159
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{BEADBE70-9F15-4D05-89E5-97D3033DAFD2}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2463:30e9:3f57:fe9a(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2463:30e9:3f57:fe9a%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  91.212.124.159
 
 
Pinging google.com [74.125.195.101] with 32 bytes of data:
Reply from 74.125.195.101: bytes=32 time=49ms TTL=45
Reply from 74.125.195.101: bytes=32 time=49ms TTL=45
 
Ping statistics for 74.125.195.101:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 49ms, Maximum = 49ms, Average = 49ms
Server:  UnKnown
Address:  91.212.124.159
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=212ms TTL=45
Reply from 206.190.36.45: bytes=32 time=213ms TTL=45
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 212ms, Maximum = 213ms, Average = 212ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...d8 50 e6 da 37 f9 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    276
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:90d7:2463:30e9:3f57:fe9a/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 11    276 fe80::2148:2ad6:481e:802f/128
                                    On-link
 13    306 fe80::2463:30e9:3f57:fe9a/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
**** End of log ****
 
 
NOTE 1
I just thought I'd let you know - right after MiniToolBox scan started, as you can see from the picture, I got this pop-up with SysWOW64\nslookup.exe directory.
 
vynyisf.jpg
 
This one without process description popped up too.
 
DMB2Q53.jpg
 
I saw both of them two times I think. After that it was only svchost.exe again. 
 
NOTE 2
Moving on to ComboFix: I disabled ESET and MalwareBytes, opened ComboFix, but before the scan started a warning popped up, that SpybotS&D is still running. I forgot it was installed so I tried to disable it, but after a while of trying I uninstalled it and had to restart computer after it. Why I uninstalled it - I didn't find the right guide for SpybotS&D from the link you posted in section "How to temporarily disable your anti-malware scanner", so after a while of trying I decided to uninstall it and had to restart afterwards. I know I am not supposed to do anything except the steps you provide. Sorry, I hope there are no unwanted consequences.
 
NOTE 3 
After the restart, I disabled ESET (I disabled the launch of MalwareBytes at start-up, so I didn't have to redo that) and ran ComboFix. It extracted its components, backed up registry files and right after that a window from ESET popped up asking, whether I really want to quit ESET. I checked it before opening ComboFix and t was acting like it was disabled, so I didn't click on anything, because ComboFix scan started right after the registry backup. So I let it there, while ComboFix was scanning the PC. It finished without any problems and after scan I just hit X (it was not running).
 
 
 
