Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Name:HEU_AEGISCS986 and more.


  • This topic is locked This topic is locked
6 replies to this topic

#1 Eyedawg

Eyedawg

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nelson BC
  • Local time:07:25 PM

Posted 13 November 2015 - 06:08 PM

Hi!

I've had very sluggish behavior especially when using Chrome. Lots of RAM in use and high CPU usage for no obvious reason. 

Running FRST seems to have caused Trend Micro to wake up from a coma. It took me a couple of tries to get FRST to run all the way through. I'll paste in the logs from both:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Ivan (administrator) on EYEDAWG (13-11-2015 14:36:11)
Running from C:\Users\Ivan\Downloads
Loaded Profiles: Ivan (Available Profiles: Ivan & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Griffin Technology) C:\Program Files (x86)\Griffin Technology\PowerMate\PowerMate.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266688 2015-05-03] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)
HKLM-x32\...\Run: [SigmatelSysTrayApp] => C:\Windows\stsystra.exe [282624 2006-07-27] (SigmaTel, Inc.)
HKLM\...\RunOnce: [DCERegBootClean64] => C:\Windows\RegBootClean64.exe [399360 2015-11-13] (Trend Micro Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\...\Run: [PowerMate] => C:\Program Files (x86)\Griffin Technology\PowerMate\PowerMate.exe [385024 2007-12-07] (Griffin Technology)
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4327632 2015-11-05] (Unified Intents AB)
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84
Tcpip\..\Interfaces\{BFB6CFD7-3A1F-4278-B886-3BCF746027BB}: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-746234127-4004704579-3731223486-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\java\jre1.8.0_65\bin\ssv.dll [2015-11-05] (Oracle Corporation)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-05] (Oracle Corporation)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-05] (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-05] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-17] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-04-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-17] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-04-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-746234127-4004704579-3731223486-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ivan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-746234127-4004704579-3731223486-1001: @talk.google.com/O1DPlugin -> C:\Users\Ivan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-746234127-4004704579-3731223486-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-746234127-4004704579-3731223486-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ivan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ivan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2015-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2015-08-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-11-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Ivan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Ivan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Ivan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-13]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-17]
CHR Extension: (Google Docs Offline) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-11-21]
CHR Extension: (AllCast Receiver) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2015-11-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Hangouts) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-746234127-4004704579-3731223486-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ivan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-27]
CHR HKU\S-1-5-21-746234127-4004704579-3731223486-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187328 2015-05-03] (Trend Micro Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-04] ()
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad -bt=0 [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-07-20] (Google Inc)
S3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2746624 2010-07-14] (Hewlett-Packard)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [67408 2015-01-29] (Trend Micro Inc.)
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [50232 2011-02-04] (Novation DMS Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 STHDA; C:\Windows\System32\drivers\sthda64.sys [1112064 2006-07-27] (SigmaTel, Inc.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [122440 2015-07-20] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [307352 2015-07-20] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93624 2015-07-20] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
R3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2015-09-09] (Windows ® Win 7 DDK provider)
S3 ALSysIO; \??\C:\Users\Ivan\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-13 14:36 - 2015-11-13 14:36 - 02198528 _____ (Farbar) C:\Users\Ivan\Downloads\FRST64.exe
