Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of warning from Kaspersky - Did various scans, but still infected


  • This topic is locked This topic is locked
11 replies to this topic

#1 The Durango Kid

The Durango Kid

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 02 November 2015 - 01:35 PM

First I want to thank you for your help ...  It is really appreciated !...

 

****************************************************

 

Machine:  Laptop Dell Precision M6400

OS:  Windows 7 Pro SP1 – 64 bit

Anti-virus:  Kaspersky Internet Security 2016

 

About 2 months ago, I inserted my USB key into my laptop and because I was in a rush, I refused the scanning of the drive proposed by Kaspersky ...  Afterward, Kaspersky kept finding and eradicates trojan horses and worms for a while ...  The following were founds, some more than once, in several files:   HEUR:Trojan.Win32.Generic,   Trojan-Dropper.Win32.Injector.nmdg ,   Trojan.Win32 .Wauchos.aj   and   Worm.Win32 .Bundpil.avv  ...  Since then, I have had a growing suspicion that my system is still infected somehow, even though most symptoms are subtles ( described below ).

 

So I read a bit around and last week, I ran the following protocol:

  1. Run RKill.
  2. Pause Kaspersky and run ComboFix.
  3. Reboot and then re-enable Kaspersky.
  4. Run RKill again and then run MalwareBytes Anti-Malware Free version.
  5. Run SuperAntiSpyware Free edition.
  6. Reboot, run RKill again and then run Dr. Web CureIt.
  7. Reboot, run RKill again and then run F-Secure Online Scanner.

 

Nobody found anything, except ComboFix ( one entry in “Other Deletions” ) and SuperAntiSpyware ( 92 tracking cookies ).   I’ve included ComboFix and RKill logs as attachments ...  All the RKill.txt files were the same as the one included ( nothing found ) ...

 

Despite these scans, I still have the same suspicious symptoms, which are:

  • I access my bank and credit cards accounts web sites under the protected browser provided by Kaspersky “Safe Money”.  Whenever I access one of these sites, I got strange messages coming from Kaspersky.  They all read like : “Suspicious action of the application ‘X’ blocked by Application Control”, where “X” is either “Windows Explorer” or “COM Surrogate” or “Dropbox” or “NVDIA performance Driver Service” or “Windows Problem Reporting”.  The actions listed is either “Perform code injection” or “Duplicate internal process handle” or “Read memory from other processes” ...  I know these are not so subtle, but I have had the NVDIA one for a long time, so I got somehow used to see them whenever Safe Money was running ( don’t cry wolf ) ...  But the other ones are recent ...   I have collected them in screen shots and reunited them in a single image so you can see their file path ( see attached:  Safe Money Warnings.jpg  ) ...  Some look identical, but they all got something different.
  • Recently, I am  unable to download anything from the web, unless I boot in safe mode.
  • A few weeks ago, I was reviewing my settings in the Kaspersky application ...  In the “Threats and exclusions settings” section, you can specify exclusions on certain files or applications so their activity will not be monitored for malware detection ...  I am quite sure these exclusions must be entered manually by the user, because this list is/was always empty ...  So even though I never specified anything for this list, I found one entry pointing on svchost.exe ...   I deleted it and it never came back ...
  • I always got this 0 byte empty image on my desktop ( 001.jpg ) that keeps reappearing after I’ve deleted it.
  • For a while ( seems to be gone now ), whenever I was inserting a USB key in one of the slots,  what was saved on the drive would be replaced by a shortcut labeled “Removable drive” ...  Clicking on it would display my files ...  I checked the target of the shortcut and it was:  “C:\WINDOWS\system32\rundll32.exe  \{747AE5B2-5C8D-4DA6-BEFA-B7A1704261EE}.{29B29366-60DF-4837-A575-835198FFF863},z87GPL4Dz87G2BKQ !%(?}=b%-ctx!%((”  ...
  • More recently, I often got the following message from Kaspersky ...  It pops out of the blue, and not from any action on my part ...

Cannot guarantee authenticity of the domain to which encrypted connection is established

Application:  Internet Explorer

URL:  ieonline.microsoft.com

Reason:  This certificate or the certificate chain is built on an untrusted root center

 

 

