Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JS:ScriptPE-inf [Trj] and URL:Mal Infections


  • This topic is locked This topic is locked
1 reply to this topic

#1 rogcald

rogcald

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 30 October 2015 - 06:40 AM

I'm running Avast and I'm starting to get these popups from the software letting me know that it has blocked a potential webpage or file.

 

The Object is typically some sort of URL (usually involving videos).

The Infection is showing as either "JS:ScriptPE-Inf [Trj]" or "URL:Mal".

The source is explorer.exe.

 

I've been running scans by Avast but it doesn't seem to be capturing anything. Let me know what can be done!

 

Also, sorry - I just realized I posted this topic twice. I kept running into an error when posting, so I tried again. Realizing now that the posts still made it online.

 

===============================================================================

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-10-2015

Ran by RC (administrator) on RC-PC (30-10-2015 01:52:48)

Running from C:\Users\RC\Downloads

Loaded Profiles: RC (Available Profiles: RC)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442200 2013-09-28] (Razer Inc.)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-17] (AVAST Software)

HKU\S-1-5-21-920096888-3981242042-2250737355-1000\...\Run: [GoogleChromeAutoLaunch_0DB748F44CE30955429A24AFFED333C9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)

HKU\S-1-5-21-920096888-3981242042-2250737355-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)

HKU\S-1-5-21-920096888-3981242042-2250737355-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\RC\AppData\Roaming\Microsoft\SystemResources\34ca6fc758cbaa05bb48.rs"

HKU\S-1-5-21-920096888-3981242042-2250737355-1000\...\Run: [Spotify Web Helper] => C:\Users\RC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-30] (Spotify Ltd)

HKU\S-1-5-21-920096888-3981242042-2250737355-1000\...\Run: [Spotify] => C:\Users\RC\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-30] (Spotify Ltd)

HKU\S-1-5-21-920096888-3981242042-2250737355-1000\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\RC\AppData\Roaming\Microsoft\SystemResources\34ca6fc758cbaa05bb48.rs"

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RC\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RC\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RC\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RC\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RC\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RC\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RC\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RC\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-17] (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{673AE3BF-6F26-4332-99C3-3F8187648CFA}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{71B70F20-639E-4E6C-BEED-A80978E478B4}: [DhcpNameServer] 209.18.47.61 209.18.47.62

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-920096888-3981242042-2250737355-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-920096888-3981242042-2250737355-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-17] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-17] (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

 

FireFox:

========

FF ProfilePath: C:\Users\RC\AppData\Roaming\Mozilla\Firefox\Profiles\g49m3itd.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-19] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-19] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-09-12] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-09-12] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)

FF Plugin HKU\S-1-5-21-920096888-3981242042-2250737355-1000: @citrixonline.com/appdetectorplugin -> C:\Users\RC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-10] (Citrix Online)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-17] [not signed]

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Entanglement Web App) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-22]

CHR Extension: (Google Docs) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]

CHR Extension: (Google Drive) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]

CHR Extension: (YouTube) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (Honey) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-10-30]

CHR Extension: (Spotify - Music for every moment) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-12-25]

CHR Extension: (Google Search) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]

CHR Extension: (H.265 / HEVC player) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dambgipgbnhmnkdolkljibpcbocimnpd [2015-07-10]

CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2014-12-25]

CHR Extension: (Chrome Remote Desktop) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-10-30]

CHR Extension: (Majora's Mask) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbonpnibofeikjpafmcclgbhbellmha [2015-04-27]

CHR Extension: (Google Docs Offline) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]

CHR Extension: (AdBlock) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-14]

CHR Extension: (Avast Online Security) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-17]

CHR Extension: (Really unexpected jihad) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikdnplleocicihlgeaijcmjhobapdmep [2015-06-29]

CHR Extension: (SoundCloud) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-07-03]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-14]

CHR Extension: (Google Hangouts) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-10-30]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-06]

CHR Extension: (Poppit!) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-09-07]

CHR Extension: (Boomerang for Gmail) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2015-03-21]

CHR Extension: (Sunrise Calendar) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-07-14]

CHR Extension: (WeatherBug) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-03-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-10-14]

CHR Extension: (Bastion) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2013-10-22]

CHR Extension: (Gmail) - C:\Users\RC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]

CHR HKU\S-1-5-21-920096888-3981242042-2250737355-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-17]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-17]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-17] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-17] (Avast Software)

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe [69448 2015-09-01] (Google Inc.)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-13] (Electronic Arts)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-17] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-17] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-17] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-17] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-17] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-17] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-17] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-17] (AVAST Software)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-17] (AVAST Software)

R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33464 2013-09-13] (Razer Inc)