ComboFix log
 
ComboFix 15-01-18.01 - Pocitac . 01. 2015  16:57:50.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.421.1051.18.8130.6672 [GMT 1:00]
Running from: c:\users\Pocitac\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personálny Firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-18 to 2015-01-18  )))))))))))))))))))))))))))))))
.
.
2015-01-18 16:00 . 2015-01-18 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-17 23:23 . 2015-01-18 11:05 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-17 23:23 . 2015-01-17 23:23 -------- d-----w- c:\programdata\RogueKiller
2015-01-17 21:07 . 2015-01-17 23:20 -------- d-----w- C:\FRST
2015-01-16 20:29 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-01-16 20:29 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-01-16 20:29 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-01-16 20:29 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2015-01-16 20:18 . 2015-01-16 20:20 -------- d-----w- c:\windows\system32\MRT
2015-01-16 20:13 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-16 20:13 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-16 19:58 . 2015-01-16 19:58 -------- d-----w- c:\windows\SysWow64\Wat
2015-01-16 19:58 . 2015-01-16 19:58 -------- d-----w- c:\windows\system32\Wat
2015-01-16 19:47 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-01-16 19:42 . 2015-01-16 19:42 859648 ----a-w- c:\windows\system32\tdh.dll
2015-01-16 19:42 . 2015-01-16 19:42 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-01-16 19:42 . 2015-01-16 19:42 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-01-16 19:42 . 2015-01-16 19:42 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-01-16 19:42 . 2015-01-16 19:42 1732032 ----a-w- c:\windows\system32\ntdll.dll
2015-01-16 19:42 . 2015-01-16 19:42 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-01-16 19:42 . 2015-01-16 19:42 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-01-16 19:42 . 2015-01-16 19:42 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-01-16 19:37 . 2015-01-16 19:37 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-01-16 19:37 . 2015-01-16 19:37 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-01-16 19:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-01-16 19:13 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-01-16 19:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-01-16 19:09 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-01-16 19:09 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-01-16 19:09 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-01-16 19:09 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-01-16 19:09 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-01-16 19:09 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-01-16 19:09 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-01-16 19:09 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-01-16 14:16 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46943CF7-9EDE-4C9A-ABAB-11057FDF29D4}\mpengine.dll
2015-01-16 13:43 . 2015-01-16 13:45 -------- d-----w- c:\program files (x86)\Google
2015-01-16 12:15 . 2015-01-18 15:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-01-16 12:15 . 2015-01-18 15:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-01-16 11:51 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-01-16 11:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-01-16 11:46 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-16 11:45 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2015-01-16 11:44 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-01-16 11:43 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-16 11:43 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-16 11:43 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-16 11:43 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2015-01-16 11:43 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2015-01-16 11:43 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2015-01-16 11:43 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-01-16 11:43 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-01-16 11:43 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-01-16 11:41 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-01-16 11:41 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-01-16 11:41 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-01-16 11:41 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-01-16 11:41 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-01-16 11:41 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-01-16 11:41 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-01-16 11:41 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-01-16 11:41 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-01-16 11:41 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2015-01-16 11:41 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2015-01-16 11:41 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-01-16 11:41 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-01-16 11:39 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2015-01-16 11:39 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2015-01-16 11:39 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-01-16 11:39 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-01-16 11:39 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-01-16 11:39 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-01-16 11:39 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2015-01-16 11:39 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2015-01-16 11:39 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2015-01-16 11:39 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2015-01-16 11:39 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2015-01-16 11:39 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2015-01-16 11:37 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-16 11:36 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2015-01-16 11:35 . 2013-07-04 12:18 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-16 11:14 . 2015-01-16 11:14 -------- d-----w- c:\program files\ESET
2015-01-15 23:20 . 2015-01-16 00:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2015-01-15 21:41 . 2015-01-15 21:41 -------- d-----w- c:\program files (x86)\ISOburn
2015-01-15 21:30 . 2015-01-15 21:32 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-01-15 20:25 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2015-01-15 20:25 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2015-01-15 20:25 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2015-01-15 20:22 . 2015-01-18 14:56 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-15 20:22 . 2015-01-15 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-15 20:22 . 2015-01-15 20:22 -------- d-----w- c:\programdata\Malwarebytes
2015-01-15 20:22 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-15 20:22 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-15 20:22 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-15 20:16 . 2013-03-12 12:19 16344 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2015-01-15 20:16 . 2015-01-15 20:16 -------- d-----w- c:\programdata\Intel
2015-01-15 20:16 . 2015-01-15 20:16 -------- d-----w- c:\program files\Intel
2015-01-15 20:15 . 2015-01-16 13:45 -------- d-sh--w- c:\windows\Installer
2015-01-15 20:15 . 2015-01-15 20:15 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2015-01-15 20:15 . 2013-03-12 12:19 64624 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2015-01-15 20:14 . 2012-12-26 17:26 805088 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2015-01-15 20:14 . 2012-12-26 17:26 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-01-15 20:14 . 2012-12-26 17:26 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2015-01-15 20:13 . 2015-01-15 20:13 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-01-15 20:13 . 2015-01-15 20:13 -------- d-----w- c:\program files\Realtek
2015-01-15 20:11 . 2015-01-15 20:17 -------- d-----w- c:\program files (x86)\Intel
2015-01-15 20:11 . 2013-01-28 04:36 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2015-01-15 20:11 . 2015-01-15 20:11 -------- d-----w- C:\Intel
2015-01-15 20:08 . 2015-01-15 20:08 -------- d-----w- c:\windows\AsusInstAll
2015-01-15 20:08 . 2011-02-25 06:25 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2015-01-15 20:07 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2015-01-15 20:07 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2015-01-15 20:07 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2015-01-15 20:07 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2015-01-15 20:07 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2015-01-15 20:07 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2015-01-15 20:07 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2015-01-15 20:06 . 2015-01-15 20:06 -------- d-----w- c:\program files\ASUS
2015-01-15 20:06 . 2012-11-08 05:14 91648 ----a-w- c:\windows\system32\drivers\UMDF\ASMBSW.dll
2015-01-15 20:06 . 2012-08-17 02:57 2356592 ----a-w- c:\windows\system32\WudfUpdate_01011.dll
2015-01-15 20:06 . 2010-06-28 16:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
2015-01-15 20:06 . 2015-01-15 20:07 -------- d-----w- c:\program files (x86)\ASUS
2015-01-15 20:06 . 2012-08-21 18:54 15232 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2015-01-15 20:02 . 2015-01-15 20:02 -------- d-----w- c:\users\Pocitac
2015-01-15 20:02 . 2015-01-15 20:02 -------- d-----w- C:\Recovery
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-08 08:55 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S3 iusb3hub;Ovládač rozbočovača Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel® USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-16 13:45 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16 13:43]
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d03192c031b53e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 91.212.124.159 8.8.8.8
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-18  17:01:01
ComboFix-quarantined-files.txt  2015-01-18 16:01
.
Pre-Run: 965 981 519 872 bytes free
Post-Run: 965 499 564 032 bytes free
.
- - End Of File - - 4B0AEDD1F19F2F2401FB60C15D344D28
A36C5E4F47E84449FF07ED3517B43A31
 