*****************************   FRST.txt   *******************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by User (administrator) on USER-PC (02-11-2015 14:01:26)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() Q:\140066.enu\Office14\WINWORDC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() Q:\140066.ENU\OFFICE14\OffSpon.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-09-09] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [141608 2010-07-21] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2014-12-29]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C19064F3-8591-4F01-BC33-873876E1D88F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CB39A27B-0DC9-48B9-882A-972AAACA27EE}: [DhcpNameServer] 24.48.19.13 24.202.72.13 24.53.0.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3904156222-3458198690-710301323-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3904156222-3458198690-710301323-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3904156222-3458198690-710301323-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3904156222-3458198690-710301323-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-29] (AO Kaspersky Lab)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-29] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-29] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-29] (AO Kaspersky Lab)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\d92ure5z.default
FF Homepage: hxxps://www.netflix.com/ProfilesGate?nextpage=http%3A%2F%2Fwww.netflix.com%2FDefault
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2010-07-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\d92ure5z.default\user.js [2015-10-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-10-29] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.ca/?gws_rd=ssl"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-14]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-08-25]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-14]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2009-09-09] (Andrea Electronics Corporation)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-10-29] (Kaspersky Lab ZAO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-09-05] (NVIDIA Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2009-09-09] (IDT, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-10-29] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-10-29] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940936 2015-10-29] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-10-29] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 14:01 - 2015-11-02 14:02 - 00019730 _____ C:\Users\User\Desktop\FRST.txt
2015-11-02 14:01 - 2015-11-02 14:01 - 00000000 ____D C:\FRST
2015-11-02 13:58 - 2015-11-02 13:58 - 02198016 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-11-02 12:41 - 2015-10-30 11:33 - 00002040 _____ C:\Users\User\Desktop\Rkill.txt
2015-11-02 12:40 - 2015-10-28 14:53 - 00027638 _____ C:\Users\User\Desktop\ComboFix.txt
2015-10-30 11:15 - 2015-10-30 11:15 - 00000000 _____ C:\Users\User\Desktop\Due date and Hang over.txt
2015-10-29 18:32 - 2015-10-29 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-10-29 18:31 - 2015-10-29 18:31 - 00000000 ____D C:\Windows\ELAMBKUP
2015-10-29 18:31 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-10-29 18:30 - 2015-10-29 18:47 - 00940936 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-10-29 18:30 - 2015-10-29 18:47 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-10-29 18:30 - 2015-10-29 18:30 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-10-29 17:27 - 2015-10-29 17:46 - 00000000 ____D C:\ProgramData\F-Secure
2015-10-29 17:27 - 2015-10-29 17:27 - 00000000 ____D C:\Users\User\AppData\Local\F-Secure
2015-10-28 17:55 - 2015-10-28 17:55 - 00000000 ____D C:\Users\User\Doctor Web
2015-10-28 16:15 - 2015-10-28 16:15 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2015-10-28 16:14 - 2015-10-28 16:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-28 16:14 - 2015-10-28 16:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-28 16:14 - 2015-10-28 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-10-28 14:37 - 2015-10-28 14:53 - 00000000 ____D C:\Qoobox
2015-10-28 14:37 - 2011-06-26 04:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-28 14:37 - 2010-11-07 15:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-28 14:37 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-28 14:36 - 2015-10-28 14:49 - 00000000 ____D C:\Windows\erdnt
2015-10-27 19:30 - 2015-10-27 19:30 - 00000000 ____D C:\Windows\SysWOW64\%Data%
2015-10-27 18:23 - 2015-10-27 18:23 - 00000000 _____ C:\Users\User\Desktop\LastBackupWas_Full_2015-10-27.txt
2015-10-23 23:12 - 2015-10-25 21:14 - 00000181 _____ C:\Users\User\Desktop\How to weld copper.url
2015-10-20 23:31 - 2015-10-20 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-20 11:31 - 2015-10-20 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-20 11:31 - 2015-10-20 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-20 11:30 - 2015-10-20 11:30 - 00002563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-20 11:30 - 2015-10-20 11:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-15 21:21 - 2015-10-18 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 17:22 - 2015-10-15 18:26 - 00000209 _____ C:\Users\User\Desktop\Vale Do Amenhacer.url
2015-10-15 17:08 - 2015-09-18 17:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 17:08 - 2015-09-18 17:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 17:08 - 2015-09-18 17:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 17:08 - 2015-09-18 17:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 17:08 - 2015-09-18 17:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 17:08 - 2015-09-18 17:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 17:08 - 2015-09-18 17:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 12:56 - 2015-09-18 17:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 12:56 - 2015-09-18 16:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 12:56 - 2015-09-16 02:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 12:56 - 2015-09-16 02:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 12:56 - 2015-09-16 02:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 12:56 - 2015-09-16 02:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 12:56 - 2015-09-16 02:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 12:56 - 2015-09-16 02:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 12:56 - 2015-09-16 02:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 12:56 - 2015-09-16 02:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 12:56 - 2015-09-16 02:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 12:56 - 2015-09-16 02:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 12:56 - 2015-09-16 02:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 12:56 - 2015-09-16 02:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 12:56 - 2015-09-16 02:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 12:56 - 2015-09-16 02:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 12:56 - 2015-09-16 02:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 12:56 - 2015-09-16 02:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 12:56 - 2015-09-16 02:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 12:56 - 2015-09-16 02:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 12:56 - 2015-09-16 01:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 12:56 - 2015-09-16 01:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 12:56 - 2015-09-16 01:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 12:56 - 2015-09-16 01:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 12:56 - 2015-09-16 01:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 12:56 - 2015-09-16 01:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 12:56 - 2015-09-16 01:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 12:56 - 2015-09-16 01:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 12:56 - 2015-09-16 01:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 12:56 - 2015-09-16 01:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 12:56 - 2015-09-16 01:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 12:56 - 2015-09-16 01:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 12:56 - 2015-09-16 01:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 12:56 - 2015-09-16 01:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 12:56 - 2015-09-16 01:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 12:56 - 2015-09-16 01:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 12:56 - 2015-09-16 01:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 12:56 - 2015-09-16 01:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 12:56 - 2015-09-16 01:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 12:56 - 2015-09-16 01:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 12:56 - 2015-09-16 01:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 12:56 - 2015-09-16 01:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 12:56 - 2015-09-16 01:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 12:56 - 2015-09-16 01:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 12:56 - 2015-09-16 01:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 12:56 - 2015-09-16 01:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 12:56 - 2015-09-16 01:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 12:56 - 2015-09-16 01:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 12:56 - 2015-09-16 01:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 12:56 - 2015-09-16 01:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 12:56 - 2015-09-16 01:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 12:56 - 2015-09-16 01:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 12:56 - 2015-09-16 01:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 12:56 - 2015-09-16 01:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 12:56 - 2015-09-16 00:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 12:56 - 2015-09-16 00:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 12:56 - 2015-09-16 00:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 12:56 - 2015-09-16 00:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 12:56 - 2015-09-16 00:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 12:56 - 2015-09-16 00:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 12:56 - 2015-09-16 00:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 12:56 - 2015-09-16 00:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 12:56 - 2015-09-16 00:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 12:56 - 2015-09-16 00:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 12:55 - 2015-08-06 16:06 - 14182912 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 12:55 - 2015-08-06 16:06 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 12:55 - 2015-08-06 15:38 - 12878848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 12:55 - 2015-08-06 15:37 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 12:50 - 2015-10-01 16:12 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 12:50 - 2015-10-01 16:10 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 12:50 - 2015-10-01 16:09 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 12:50 - 2015-10-01 16:07 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 12:50 - 2015-10-01 16:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 12:50 - 2015-10-01 16:07 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 12:50 - 2015-10-01 16:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 12:50 - 2015-10-01 16:06 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 12:50 - 2015-10-01 16:06 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 12:50 - 2015-10-01 16:05 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 12:50 - 2015-10-01 16:05 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 12:50 - 2015-10-01 16:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 12:50 - 2015-10-01 16:05 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 12:50 - 2015-10-01 16:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 12:50 - 2015-10-01 16:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:43 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 12:50 - 2015-10-01 15:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 12:50 - 2015-10-01 14:47 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 12:50 - 2015-10-01 14:46 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 12:50 - 2015-10-01 14:46 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 12:50 - 2015-09-28 18:21 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 12:50 - 2015-09-28 18:21 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 12:50 - 2015-09-28 18:19 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 12:50 - 2015-09-28 18:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 12:50 - 2015-09-28 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 12:50 - 2015-09-28 18:15 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 12:50 - 2015-09-28 18:15 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 12:50 - 2015-09-28 18:15 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 12:50 - 2015-09-28 18:15 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 12:50 - 2015-09-28 18:11 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 12:50 - 2015-09-28 18:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 16:22 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 12:50 - 2015-09-28 14:35 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 12:50 - 2015-09-28 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 12:50 - 2015-09-28 14:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 14:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 14:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 14:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 12:50 - 2015-09-25 16:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 12:50 - 2015-09-25 16:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 12:50 - 2015-09-25 16:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 12:50 - 2015-09-25 16:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 12:50 - 2015-09-25 15:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 12:50 - 2015-09-25 15:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 12:50 - 2015-09-25 15:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 12:50 - 2015-09-25 15:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 12:50 - 2015-09-25 15:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 12:50 - 2015-09-15 21:45 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 12:50 - 2015-09-15 21:45 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 12:50 - 2015-09-15 21:37 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 12:50 - 2015-09-15 21:37 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 12:50 - 2015-09-15 21:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 12:50 - 2015-09-15 21:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 12:50 - 2015-09-15 21:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 12:50 - 2015-09-15 21:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 12:50 - 2015-09-14 19:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 12:49 - 2015-07-18 11:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-11 13:38 - 2015-10-11 13:38 - 00000000 ____D C:\ProgramData\Sun
2015-10-10 22:07 - 2015-10-10 22:07 - 00000000 ____D C:\Users\User\AppData\Roaming\QuickScan
2015-10-10 21:51 - 2015-10-10 21:51 - 00000000 ____D C:\KVRT_Data
2015-10-10 18:39 - 2015-10-10 18:41 - 00000000 ____D C:\Users\User\Desktop\Red Flash drive - 2 GB