R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-09-13] (Razer Inc)

R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30904 2013-09-13] (Razer Inc)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-10-17] (Avast Software)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-30 01:52 - 2015-10-30 01:52 - 02198016 _____ (Farbar) C:\Users\RC\Downloads\FRST64.exe

2015-10-30 01:52 - 2015-10-30 01:52 - 00019811 _____ C:\Users\RC\Downloads\FRST.txt

2015-10-30 01:52 - 2015-10-30 01:52 - 00000000 ____D C:\FRST

2015-10-30 01:24 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\pss

2015-10-30 01:15 - 2015-10-30 01:15 - 00021923 _____ C:\ComboFix.txt

2015-10-30 01:15 - 2015-10-30 01:15 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2015-10-29 23:36 - 2015-10-29 23:36 - 00000000 ____D C:\Users\RC\Tracing

2015-10-29 09:58 - 2015-10-29 09:58 - 00000222 _____ C:\Users\RC\Desktop\Battleborn Closed Technical Test.url

2015-10-18 01:32 - 2015-10-18 01:32 - 00293208 _____ C:\Windows\Minidump\101815-4056-01.dmp

2015-10-18 01:28 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe

2015-10-18 01:28 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe

2015-10-18 01:28 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-10-18 01:28 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-10-18 01:28 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-10-18 01:28 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe

2015-10-18 01:28 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe

2015-10-18 01:28 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe

2015-10-18 00:49 - 2015-10-30 01:15 - 00000000 ____D C:\Qoobox

2015-10-18 00:49 - 2015-10-18 01:48 - 00000000 ____D C:\Windows\erdnt

2015-10-18 00:48 - 2015-10-30 01:10 - 05637361 ____R (Swearware) C:\Users\RC\Downloads\ComboFix.exe

2015-10-17 23:25 - 2015-10-17 23:25 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\RC\Downloads\tdsskiller.exe

2015-10-17 20:17 - 2015-10-30 01:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2015-10-17 20:17 - 2015-10-17 20:17 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-10-17 20:17 - 2015-10-17 20:17 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-10-17 20:17 - 2015-10-17 20:17 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2015-10-17 20:17 - 2015-10-17 20:17 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-10-17 20:17 - 2015-10-17 20:17 - 00000000 ____D C:\Windows\SysWOW64\vbox

2015-10-17 20:17 - 2015-10-17 20:17 - 00000000 ____D C:\Windows\system32\vbox

2015-10-17 20:17 - 2015-10-17 20:17 - 00000000 ____D C:\Users\RC\AppData\Roaming\AVAST Software

2015-10-17 20:17 - 2015-10-17 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-10-17 20:16 - 2015-10-17 20:16 - 05693032 _____ (AVAST Software) C:\Users\RC\Downloads\avast_free_antivirus_setup_online.exe

2015-10-17 20:16 - 2015-10-17 20:16 - 03459152 ____N (AVAST Software) C:\Users\Public\Documents\aswOfferTool.exe

2015-10-17 20:16 - 2015-10-17 20:16 - 00000000 ____D C:\ProgramData\AVAST Software

2015-10-17 20:16 - 2015-10-17 20:16 - 00000000 ____D C:\Program Files\AVAST Software

2015-10-17 20:07 - 2015-10-30 00:31 - 00000000 ____D C:\Users\RC\AppData\Local\AihIhno