2015-11-13 14:36 - 2015-11-13 14:36 - 00024561 _____ C:\Users\Ivan\Downloads\FRST.txt
2015-11-13 14:27 - 2015-11-13 14:33 - 00004764 _____ C:\Windows\RegBootClean64.CFG
2015-11-13 14:25 - 2015-11-13 14:36 - 00000000 ____D C:\FRST
2015-11-13 13:12 - 2015-11-13 13:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-13 13:12 - 2015-11-13 13:12 - 00002090 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-13 13:12 - 2015-11-13 13:12 - 00002090 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2015-11-07 11:56 - 2015-11-07 11:56 - 00000000 ____D C:\$WINDOWS.~BT
2015-11-07 11:23 - 2015-11-07 11:24 - 142224664 _____ (Microsoft Corporation) C:\Users\Ivan\Downloads\msert.exe
2015-11-07 10:59 - 2015-11-07 11:02 - 53770968 _____ (Microsoft Corporation) C:\Users\Ivan\Downloads\Windows-KB890830-x64-V5.29.exe
2015-11-07 09:41 - 2015-11-07 09:41 - 00000000 ___HD C:\$Windows.~WS
2015-11-07 09:41 - 2015-11-07 09:41 - 00000000 ____D C:\Win 10 test
2015-11-06 18:04 - 2015-11-06 18:04 - 00006144 ____N C:\bootex.log
2015-11-05 20:06 - 2010-11-20 04:40 - 00383786 __RSH C:\bootmgr
2015-11-05 15:16 - 2015-11-05 15:17 - 00000000 ____D C:\Waves
2015-11-05 15:16 - 2015-11-05 15:16 - 00000000 ____D C:\Personal
2015-11-05 15:07 - 2015-11-05 15:07 - 00000000 ____D C:\Archives
2015-11-05 15:05 - 2015-11-05 15:05 - 00000000 ____D C:\Users\Ivan\Documents\Electrical
2015-11-05 15:01 - 2015-11-05 15:01 - 00000000 ____D C:\Users\Ivan\Documents\Manuals
2015-11-05 14:56 - 2014-09-22 10:39 - 00021064 _____ C:\Users\Ivan\Documents\Green Light invoice Sept 22, 2014.ods
2015-11-05 14:55 - 2012-01-19 18:24 - 00000043 _____ C:\Users\Ivan\Documents\tracks to get!.txt
2015-11-05 14:55 - 2011-05-07 14:10 - 00002337 _____ C:\Users\Ivan\Documents\tracks to get - Annie Nightingale.txt
2015-11-05 14:55 - 2007-12-03 20:23 - 00001471 _____ C:\Users\Ivan\Documents\Tool - 46 & 2.txt
2015-11-05 14:52 - 2015-11-05 14:56 - 00000000 ____D C:\Users\Ivan\Documents\Reading
2015-11-05 14:52 - 2015-11-05 14:52 - 00000000 ____D C:\Users\Ivan\Documents\Resume
2015-11-05 14:51 - 2015-11-05 15:05 - 00000000 ____D C:\Users\Ivan\Documents\Phone sounds
2015-11-05 14:51 - 2015-11-05 14:51 - 00000000 ____D C:\Users\Ivan\Documents\Radio Communications
2015-11-05 14:42 - 2015-11-05 14:42 - 00000000 ____D C:\Breath of Summer
2015-11-05 13:58 - 2015-11-05 13:55 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-25 20:30 - 2015-10-25 20:30 - 00000000 ____D C:\Program Files (x86)\Acer Inc
2015-10-25 20:02 - 2015-10-25 20:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01005.Wdf
2015-10-25 16:35 - 2015-10-25 16:35 - 00000000 ____D C:\Users\Ivan\.android
2015-10-25 16:35 - 2015-10-25 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-10-25 16:18 - 2015-10-25 16:18 - 00000000 ____D C:\Users\Ivan\AppData\Local\Android
2015-10-25 16:08 - 2015-10-25 16:08 - 00000000 ____D C:\Program Files\Android
2015-10-25 15:03 - 2015-11-05 13:56 - 00000000 ____D C:\Users\Ivan\.oracle_jre_usage
2015-10-25 15:03 - 2015-10-25 15:03 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Sun
2015-10-25 14:57 - 2015-11-05 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-10-17 16:10 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-17 16:10 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-17 16:10 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-17 16:10 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-17 16:09 - 2015-09-18 11:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-17 16:09 - 2015-09-18 10:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-17 16:09 - 2015-09-15 20:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-17 16:09 - 2015-09-15 20:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-17 16:09 - 2015-09-15 20:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-17 16:09 - 2015-09-15 20:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-17 16:09 - 2015-09-15 20:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-17 16:09 - 2015-09-15 20:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-17 16:09 - 2015-09-15 20:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-17 16:09 - 2015-09-15 20:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-17 16:09 - 2015-09-15 20:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-17 16:09 - 2015-09-15 20:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-17 16:09 - 2015-09-15 20:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-17 16:09 - 2015-09-15 20:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-17 16:09 - 2015-09-15 20:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-17 16:09 - 2015-09-15 20:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-17 16:09 - 2015-09-15 20:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-17 16:09 - 2015-09-15 20:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-17 16:09 - 2015-09-15 20:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-17 16:09 - 2015-09-15 20:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-17 