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 13:47 - 2014-12-08 13:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-02 13:25 - 2015-07-20 20:14 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-02 13:11 - 2014-12-08 13:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-02 12:34 - 2014-10-24 18:39 - 01684588 _____ C:\Windows\WindowsUpdate.log
2015-11-02 12:32 - 2014-11-13 00:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-02 12:25 - 2009-07-14 02:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-02 12:25 - 2009-07-14 02:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-02 12:22 - 2009-07-14 03:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 12:18 - 2015-07-20 20:14 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-02 12:17 - 2015-09-08 20:19 - 00011816 _____ C:\Windows\setupact.log
2015-11-02 12:17 - 2014-12-08 13:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-02 12:17 - 2014-10-24 16:28 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-02 12:17 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-01 23:04 - 2014-10-27 16:24 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2015-11-01 20:37 - 2014-10-27 14:48 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-11-01 19:39 - 2015-09-18 20:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 17:42 - 2015-06-13 18:42 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD63DA42-CF78-4B8F-97E4-91029FD67685}
2015-11-01 17:39 - 2015-06-23 09:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 20:30 - 2015-09-28 13:11 - 00000000 ____D C:\Users\User\Desktop\Brazilian stuff
2015-10-29 18:47 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-10-29 18:46 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-10-29 18:17 - 2015-09-18 20:36 - 00353136 _____ C:\Windows\PFRO.log
2015-10-28 15:32 - 2015-09-18 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-28 15:32 - 2015-09-18 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-28 14:53 - 2009-07-14 01:20 - 00000000 __RHD C:\Users\Default
2015-10-28 14:48 - 2009-07-14 00:34 - 00000215 _____ C:\Windows\system.ini
2015-10-27 17:01 - 2014-11-14 20:08 - 00005099 _____ C:\Users\User\Desktop\Backup.bat
2015-10-22 22:01 - 2015-07-20 20:21 - 00000000 ___RD C:\Users\User\Dropbox
2015-10-22 22:01 - 2015-07-20 20:14 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2015-10-22 19:50 - 2015-09-14 22:07 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-20 23:31 - 2015-07-20 20:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-19 13:31 - 2014-10-27 13:17 - 00000000 ____D C:\ProgramData\Skype
2015-10-18 17:25 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2015-10-18 11:47 - 2014-11-19 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 13:11 - 2014-12-08 13:42 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 13:11 - 2014-12-08 13:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 13:11 - 2014-12-08 13:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-15 19:07 - 2014-12-11 12:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 19:07 - 2014-10-24 18:39 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 17:10 - 2014-10-27 13:18 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-14 21:59 - 2014-10-24 16:44 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 21:47 - 2014-10-24 16:44 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-11 13:49 - 2014-10-27 13:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-05 09:50 - 2015-09-18 20:34 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-09-18 20:34 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-09-18 20:34 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-11-12 00:20 - 2014-11-12 00:20 - 0000000 _____ () C:\ProgramData\Wave

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7heh1h.dll
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-31 17:45

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 AM

Posted 07 November 2015 - 01:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/595126 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 The Durango Kid

The Durango Kid
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 07 November 2015 - 02:37 PM

Hello !

Thanks again for helping me !

 

I bought my laptop 2nd hand, with Win 7 already on it, so  I don't have the original Windows CD/DVD available ...

 

Here's the latest version of FRST.txt ( ran a few minutes ago ... ) :

 