2015-10-14 17:45 - 2015-09-18 15:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2015-10-14 17:45 - 2015-09-18 15:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-10-14 17:45 - 2015-09-18 15:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-10-14 17:45 - 2015-09-18 15:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-10-14 17:45 - 2015-09-18 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-10-14 17:45 - 2015-09-18 15:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-10-14 17:45 - 2015-09-18 15:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-10-13 22:50 - 2015-09-18 15:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-10-13 22:50 - 2015-09-18 14:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-10-13 22:50 - 2015-09-16 00:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-10-13 22:50 - 2015-09-16 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-10-13 22:50 - 2015-09-16 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-10-13 22:50 - 2015-09-16 00:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-10-13 22:50 - 2015-09-16 00:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-10-13 22:50 - 2015-09-16 00:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-10-13 22:50 - 2015-09-16 00:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-10-13 22:50 - 2015-09-16 00:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-10-13 22:50 - 2015-09-16 00:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-10-13 22:50 - 2015-09-16 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-10-13 22:50 - 2015-09-16 00:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-10-13 22:50 - 2015-09-16 00:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-10-13 22:50 - 2015-09-16 00:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-10-13 22:50 - 2015-09-16 00:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-10-13 22:50 - 2015-09-16 00:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-10-13 22:50 - 2015-09-16 00:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-10-13 22:50 - 2015-09-16 00:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-10-13 22:50 - 2015-09-16 00:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-10-13 22:50 - 2015-09-15 23:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-10-13 22:50 - 2015-09-15 23:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-10-13 22:50 - 2015-09-15 23:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-10-13 22:50 - 2015-09-15 23:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-10-13 22:50 - 2015-09-15 23:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-10-13 22:50 - 2015-09-15 23:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-10-13 22:50 - 2015-09-15 23:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-10-13 22:50 - 2015-09-15 23:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-10-13 22:50 - 2015-09-15 23:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-10-13 22:50 - 2015-09-15 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-10-13 22:50 - 2015-09-15 23:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-10-13 22:50 - 2015-09-15 23:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-10-13 22:50 - 2015-09-15 23:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-10-13 22:50 - 2015-09-15 23:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-10-13 22:50 - 2015-09-15 23:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-10-13 22:50 - 2015-09-15 23:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-10-13 22:50 - 2015-09-15 23:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-10-13 22:50 - 2015-09-15 23:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-10-13 22:50 - 2015-09-15 23:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-10-13 22:50 - 2015-09-15 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-10-13 22:50 - 2015-09-15 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-10-13 22:50 - 2015-09-15 23:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-10-13 22:50 - 2015-09-15 23:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-10-13 22:50 - 2015-09-15 23:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-10-13 22:50 - 2015-09-15 23:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-10-13 22:50 - 2015-09-15 23:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-10-13 22:50 - 2015-09-15 23:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-10-13 22:50 - 2015-09-15 23:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-10-13 22:50 - 2015-09-15 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-10-13 22:50 - 2015-09-15 23:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-10-13 22:50 - 2015-09-15 23:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-10-13 22:50 - 2015-09-15 23:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-10-13 22:50 - 2015-09-15 23:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-10-13 22:50 - 2015-09-15 23:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2015-10-13 22:50 - 2015-09-15 22:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-10-13 22:50 - 2015-09-15 22:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-10-13 22:50 - 2015-09-15 22:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-10-13 22:50 - 2015-09-15 22:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-10-13 22:50 - 2015-09-15 22:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-10-13 22:50 - 2015-09-15 22:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-10-13 22:50 - 2015-09-15 22:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-10-13 22:50 - 2015-09-15 22:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-10-13 22:50 - 2015-09-15 22:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-10-13 22:50 - 2015-09-15 22:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-10-13 22:50 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-10-13 22:50 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2015-10-13 22:50 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-10-13 22:50 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2015-10-13 22:49 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-10-13 22:49 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-10-13 22:49 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-10-13 22:49 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-10-13 22:49 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-10-13 22:49 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-10-13 22:49 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-10-13 22:49 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-10-13 22:49 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-10-13 22:49 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-10-13 22:49 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-10-13 22:49 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-10-13 22:49 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-10-13 22:49 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-10-13 22:49 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-10-13 22:49 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-10-13 22:49 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-10-13 22:49 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-10-13 22:49 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-10-13 22:49 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-10-13 22:49 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-10-13 22:49 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-10-13 22:49 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-10-13 22:49 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-10-13 22:49 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-10-13 22:49 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-10-13 22:49 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-10-13 22:49 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-10-13 22:49 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-10-13 22:49 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-10-13 22:49 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-10-13 22:49 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-10-13 22:49 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-10-13 22:49 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-10-13 22:49 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-10-13 22:49 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-10-13 22:49 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-10-13 22:49 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-10-13 22:49 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-10-13 22:49 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-10-13 22:49 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-10-13 22:49 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-10-13 22:49 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-10-13 22:49 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-10-13 22:49 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-10-13 22:49 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-10-13 22:49 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-10-13 22:49 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-10-13 22:49 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-10-13 22:49 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-10-13 22:49 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-10-13 22:49 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-10-13 22:49 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-10-13 22:49 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-10-13 22:49 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-10-13 22:49 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-10-13 22:49 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-10-13 22:49 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-10-13 22:49 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-10-13 22:49 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-10-13 22:49 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-10-13 22:49 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-10-13 22:49 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-10-13 22:49 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-10-13 22:49 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-10-13 22:49 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-10-13 22:49 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-10-13 22:49 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-10-13 22:49 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-10-13 22:49 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-10-13 22:49 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-10-13 22:49 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-10-13 22:49 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-10-13 22:49 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-10-13 22:49 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-10-13 22:49 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-10-13 22:49 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-10-13 22:49 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-10-13 22:49 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll

2015-10-13 22:49 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

2015-10-12 23:49 - 2015-10-12 23:49 - 00000000 ____D C:\Users\RC\AppData\LocalLow\Steel Crate Games