16:09 - 2015-09-15 19:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-17 16:09 - 2015-09-15 19:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-17 16:09 - 2015-09-15 19:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-17 16:09 - 2015-09-15 19:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-17 16:09 - 2015-09-15 19:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-17 16:09 - 2015-09-15 19:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-17 16:09 - 2015-09-15 19:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-17 16:09 - 2015-09-15 19:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-17 16:09 - 2015-09-15 19:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-17 16:09 - 2015-09-15 19:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-17 16:09 - 2015-09-15 19:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-17 16:09 - 2015-09-15 19:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-17 16:09 - 2015-09-15 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-17 16:09 - 2015-09-15 19:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-17 16:09 - 2015-09-15 19:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-17 16:09 - 2015-09-15 19:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-17 16:09 - 2015-09-15 19:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-17 16:09 - 2015-09-15 19:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-17 16:09 - 2015-09-15 19:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-17 16:09 - 2015-09-15 19:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-17 16:09 - 2015-09-15 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-17 16:09 - 2015-09-15 19:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-17 16:09 - 2015-09-15 19:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-17 16:09 - 2015-09-15 19:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-17 16:09 - 2015-09-15 19:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-17 16:09 - 2015-09-15 19:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-17 16:09 - 2015-09-15 19:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-17 16:09 - 2015-09-15 19:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-17 16:09 - 2015-09-15 19:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-17 16:09 - 2015-09-15 19:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-17 16:09 - 2015-09-15 19:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-17 16:09 - 2015-09-15 19:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-17 16:09 - 2015-09-15 19:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-17 16:09 - 2015-09-15 19:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-17 16:09 - 2015-09-15 18:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-17 16:09 - 2015-09-15 18:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-17 16:09 - 2015-09-15 18:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-17 16:09 - 2015-09-15 18:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-17 16:09 - 2015-09-15 18:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-17 16:09 - 2015-09-15 18:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-17 16:09 - 2015-09-15 18:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-17 16:09 - 2015-09-15 18:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-17 16:09 - 2015-09-15 18:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-17 16:09 - 2015-09-15 18:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-17 16:08 - 2015-09-25 10:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-17 16:08 - 2015-09-25 10:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-17 16:08 - 2015-09-25 10:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-17 16:08 - 2015-09-25 10:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-17 16:08 - 2015-09-25 10:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-17 16:08 - 2015-09-25 10:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-17 16:08 - 2015-09-25 10:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-17 16:08 - 2015-09-25 10:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-17 16:08 - 2015-09-25 10:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-17 16:08 - 2015-09-25 10:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-17 16:08 - 2015-09-25 10:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-17 16:08 - 2015-09-25 09:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-17 16:08 - 2015-09-25 09:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-17 16:08 - 2015-09-25 09:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-17 16:08 - 2015-09-25 09:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-17 16:08 - 2015-09-25 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-17 16:07 - 2015-09-28 19:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-17 16:07 - 2015-09-28 19:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-17 16:07 - 2015-09-28 19:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-17 16:07 - 2015-09-28 