********************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by User (administrator) on USER-PC (07-11-2015 17:17:11)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-09-09] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [141608 2010-07-21] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2014-12-29]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C19064F3-8591-4F01-BC33-873876E1D88F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CB39A27B-0DC9-48B9-882A-972AAACA27EE}: [DhcpNameServer] 24.48.19.13 24.202.72.13 24.53.0.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3904156222-3458198690-710301323-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3904156222-3458198690-710301323-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3904156222-3458198690-710301323-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3904156222-3458198690-710301323-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-29] (AO Kaspersky Lab)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-29] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-29] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-29] (AO Kaspersky Lab)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\d92ure5z.default
FF Homepage: hxxps://www.netflix.com/ProfilesGate?nextpage=http%3A%2F%2Fwww.netflix.com%2FDefault
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2010-07-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\d92ure5z.default\user.js [2015-10-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-10-29] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.ca/?gws_rd=ssl"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-14]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-08-25]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-14]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2009-09-09] (Andrea Electronics Corporation)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-10-29] (Kaspersky Lab ZAO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-09-05] (NVIDIA Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2009-09-09] (IDT, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-10-29] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-10-29] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940936 2015-10-29] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-10-29] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 17:17 - 2015-11-07 17:17 - 00019398 _____ C:\Users\User\Desktop\FRST.txt
2015-11-07 17:16 - 2015-11-07 17:17 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2015-11-04 21:18 - 2015-11-04 21:18 - 00000194 _____ C:\Users\User\Desktop\Solder guide.url
2015-11-04 21:09 - 2015-11-04 21:09 - 00000133 _____ C:\Users\User\Desktop\cutting rod - right size - tools.url
2015-11-04 20:30 - 2015-11-04 20:30 - 00000205 _____ C:\Users\User\Desktop\Durango Kid is infected.url
2015-11-04 17:37 - 2015-11-04 17:37 - 00000168 _____ C:\Users\User\Desktop\Grounding rod.url
2015-11-04 17:15 - 2015-11-04 17:16 - 00000155 _____ C:\Users\User\Desktop\Cobre Anapolis 1.url
2015-11-02 14:03 - 2015-11-02 14:04 - 00024263 _____ C:\Users\User\Desktop\Addition.txt
2015-11-02 14:01 - 2015-11-07 17:17 - 00000000 ____D C:\FRST
2015-11-02 14:01 - 2015-11-02 14:04 - 00062946 _____ C:\Users\User\Desktop\FRST1.txt
2015-11-02 13:58 - 2015-11-07 17:16 - 02198528 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-11-02 12:41 - 2015-10-30 11:33 - 00002040 _____ C:\Users\User\Desktop\Rkill.txt
2015-11-02 12:40 - 2015-10-28 14:53 - 00027638 _____ C:\Users\User\Desktop\ComboFix.txt
2015-10-30 11:15 - 2015-10-30 11:15 - 00000000 _____ C:\Users\User\Desktop\Due date and Hang over.txt
2015-10-29 18:32 - 2015-10-29 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-10-29 18:31 - 2015-10-29 18:31 - 00000000 ____D C:\Windows\ELAMBKUP
2015-10-29 18:31 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-10-29 18:30 - 2015-10-29 18:47 - 00940936 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-10-29 18:30 - 2015-10-29 18:47 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-10-29 18:30 - 2015-10-29 18:30 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-10-29 17:27 - 2015-10-29 17:46 - 00000000 ____D C:\ProgramData\F-Secure
2015-10-29 17:27 - 2015-10-29 17:27 - 00000000 ____D C:\Users\User\AppData\Local\F-Secure
2015-10-28 17:55 - 2015-10-28 17:55 - 00000000 ____D C:\Users\User\Doctor Web
2015-10-28 16:15 - 2015-10-28 16:15 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2015-10-28 16:14 - 2015-10-28 16:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-28 16:14 - 2015-10-28 16:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-28 16:14 - 2015-10-28 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-10-28 14:37 - 2015-10-28 14:53 - 00000000 ____D C:\Qoobox
2015-10-28 14:37 - 2011-06-26 04:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-28 14:37 - 2010-11-07 15:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-28 14:37 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-28 14:37 - 2000-08-30 22:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-28 14:36 - 2015-10-28 14:49 - 00000000 ____D C:\Windows\erdnt
2015-10-27 19:30 - 2015-10-27 19:30 - 00000000 ____D C:\Windows\SysWOW64\%Data%
2015-10-27 18:23 - 2015-10-27 18:23 - 00000000 _____ C:\Users\User\Desktop\LastBackupWas_Full_2015-10-27.txt
2015-10-23 23:12 - 2015-10-25 21:14 - 00000181 _____ C:\Users\User\Desktop\How to weld copper.url
2015-10-20 23:31 - 2015-10-20 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-20 11:31 - 2015-10-20 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-20 11:31 - 2015-10-20 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-20 11:30 - 2015-10-20 11:30 - 00002563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-20 11:30 - 2015-10-20 11:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-15 21:21 - 2015-10-18 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 17:22 - 2015-10-15 18:26 - 00000209 _____ C:\Users\User\Desktop\Vale Do Amenhacer.url
2015-10-15 17:08 - 2015-09-18 17:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 17:08 - 2015-09-18 17:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 17:08 - 2015-09-18 17:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 17:08 - 2015-09-18 17:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 17:08 - 2015-09-18 17:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 17:08 - 2015-09-18 17:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 17:08 - 2015-09-18 17:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 12:56 - 2015-09-18 17:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 12:56 - 2015-09-18 16:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 12:56 - 2015-09-16 02:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 12:56 - 2015-09-16 02:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 12:56 - 2015-09-16 02:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 12:56 - 2015-09-16 02:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 12:56 - 2015-09-16 02:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 12:56 - 2015-09-16 02:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 12:56 - 2015-09-16 02:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 12:56 - 2015-09-16 02:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 12:56 - 2015-09-16 02:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 12:56 - 2015-09-16 02:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 12:56 - 2015-09-16 02:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 12:56 - 2015-09-16 02:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 12:56 - 2015-09-16 02:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 12:56 - 2015-09-16 02:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 12:56 - 2015-09-16 02:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 12:56 - 2015-09-16 02:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 12:56 - 2015-09-16 02:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 12:56 - 2015-09-16 02:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 12:56 - 2015-09-16 01:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 12:56 - 2015-09-16 01:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 12:56 - 2015-09-16 01:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 12:56 - 2015-09-16 01:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 12:56 - 2015-09-16 01:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 12:56 - 2015-09-16 01:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 12:56 - 2015-09-16 01:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 12:56 - 2015-09-16 01:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 12:56 - 2015-09-16 01:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 12:56 - 2015-09-16 01:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 12:56 - 2015-09-16 01:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 12:56 - 2015-09-16 01:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 12:56 - 2015-09-16 01:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 12:56 - 2015-09-16 01:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 12:56 - 2015-09-16 01:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 12:56 - 2015-09-16 01:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 12:56 - 2015-09-16 01:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 12:56 - 2015-09-16 01:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 12:56 - 2015-09-16 01:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 12:56 - 2015-09-16 01:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 12:56 - 2015-09-16 01:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 12:56 - 2015-09-16 01:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 12:56 - 2015-09-16 01:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 12:56 - 2015-09-16 01:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 12:56 - 2015-09-16 01:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 12:56 - 2015-09-16 01:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 12:56 - 2015-09-16 01:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 12:56 - 2015-09-16 01:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 12:56 - 2015-09-16 01:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 12:56 - 2015-09-16 01:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 12:56 - 2015-09-16 01:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 12:56 - 2015-09-16 01:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 12:56 - 2015-09-16 01:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 12:56 - 2015-09-16 01:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 12:56 - 2015-09-16 00:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 12:56 - 2015-09-16 00:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 12:56 - 2015-09-16 00:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 12:56 - 2015-09-16 00:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 12:56 - 2015-09-16 00:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 12:56 - 2015-09-16 00:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 12:56 - 2015-09-16 00:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 12:56 - 2015-09-16 00:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 12:56 - 2015-09-16 00:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 12:56 - 2015-09-16 00:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 12:55 - 2015-08-06 16:06 - 14182912 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 12:55 - 2015-08-06 16:06 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 12:55 - 2015-08-06 15:38 - 12878848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 12:55 - 2015-08-06 15:37 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 12:50 - 2015-10-01 16:12 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 12:50 - 2015-10-01 16:10 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 12:50 - 2015-10-01 16:09 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 12:50 - 2015-10-01 16:07 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 12:50 - 2015-10-01 16:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 12:50 - 2015-10-01 16:07 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 12:50 - 2015-10-01 16:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 12:50 - 2015-10-01 16:06 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 12:50 - 2015-10-01 16:06 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 12:50 - 2015-10-01 16:06 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 12:50 - 2015-10-01 16:05 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 12:50 - 2015-10-01 16:05 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 12:50 - 2015-10-01 16:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 12:50 - 2015-10-01 16:05 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 12:50 - 2015-10-01 16:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 12:50 - 2015-10-01 16:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 12:50 - 2015-10-01 15:43 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 12:50 - 2015-10-01 15:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 12:50 - 2015-10-01 14:47 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 12:50 - 2015-10-01 14:46 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 12:50 - 2015-10-01 14:46 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 12:50 - 2015-09-28 18:21 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 12:50 - 2015-09-28 18:21 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 12:50 - 2015-09-28 18:19 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 12:50 - 2015-09-28 18:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 12:50 - 2015-09-28 18:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 12:50 - 2015-09-28 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 12:50 - 2015-09-28 18:15 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 12:50 - 2015-09-28 18:15 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 12:50 - 2015-09-28 18:15 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 12:50 - 2015-09-28 18:15 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 12:50 - 2015-09-28 18:11 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 12:50 - 2015-09-28 18:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 18:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 16:22 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 12:50 - 2015-09-28 14:35 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 12:50 - 2015-09-28 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 12:50 - 2015-09-28 14:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 14:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 14:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 12:50 - 2015-09-28 14:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 12:50 - 2015-09-25 16:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 12:50 - 2015-09-25 16:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 12:50 - 2015-09-25 16:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 12:50 - 2015-09-25 16:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 12:50 - 2015-09-25 16:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 12:50 - 2015-09-25 15:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 12:50 - 2015-09-25 15:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 12:50 - 2015-09-25 15:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 12:50 - 2015-09-25 15:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 12:50 - 2015-09-25 15:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 12:50 - 2015-09-15 21:45 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 12:50 - 2015-09-15 21:45 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 12:50 - 2015-09-15 21:37 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 12:50 - 2015-09-15 21:37 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 12:50 - 2015-09-15 21:37 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 12:50 - 2015-09-15 21:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 12:50 - 2015-09-15 21:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 12:50 - 2015-09-15 21:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 12:50 - 2015-09-15 21:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 12:50 - 2015-09-14 19:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 12:49 - 2015-07-18 11:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 12:49 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-11 13:38 - 2015-10-11 13:38 - 00000000 ____D C:\ProgramData\Sun
2015-10-10 22:07 - 2015-10-10 22:07 - 00000000 ____D C:\Users\User\AppData\Roaming\QuickScan
2015-10-10 21:51 - 2015-10-10 21:51 - 00000000 ____D C:\KVRT_Data