 
________________
 
By the way, I am posting this reply right after ComboFix finished. I did not restart my PC (although I will turn it off now), nor did I re-enable ESET and MalwareBytes. I am using Google Chrome. I visited only this bookmarked thread and imgur. I didn't get any redirects so far.
 
Thank you for your time, Gary.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 PM

Posted 18 January 2015 - 02:52 PM

You do excellent work! :thumbsup2:

We still have some work to do even though you haven't seen a popup. This is the next step.

===================================================

Manually Setting DNS Server 7/Vista

--------------------
  • Click Start, then Control Panel
  • Click on Network and Sharing Center
  • Click Change Adapter Settings
  • Right click on the Local Area Connection then select Properties
  • Under This connection uses the following items: left click on Internet Protocol Version 4(TCP/IPv4)
  • Click Properties
  • Click Obtain DNS server address automatically:
  • Click the Alternate Configuration tab
  • Select Automatic private IP address
  • Click OK, close out all windows then reboot your computer
  • Check for pop ups or redirects.
  • Rerun MiniToolBox and post the results
  • If you have not done so already re-enable ESET and Malwarebytes
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to modify the DNS Server?
  • MiniToolBox results
  • Any popups?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 reglas

reglas
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 18 January 2015 - 04:00 PM

Hi again,
 
As for the manual setting of DNS, everything was set exactly as you told me to. So I just clicked "Use the following..." (those fields were blank as usual) and clicked right back at obtain automatically (probably unnecessary, but I guess it felt right).
 
After restart, ESET was enabled, MalwareBytes not yet. I tried to browse web (bleepingcomputer.com, microsoft.com, ign.com...) and nothing came up.
 
 
MiniToolBox log
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by Pocitac (administrator) on 18-01-2015 at 21:44:56
Running from "C:\Users\Pocitac\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Lokálne pripojenie (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Pocitac-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Lok�lne pripojenie:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D8-50-E6-DA-37-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2148:2ad6:481e:802f%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 18. janu�ra 2015 21:35:49
   Lease Expires . . . . . . . . . . : 21. janu�ra 2015 21:35:50
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 249057510
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-49-D8-20-D8-50-E6-DA-37-F9
   DNS Servers . . . . . . . . . . . : 91.212.124.159
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{BEADBE70-9F15-4D05-89E5-97D3033DAFD2}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1867:11dd:3f57:fe9a(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1867:11dd:3f57:fe9a%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  91.212.124.159
 
DNS request timed out.
    timeout was 2 seconds.
 
Pinging google.com [64.233.166.113] with 32 bytes of data:
Reply from 64.233.166.113: bytes=32 time=49ms TTL=43
Reply from 64.233.166.113: bytes=32 time=49ms TTL=43
 
Ping statistics for 64.233.166.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 49ms, Maximum = 49ms, Average = 49ms
Server:  UnKnown
Address:  91.212.124.159
 
DNS request timed out.
    timeout was 2 seconds.
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=141ms TTL=48
Reply from 98.139.183.24: bytes=32 time=149ms TTL=47
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 141ms, Maximum = 149ms, Average = 145ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...d8 50 e6 da 37 f9 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    276
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:5ef5:79fb:1867:11dd:3f57:fe9a/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::1867:11dd:3f57:fe9a/128
                                    On-link
 11    276 fe80::2148:2ad6:481e:802f/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
**** End of log ****
 
 
After MiniToolBox scan finished, I re-enabled MalwareBytes and opened Chrome. svchost.exe window was back.
A4trke4.jpg
 
It keeps popping up as usual as I am browsing the internet. I haven't seen any syndication.exoclick redirect pop-ups while browsing.
 
Thank you for your time and patience, Gary. :)

Edited by reglas, 18 January 2015 - 04:09 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 PM

Posted 18 January 2015 - 04:09 PM

Thanks,

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:regfind
*91.212.124.159*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 reglas

reglas
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 18 January 2015 - 04:39 PM

No luck there.
 
SystemLook log
 
SystemLook 30.07.11 by jpshortstuff
Log created at 22:37 on 18/01/2015 by Pocitac
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "*91.212.124.159*"
No data found.
 
-= EOF =-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users