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-17 16:07 - 2015-09-28 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-17 16:07 - 2015-09-28 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-17 16:07 - 2015-09-28 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-17 16:07 - 2015-09-28 19:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-17 16:07 - 2015-09-28 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-17 16:07 - 2015-09-28 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-17 16:07 - 2015-09-28 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-17 16:07 - 2015-09-28 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-17 16:07 - 2015-09-28 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-17 16:07 - 2015-09-28 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-17 16:07 - 2015-09-28 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-17 16:07 - 2015-09-28 19:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-17 16:07 - 2015-09-28 19:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-17 16:07 - 2015-09-28 19:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-17 16:07 - 2015-09-28 18:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-17 16:07 - 2015-09-28 18:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-17 16:07 - 2015-09-28 18:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-17 16:07 - 2015-09-28 18:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-17 16:07 - 2015-09-28 18:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-17 16:07 - 2015-09-28 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-17 16:07 - 2015-09-28 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-17 16:07 - 2015-09-28 18:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-17 16:07 - 2015-09-28 18:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-17 16:07 - 2015-09-28 18:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-17 16:07 - 2015-09-28 18:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-17 16:07 - 2015-09-28 18:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-17 16:07 - 2015-09-28 18:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 17:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-17 16:07 - 2015-09-28 17:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-17 16:07 - 2015-09-28 17:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-17 16:07 - 2015-09-28 17:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-17 16:07 - 2015-09-28 17:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 17:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 17:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-17 16:07 - 2015-09-28 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-17 16:07 - 2015-09-15 10:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-17 16:07 - 2015-09-15 10:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-17 16:07 - 2015-09-15 10:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-17 16:07 - 2015-09-15 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-17 16:07 - 2015-09-15 10:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-17 16:07 - 2015-09-15 10:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-17 16:07 - 2015-09-15 10:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-17 16:07 - 2015-09-15 10:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-17 16:07 - 2015-09-15 10:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-17 16:07 - 2015-09-15 09:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-17 16:07 - 2015-09-15 09:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-17 16:07 - 2015-09-15 09:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-17 16:07 - 2015-09-15 09:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-17 16:06 - 2015-09-28 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-17 16:06 - 2015-09-28 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-17 16:06 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-17 16:06 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-17 16:06 - 2015-09-28 18:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-17 16:06 - 2015-09-28 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-17 16:06 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-17 16:06 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-17 16:06 - 2015-09-28 17:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-17 16:03 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-17 16:03 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-17 16:03 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-17 16:03 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-17 16:03 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-17 16:03 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-17 16:03 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-17 16:03 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-17 16:03 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-13 14:33 - 2013-11-25 12:17 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-11-13 14:28 - 2011-04-03 17:53 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746234127-4004704579-3731223486-1001UA.job