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 17:11 - 2014-12-08 13:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-07 16:47 - 2014-12-08 13:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 16:47 - 2014-12-08 13:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 16:25 - 2015-07-20 20:14 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-07 15:47 - 2014-10-24 18:39 - 01858450 _____ C:\Windows\WindowsUpdate.log
2015-11-07 15:45 - 2014-11-13 00:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-07 15:38 - 2009-07-14 02:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 15:38 - 2009-07-14 02:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 15:37 - 2009-07-14 03:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 15:36 - 2015-09-08 20:19 - 00012712 _____ C:\Windows\setupact.log
2015-11-07 15:33 - 2015-06-13 18:42 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD63DA42-CF78-4B8F-97E4-91029FD67685}
2015-11-07 15:30 - 2015-07-20 20:14 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-07 15:30 - 2014-10-24 16:28 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-07 15:30 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-05 23:34 - 2014-10-27 16:24 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2015-11-05 20:21 - 2014-10-27 14:48 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-11-03 15:13 - 2015-03-02 19:27 - 00000789 _____ C:\Users\User\Desktop\Demandes Joao.txt
2015-11-02 15:56 - 2014-10-27 13:17 - 00000000 ____D C:\ProgramData\Skype
2015-11-01 19:39 - 2015-09-18 20:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 17:39 - 2015-06-23 09:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 20:30 - 2015-09-28 13:11 - 00000000 ____D C:\Users\User\Desktop\Brazilian stuff
2015-10-29 18:47 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-10-29 18:46 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-10-29 18:17 - 2015-09-18 20:36 - 00353136 _____ C:\Windows\PFRO.log
2015-10-28 15:32 - 2015-09-18 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-28 15:32 - 2015-09-18 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-28 14:53 - 2009-07-14 01:20 - 00000000 __RHD C:\Users\Default
2015-10-28 14:48 - 2009-07-14 00:34 - 00000215 _____ C:\Windows\system.ini
2015-10-27 17:01 - 2014-11-14 20:08 - 00005099 _____ C:\Users\User\Desktop\Backup.bat
2015-10-22 22:01 - 2015-07-20 20:21 - 00000000 ___RD C:\Users\User\Dropbox
2015-10-22 22:01 - 2015-07-20 20:14 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2015-10-22 19:50 - 2015-09-14 22:07 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-20 23:31 - 2015-07-20 20:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-18 17:25 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2015-10-18 11:47 - 2014-11-19 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 13:11 - 2014-12-08 13:42 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 13:11 - 2014-12-08 13:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 13:11 - 2014-12-08 13:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-15 19:07 - 2014-12-11 12:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 19:07 - 2014-10-24 18:39 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 17:10 - 2014-10-27 13:18 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-14 21:59 - 2014-10-24 16:44 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 21:47 - 2014-10-24 16:44 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-11 13:49 - 2014-10-27 13:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN

==================== Files in the root of some directories =======

2014-11-12 00:20 - 2014-11-12 00:20 - 0000000 _____ () C:\ProgramData\Wave

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4bqivf.dll
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-31 17:45

==================== End of FRST.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,167 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:07 AM

Posted 08 November 2015 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3904156222-3458198690-710301323-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\d92ure5z.default\user.js [2015-10-28]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===


Cannot guarantee authenticity of the domain to which encrypted connection is established
Application: Internet Explorer
URL: ieonline.microsoft.com
Reason: This certificate or the certificate chain is built on an untrusted root center


Try the fix suggested on this page.

http://www.justanswer.com/computer/5ib3r-rid-ieonline-microsoft-com-ieslice-using.html

p.s.
Ignore the popup that will be shown.
===

Let me know what problem persists.