2015-10-12 15:00 - 2015-10-12 15:00 - 00000222 _____ C:\Users\RC\Desktop\Keep Talking and Nobody Explodes.url

2015-10-10 12:03 - 2015-10-10 12:03 - 00013511 _____ C:\Users\RC\Desktop\spotify - Shortcut.lnk

2015-10-07 11:50 - 2015-10-17 20:26 - 00000000 ____D C:\7da02e4a

2015-10-03 14:11 - 2015-10-03 14:11 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2015-10-03 14:11 - 2015-10-03 14:11 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2015-10-02 23:12 - 2015-10-02 23:12 - 00000000 ____D C:\Users\RC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-30 01:48 - 2009-07-14 00:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-30 01:48 - 2009-07-14 00:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-30 01:39 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI

2015-10-30 01:36 - 2013-10-19 16:06 - 01916832 _____ C:\Windows\WindowsUpdate.log

2015-10-30 01:34 - 2013-12-20 21:02 - 00000000 ____D C:\Users\RC\AppData\Local\Spotify

2015-10-30 01:33 - 2015-08-05 21:37 - 00000000 ___RD C:\Users\RC\Google Drive

2015-10-30 01:33 - 2013-12-20 21:02 - 00000000 ____D C:\Users\RC\AppData\Roaming\Spotify

2015-10-30 01:33 - 2013-10-19 16:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-30 01:33 - 2013-10-19 16:21 - 00000000 ____D C:\ProgramData\NVIDIA

2015-10-30 01:33 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-30 01:33 - 2009-07-14 00:51 - 00064690 _____ C:\Windows\setupact.log

2015-10-30 01:24 - 2013-10-22 19:08 - 00203834 _____ C:\Windows\PFRO.log

2015-10-30 01:15 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini

2015-10-30 01:10 - 2013-10-19 16:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-30 00:16 - 2014-09-24 23:05 - 00000044 _____ C:\Users\RC\Desktop\dads address.txt

2015-10-29 23:38 - 2013-10-19 18:36 - 00000000 ____D C:\Users\RC\AppData\Roaming\Skype

2015-10-29 23:36 - 2013-10-19 16:03 - 00000000 ____D C:\Users\RC

2015-10-29 17:07 - 2013-10-19 18:54 - 00000000 ____D C:\Users\RC\Documents\my games

2015-10-29 17:02 - 2015-02-13 23:13 - 00000000 ____D C:\ProgramData\Package Cache

2015-10-23 15:12 - 2013-10-19 16:52 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-18 01:49 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default

2015-10-18 01:32 - 2014-01-29 22:39 - 00000000 ____D C:\Windows\Minidump

2015-10-18 01:31 - 2014-01-29 22:39 - 620741571 _____ C:\Windows\MEMORY.DMP

2015-10-17 20:17 - 2015-09-28 16:42 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

2015-10-17 18:12 - 2015-08-05 21:37 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk

2015-10-17 18:12 - 2015-08-05 21:37 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2015-10-17 18:12 - 2015-08-05 21:37 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk

2015-10-17 18:12 - 2015-08-05 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-10-15 03:00 - 2015-04-16 03:17 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-10-15 03:00 - 2015-04-16 03:17 - 00000000 ____D C:\Windows\system32\appraiser

2015-10-14 04:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2015-10-12 11:21 - 2013-10-19 18:24 - 00000000 ____D C:\Users\RC\AppData\Local\Adobe

2015-10-08 11:51 - 2015-05-09 18:54 - 00000000 ____D C:\Users\RC\AppData\Roaming\Audacity

2015-10-08 05:33 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX

2015-10-08 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-10-02 23:12 - 2014-11-04 22:07 - 00000000 ___RD C:\Users\RC\Dropbox

2015-10-02 23:12 - 2014-11-04 22:06 - 00000000 ____D C:\Users\RC\AppData\Roaming\Dropbox

2015-10-02 01:00 - 2014-12-09 00:07 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-10-02 01:00 - 2013-12-10 09:17 - 00000000 ____D C:\ProgramData\Skype

2015-10-01 21:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

2015-09-30 19:18 - 2013-10-19 16:54 - 00000000 ____D C:\Users\RC\AppData\Roaming\LolClient

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-10-21 00:27

 

==================== End of FRST.txt ============================

Attached Files


Edited by rogcald, 30 October 2015 - 06:46 AM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 AM

Posted 30 October 2015 - 11:54 AM

double post,

go on with your first post http://www.bleepingcomputer.com/forums/t/594827/jsscriptpe-inf-trj-and-urlmal-infections/

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users