2015-11-13 14:25 - 2011-04-03 15:13 - 01218130 _____ C:\Windows\WindowsUpdate.log
2015-11-13 14:08 - 2009-07-13 20:45 - 00009936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-13 14:08 - 2009-07-13 20:45 - 00009936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-13 14:03 - 2015-09-25 11:41 - 00002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-13 14:03 - 2015-09-25 11:41 - 00002226 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-11-13 14:03 - 2014-08-18 21:36 - 00000010 _____ C:\Users\Ivan\AppData\Local\sponge.last.runtime.cache
2015-11-13 14:03 - 2013-05-27 06:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-13 13:58 - 2013-05-27 06:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-13 13:13 - 2014-12-23 22:48 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-13 13:12 - 2011-04-04 19:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-13 13:12 - 2011-04-04 19:39 - 00000000 ____D C:\ProgramData\Adobe
2015-11-13 13:03 - 2009-07-13 21:13 - 00798094 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-13 12:59 - 2015-01-14 23:50 - 00000000 ____D C:\ProgramData\Unified Remote
2015-11-13 12:58 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-13 12:57 - 2012-11-18 01:24 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-13 12:57 - 2009-07-13 20:51 - 00129240 _____ C:\Windows\setupact.log
2015-11-07 11:55 - 2011-04-03 16:05 - 00000000 ____D C:\Windows\Panther
2015-11-06 18:09 - 2015-01-14 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
2015-11-06 18:09 - 2015-01-14 23:50 - 00000000 ____D C:\Program Files (x86)\Unified Remote 3
2015-11-05 20:28 - 2013-05-27 07:00 - 00000000 ___RD C:\Users\Ivan\Google Drive
2015-11-05 15:28 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-11-05 14:56 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-05 14:10 - 2011-05-07 10:01 - 00000000 ____D C:\Program Files\java
2015-11-05 13:58 - 2014-10-22 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-05 13:58 - 2014-10-22 16:50 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-05 13:56 - 2014-11-03 19:12 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-11-05 13:27 - 2014-10-17 15:34 - 33438798 _____ C:\Windows\PFRO.log
2015-11-05 12:38 - 2011-04-03 17:53 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746234127-4004704579-3731223486-1001Core.job
2015-10-26 08:32 - 2011-04-27 14:24 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
2015-10-25 20:30 - 2011-04-03 19:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-25 16:35 - 2011-04-03 15:13 - 00000000 ____D C:\Users\Ivan
2015-10-25 15:06 - 2014-12-04 15:38 - 00000000 ____D C:\Users\Ivan\Documents\AirDroid
2015-10-18 14:01 - 2013-05-27 06:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-18 02:25 - 2013-09-07 14:38 - 00000000 ____D C:\Windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2011-01-18 00:50 - 2011-01-18 00:50 - 132609310 _____ () C:\Program Files\openofficeorg1.cab
2011-01-18 00:53 - 2011-01-18 00:53 - 2994688 _____ () C:\Program Files\openofficeorg33.msi
2011-01-18 00:05 - 2011-01-18 00:05 - 0000290 _____ () C:\Program Files\setup.ini
2011-06-06 10:51 - 2011-06-06 10:51 - 1569316 _____ () C:\Program Files\winrar-x64-401.exe
2014-10-23 04:43 - 2014-10-23 04:44 - 6000640 _____ () C:\Program Files (x86)\GUT511D.tmp
2014-11-15 14:49 - 2014-11-15 14:50 - 6000640 _____ () C:\Program Files (x86)\GUTE527.tmp
2011-04-03 17:41 - 2011-04-03 17:41 - 0543024 _____ (Microsoft Corporation) C:\Program Files (x86)\IE9-Windows7-x64-enu.exe
2014-01-11 23:51 - 2014-01-11 23:51 - 0000132 _____ () C:\Users\Ivan\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-03-19 13:11 - 2012-03-19 13:11 - 0001456 _____ () C:\Users\Ivan\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-02-16 16:43 - 2015-09-13 20:37 - 0108906 _____ () C:\Users\Ivan\AppData\Local\ars.cache
2012-02-16 16:48 - 2015-09-13 20:38 - 7399804 _____ () C:\Users\Ivan\AppData\Local\census.cache
2011-06-17 15:18 - 2011-06-17 15:18 - 0003584 _____ () C:\Users\Ivan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-12 20:18 - 2015-09-13 21:19 - 0000036 _____ () C:\Users\Ivan\AppData\Local\housecall.guid.cache
2013-01-31 19:58 - 2013-01-31 20:16 - 0000600 _____ () C:\Users\Ivan\AppData\Local\PUTTY.RND
2012-11-10 14:00 - 2015-02-22 17:52 - 1075663 _____ () C:\Users\Ivan\AppData\Local\soulseek-client.dat
2014-08-18 21:36 - 2015-11-13 14:03 - 0000010 _____ () C:\Users\Ivan\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
C:\Users\Ivan\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ivan\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Ivan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ivan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ivan\AppData\Local\Temp\tmp3436aaaaaa.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\nvwgf2um.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2011-04-03 12:06
 