#5 The Durango Kid

The Durango Kid
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 09 November 2015 - 03:19 PM

Hello nasdaq,

 

Thanks for your help ... 

 

Ok, I have followed your instructions, in the order mentioned ...

  1. I ran FRST.EXE (Fix) with fixlist.txt present ...  The content of Fixlog.txt is pasted just below ...
  2. I ran the FlashDisinfector ( 3 times to be sure ) and  nothing happened ...  I mean, no window showed up, nothing ...  I though about renaming it to something else before running it, but I decided to wait for your input.
  3. I did the reset of Internet Explorer ...
  4. I did the cleaning of the Internet Explorer Cache ...
  5. I did the fix for ieonline.microsoft.com ...

 

--------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by User (2015-11-08 16:12:14) Run:1

Running from C:\Users\User\Desktop

Loaded Profiles: User (Available Profiles: User)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

 

CreateRestorePoint

EmptyTemp

CloseProcesses

 

HKLMSOFTWAREPoliciesMicrosoftInternet Explorer Restriction ======= ATTENTION

HKUS-1-5-21-3904156222-3458198690-710301323-1000SOFTWAREPoliciesMicrosoftInternet Explorer Restriction ======= ATTENTION

FF Plugin @microsoft.comGENUINE - disabled [No File]

FF Plugin-x32 @microsoft.comGENUINE - disabled [No File]

FF user.js detected! = CUsersUserAppDataRoamingMozillaFirefoxProfilesd92ure5z.defaultuser.js [2015-10-28]

U4 klkbdflt2; system32DRIVERSklkbdflt2.sys [X]

AlternateDataStreams CProgramDataTEMP0B174FAE

 

End

*****************

 

CreateRestorePoint => Error: No automatic fix found for this entry.

EmptyTemp => Error: No automatic fix found for this entry.

CloseProcesses => Error: No automatic fix found for this entry.

HKLMSOFTWAREPoliciesMicrosoftInternet Explorer Restriction ======= ATTENTION => Error: No automatic fix found for this entry.

HKUS-1-5-21-3904156222-3458198690-710301323-1000SOFTWAREPoliciesMicrosoftInternet Explorer Restriction ======= ATTENTION => Error: No automatic fix found for this entry.

FF Plugin @microsoft.comGENUINE - disabled [No File] => Error: No automatic fix found for this entry.

FF Plugin-x32 @microsoft.comGENUINE - disabled [No File] => Error: No automatic fix found for this entry.

FF user.js detected! = CUsersUserAppDataRoamingMozillaFirefoxProfilesd92ure5z.defaultuser.js [2015-10-28] => Error: No automatic fix found for this entry.

klkbdflt2 => service could not remove

AlternateDataStreams CProgramDataTEMP0B174FAE => Error: No automatic fix found for this entry.

 

==== End of Fixlog 16:12:14 ====

--------------------------------------------------------------------------------------------------------------------

 

 

After 2 days, here’s an update on my symptoms ( in red bold at the end of each symptom ):

  1. I access my bank and credit cards accounts web sites under the protected browser provided by Kaspersky “Safe Money”.  Whenever I access one of these sites, I got strange messages coming from Kaspersky.  They all read like : “Suspicious action of the application ‘X’ blocked by Application Control”, where “X” is either “Windows Explorer” or “COM Surrogate” or “Dropbox” or “NVDIA performance Driver Service” or “Windows Problem Reporting”.  The actions listed is either “Perform code injection” or “Duplicate internal process handle” or “Read memory from other processes” ...  I know these are not so subtle, but I have had the NVDIA one for a long time, so I got somehow used to see them whenever Safe Money was running ( don’t cry wolf ) ...  But the other ones are recent ...   I have collected them in screen shots and reunited them in a single image so you can see their file path ( see attached:  Safe Money Warnings.jpg  ) ...  Some look identical, but they all got something different.  I have accessed my accounts several time since yesterday, and I still have 2 of these warnings ...   See red crosses on attachment “Safe Money Warnings 2.jpg” ...  The other ones seem to be gone.
  2. Recently, I am  unable to download anything from the web, unless I boot in safe mode.  I realized it is a browser problem since it happens only with IE 11 and not with Chrome or Firefox ...  More specifically, IE 11  is not  proposing me to download the file at the bottom of the browser window, i.e. that I don’t see the “Do you want to run or save ...” dialog box.  The problem is not constant, and comes on and off :  Yesterday I could not download, and today I can ( ??? ) ...  My search showed that it could be related to corrupted files in user account profiles.  Nobody seems to have found a solid working solution.  Anyway, it is working for now so I will wait and see ...  If you have possible fixes, please submit them to me ...  I will try them if the problem persist ...  I’m thinking of running ADWCleaner ...
  3. A few weeks ago, I was reviewing my settings in the Kaspersky application ...  In the “Threats and exclusions settings” section, you can specify exclusions on certain files or applications so their activity will not be monitored for malware detection ...  I am quite sure these exclusions must be entered manually by the user, because this list is/was always empty ...  So even though I never specified anything for this list, I found one entry pointing on svchost.exe ...   I deleted it and it never came back ...  The false entry in exclusions has still not reappeared ...
  4. I always got this 0 byte empty image on my desktop ( 001.jpg ) that keeps reappearing after I’ve deleted it.  This image is still coming back when I delete it ...  It comes back at reboot ...
  5. For a while ( seems to be gone now ), whenever I was inserting a USB key in one of the slots,  what was saved on the drive would be replaced by a shortcut labeled “Removable drive” ...  Clicking on it would display my files ...  I checked the target of the shortcut and it was:  “C:\WINDOWS\system32\rundll32.exe  \{747AE5B2-5C8D-4DA6-BEFA-B7A1704261EE}.{29B29366-60DF-4837-A575-835198FFF863},z87GPL4Dz87G2BKQ !%(?}=b%-ctx!%((”  ...  I have seen it again the day before yesterday ( a different string at the end ), but not since I ran your protocol yesterday ( I have played with the USB key a few times since ) ...  What I noticed before yesterday was this:  I inserted the drive, Kaspersky proposed to scan it, I did and nothing was found, and THEN, after Kaspersky scan, the shortcut re-appeared ...  Pretty scary ...  Your post mention a hidden folder ( for protection ) that would be left on my USB drives after I run FlashDisinfector.exe ...  So it’s too bad I was not able to scan my USB keys.  You see, I am right now in a small village in Brazil ( by the way, I’m from Quebec, like you ... :o ) , and I know that my flash drives will be re-infected, as I often use them to print or scan documents in Internet Cafés ...  So the protection would have been perfect ...  I plan to scan my USB keys each time I insert them in my laptop ( with Kaspersky, then with Dr. Web CureIt ), but i have no idea if that will be good enough.
  6. More recently, I often got the following message from Kaspersky ...  It pops out of the blue, and not from any action on my part ...

Cannot guarantee authenticity of the domain to which encrypted connection is established

Application:  Internet Explorer

URL:  ieonline.microsoft.com

Reason:  This certificate or the certificate chain is built on an untrusted root center

I have not seen the message again ...

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,167 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:07 AM

Posted 10 November 2015 - 09:47 AM

I ran the FlashDisinfector ( 3 times to be sure ) and nothing happened ... I mean, no window showed up, nothing ... I though about renaming it to something else before running it, but I decided to wait for your input.

If the file was downloaded and you have executed it the it's normal that you do not get a message.
If the fix worked the you Flash drive is protected. If any malware try to execute a RUN Key to start it's process it will not succeed.

From what I read in you notes the Flash Driver is protected.
If you do get an other Flash drive before copying files to it run the Flash Drivie Desinfector tool.
===

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

DO NOT Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.
<<<>>>


Was IE 11 updated by you from an earlier version?
If yes the Remove it using the Control panel > Programs and Features.

Your previous version will be reinstalled.

Let me know if you have and can do that.
===

#7 The Durango Kid

The Durango Kid
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 12 November 2015 - 06:40 PM

Hello nasdaq,

 

Thanks for your help.   Sorry for the delay, I was out of town lately ...  Ok, 4 things:

 

 

1st thing:  About the Flash_Disinfector.exe ...   I really believe it did not run ...  I forgot to tell you, but when I launch the exe, I have this message from Windows:  “This program might not have installed correctly ( see attached image:  Win 7 64 message.png ).  I have tried both options proposed, and the result was the same:  No windows  or popups or messages appears, nothing ... 

 

Check the following post ( fairly recent, from last year ):  “http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector”.  According to it, when running Flash_Disinfector.exe, I should at least get a prompt asking me to insert my flash drive ...  This post also mentions that this file is for 2000, XP and Vista, and that’s all ...  I have also seen other posts mentioning that this application does not run on Windows 7 ...

 

So I strongly suspect that Flash_Disinfector.exe does not run on Win 7 64 bits ...  Do you know for sure that it has been updated for Win 7 64 bits ?   If Flash_Disinfector.exe does not run on Win 7, what could I use instead ?...  In the following post, the guy recommand running Panda USB Vaccine:  “https://forums.spybot.info/showthread.php?57557-USB-cleaning-on-Windows-7”.  What do you think ?

 

 

2nd thing:  I don’t know how to interpret the result log produced by Combofix ...  Could you tell me what are your conclusion on this, especially about the entry in “Other Deletions” ?

 

 

3rd thing:  It seems that what you made me do the last time ( running FRST.EXE - Fix with fixlist.txt ) had some effects on the warning messages from safe money, since I now only have 2 messages left ( see Safe Money Warnings 2.jpg ) ...  Can you tell me where these messages were from ( a virus ? ) and why I still have 2 of them ? ...

 

 

4th thing:  I still have problem downloading with IE 11 sometime ...  I goes on and off ...  Very weird ...  I don’t remember if I upgraded from another version or if I installed it from scratch ...  So are you suggesting that I de-install and then re-install IE 11 ?

 

 

Thanks again for your time.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,167 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:07 AM

Posted 13 November 2015 - 09:02 AM


Thank you for the information on the Flash_Disinfector issues.
You are the first one informing me that it's not compatible with Windows 7 and above

I have changed my canned speech and will use the following in the future.
On change I made is that selected Bleepingcomputer as the download site.
I know that the Administrators check all the programs before posting the download information.

Download, install and run Panda USB Vaccine

The usb vaccination performed by this program will permanently disable any autorun.inf functionality of your usb stick. After the vaccination you will be able to use the usb stick normally and files (even malware) can be copied to/from it, however they will be prevented from executing automatically. This vaccination can only be reversed with a reformat of the usb stick.

Download and save Panda USB Vaccine from >>>here<<<
Double click the file USBVaccineSetup.exe to start the installation.
During setup uncheck the option to Run Panda USB Vaccine automatically when computer boots.
Start Panda USB Vaccine.
Insert your usb-stick, choose the correct drive letter (i.e "F:\") and click Vaccinate USB.
When it's finished, close the program.
You can delete the downloaded USBVaccineSetup.exe.

===========

I don’t know how to interpret the result log produced by Combofix ... Could you tell me what are your conclusion on this, especially about the entry in “Other Deletions” ?


c:\windows\SysWow64\test
This folder is not part of the Operating system. Why it was there I do not now but it's not required.
===

3rd thing: It seems that what you made me do the last time ( running FRST.EXE - Fix with fixlist.txt ) had some effects on the warning messages from safe money, since I now only have 2 messages left ( see Safe Money Warnings 2.jpg ) ... Can you tell me where these messages were from ( a virus ? ) and why I still have 2 of them ?

There could be some remnant items in the Registry.
Lets find out.

Please run the Farbar Recovery Scan Tool. Enter Safe Money in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.
===

4th thing: I still have problem downloading with IE 11 sometime ... I goes on and off ... Very weird ... I don’t remember if I upgraded from another version or if I installed it from scratch ... So are you suggesting that I de-install and then re-install IE 11 ?

I do not see Internet Explore 11 in your Installed section of your Addition.txt log. It was probably installed originally.

Read the information on this page
http://windows.microsoft.com/en-us/internet-explorer/install-ie#ie=ie-11

What happens if you turn off the features.

You may have to restart the computer. ( Not sure)

#9 The Durango Kid

The Durango Kid
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 15 November 2015 - 11:43 AM

Hello nasdaq,

 

1st:

I have installed and run the Panda Vaccine on both my computer and my USB drives ...  That should help protect me, as I know I will surely re-infect my USB keys ( I still have to use the same internet cafe for printing and scanning ) ...  I also ran the ESET online scanner ( with your instructions ), and nothing was found ...

 

2nd:

I know that ComboFix is removing some of the malwares it finds, and also gives traces and clues in its log about the malwares that it could not remove ...  So what I really want to know is if anything in the ComboFix log is calling for additional  steps ...  Have you been trained in the interpretation of the Combofix log ? ( maybe not all of you are ? ) ...  If yes, I would like to know if the log shows somehow that I still have some infections, or maybe corrupt files ...  Thanks for your time and patience ...

 

3rd:   I ran again the Farbar Recovery Scan Tool, with “Safe Money” in the search box ...  Below is the content of the Search.txt file ...  There does not seem to be anything in there ... 

It seems that what you made me do the previous time ( running FRST.EXE - Fix with fixlist.txt ) had some effects on the warning messages from safe money, since after that only have 2 messages were left ...  Do you have an idea on what happened with FRST.exe to make the messages from Kaspersky go away ?   Was that because of some registry cleaning ?  Just tell me what you know for sure and what you’re not sure ...  ( I need to decide what these 2 messages from Safe Money are, and if I can safely ignore them ) ...

 

**************************************************************************************

Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by User (2015-11-13 19:49:17)

Running from C:\Users\User\Desktop

Boot Mode: Normal

 

================== Search Registry: "Safe Money" ===========

 

[HKEY_USERS\S-1-5-21-3904156222-3458198690-710301323-1000\Software\KasperskyLab\AVP16.0.0\SafeBanking]

"LnkName"="C:\Users\User\Desktop\Safe Money.lnk"

[HKEY_USERS\S-1-5-21-3904156222-3458198690-710301323-1000\Software\paint.net]

"File/MostRecent/Path0"="C:\...\Computer & Windows\Kaspersky Internet Security 2015\Problems with Safe Money\Screen shots\Safe Money Warnings.jpg"

[HKEY_USERS\S-1-5-21-3904156222-3458198690-710301323-1000\Software\paint.net]

"File/MostRecent/Path1"="C:\Users\User\Desktop\Safe Money Warnings 2.jpg"

 

====== End of Search ======

**************************************************************************************

 

4th ( downloading problem ):   The link you mentioned to unistall IE 11 seems to be for Windows 10, so I followed the instructions on this link instead (option 1):  “http://www.sevenforums.com/tutorials/313358-internet-explorer-11-uninstall-windows-7-a.html”.  I am now with IE 10, and IE 11 will not install ( tried a few suggestions so far ) ...  It seems to be a common problem.  So I am still working on it ...  I now plan to install and run CCleaner and then defrag my hard drive ...  That could solve the download problem as well, and maybe the safe money thing too ...

 

Thanks again ...



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,167 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:07 AM

Posted 15 November 2015 - 02:39 PM

Have you been trained in the interpretation of the Combofix log ? ( maybe not all of you are ? ) ...  If yes, I would like to know if the log shows somehow that I still have some infections, or maybe corrupt files ...  Thanks for your time and patience ...

I do not use ComboFix as much as I did previously. The Farbar the Zoek tool are now my favorite removal tools and I must say the same for many helpers.
Those who were permitted to give advice on this tool were guided by the owner and I must say I am very familiar with the tool.
===
 
 

I now plan to install and run CCleaner and then defrag my hard drive

If you do make sure you have a good System Restore point. If some this goes wrong you will be able to restore the last good version.
 
Looking at your search for Safe Money I will leave this one just in case it's still good.
 
[HKEY_USERS\S-1-5-21-3904156222-3458198690-710301323-1000\Software\KasperskyLab\AVP16.0.0\SafeBanking]
"LnkName"="C:\Users\User\Desktop\Safe Money.lnk"
===
 
I think it's safe to remove these two references to SafeMoney Warnings
 
[HKEY_USERS\S-1-5-21-3904156222-3458198690-710301323-1000\Software\paint.net]
"File/MostRecent/Path0"="C:\...\Computer & Windows\Kaspersky Internet Security 2015\Problems with Safe Money\Screen shots\Safe Money Warnings.jpg"
[HKEY_USERS\S-1-5-21-3904156222-3458198690-710301323-1000\Software\paint.net]
"File/MostRecent/Path1"="C:\Users\User\Desktop\Safe Money Warnings 2.jpg"

 
How to:
 
Copy the text IN THE CODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 
Windows Registry Editor Version 5.00
 
[b][HKEY_USERS\S-1-5-21-3904156222-3458198690-710301323-1000\Software\paint.net]
"File/MostRecent/Path0"=
[HKEY_USERS\S-1-5-21-3904156222-3458198690-710301323-1000\Software\paint.net]
"File/MostRecent/Path1"=
 
Restart the when completed.
 
You can delete the fixme.reg file when done.
 
How is your Safe money link working now?

#11 The Durango Kid

The Durango Kid
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 16 November 2015 - 10:15 AM

Hello nasdaq,

 

I ran the fixme.reg as instructed, and it changed nothing ...  And considering what these registry entries were, I would have been very surprised if it had solved anything ...

 

Quote:  “I do not use ComboFix as much as I did previously.

Ok, I take that as you don’t know ComboFix, because otherwise you would have been able to answer my question ( underlined ) in point 2nd:

 

And since you did not answer point 3rd:  at all,  you probably don’t know either what FRST.EXE is doing exactly ...  Because otherwise it would have been easy to answer the question underlined in that point.

 

I am not blaming you or trying to piss you off, because I am grateful for your help ...  But you need to understand that these questions are important to me ...  For several reasons ...  One of them is that I need to decide if you’re just fishing or you actually know where you are going ...   Another one, more important, is that I need to understand what is going on in order to be able to make decisions about the situation ( do I just ignore this symptom ?  Do I seek help elsewhere ?  Should I format and reinstall Win 7 ? ) ...

 

Maybe I’m wrong about your ability to help me in this situation, but I really can’t tell for sure, because you don’t answer my questions ...  I didn’t need all the technical details, just and update about what you know or think ...  So after all these exchanges between us, I still have no idea what the messages from Safe Money are, and if I can safely ignore them, or if some additional steps are required from the ComboFix log ...

 

So I think it’s better that we close this topic now ...

Anyway, I thank you for your time and trying to help me ...

 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,167 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:07 AM

Posted 17 November 2015 - 08:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users