==================== End of FRST.txt ============================
 
Trend Micro Log:
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:27:32
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
TSC_GENCLEAN[virus found]
 
-->delete file("C:\Users\Ivan\Downloads\FRST64.exe","","") success
 
-->reboot modify registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\Policies\System","EnableLUA") success
 
-->reboot modify registry data("HKEY_CURRENT_USER","SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","SuperHidden") success
 
-->reboot modify registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Internet Settings","ProxyOverride") success
 
-->reboot modify registry data("HKEY_LOCAL_MACHINE","SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system","ConsentPromptBehaviorAdmin") success
 
-->reboot modify registry data("HKEY_LOCAL_MACHINE","SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system","PromptOnSecureDesktop") success
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
 
 
Complete time : Fri Nov 13 2015 14:27:56
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:27:56
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
TSC_GENCLEAN[virus found]
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:C:\Users\Ivan\Downloads\FRST64.exe 
 
 
 
Complete time : Fri Nov 13 2015 14:28:10
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:28:10
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
TSC_GENCLEAN[virus found]
 
-->delete file("c:\windows\mod_frst.exe","","") success
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
 
 
Complete time : Fri Nov 13 2015 14:28:19
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:28:19
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
TSC_GENCLEAN[virus found]
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_AEGISCS986,Virus File Path:c:\windows\mod_frst.exe 
 
 
 
Complete time : Fri Nov 13 2015 14:28:26
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:30:10
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
TSC_GENCLEAN[virus found]
 
-->delete file("C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1]","","") success
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
 
 
Complete time : Fri Nov 13 2015 14:30:38
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:30:38
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
TSC_GENCLEAN[virus found]
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPMD3FM0\up64[1] 
 
 
 
Complete time : Fri Nov 13 2015 14:31:04
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:31:04
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
TSC_GENCLEAN[virus found]
 
-->delete file("C:\FRST\users00","","") success
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
 
 
Complete time : Fri Nov 13 2015 14:31:27
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:31:27
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
TSC_GENCLEAN[virus found]
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\FRST\users00 
 
 
 
Complete time : Fri Nov 13 2015 14:31:45
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:31:45
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
TSC_GENCLEAN[virus found]
 
-->delete file("C:\Users\Ivan\Downloads\Addition.txt","","") success
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
 
 
Complete time : Fri Nov 13 2015 14:32:07
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:32:07
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
TSC_GENCLEAN[virus found]
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\Addition.txt 
 
 
 
Complete time : Fri Nov 13 2015 14:32:25
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:32:25
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
TSC_GENCLEAN[virus found]
 
-->delete file("C:\Users\Ivan\Downloads\FRST.txt","","") success
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
 
 
Complete time : Fri Nov 13 2015 14:32:46
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 
Damage Cleanup Engine (DCE)  7.5(Build 1035)
 
Windows 7(Build 7601: Service Pack 1)
 
 
Start time : Fri Nov 13 2015 14:32:46
 
 
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\TMRDCT.ptn" (version ) [fail]
 
Load Damage Cleanup Template (DCT) "C:\Program Files\Trend Micro\AMSP\module\10002\3.5.1186\7.5.1035\tsc.ptn" (version 1484) [success]
 
GenericClean::Pattern:WORM_DOWNAD,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:PE_PATCHEP.A,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:BKDR_TIDIES,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:TROJ_REVETON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:WORM_GAMARUE,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:BKDR_POISON,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:PE_QUERVAR,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:BKDR_PLUGX,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:LNK_DORKBOT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:BREX_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:VBS_CRIGENT,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:TROJ_LNKCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:PE_URSNIF-INF,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:File_SCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
GenericClean::Pattern:TSC_GENSCAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
TSC_GENCLEAN[virus found]
 
GenericClean::Pattern:TSC_GENCLEAN,Virus Name:HEU_CDPLC024,Virus File Path:C:\Users\Ivan\Downloads\FRST.txt 
 
 
 
Complete time : Fri Nov 13 2015 14:33:04
 
Execute pattern count(16), Virus found count(1), Virus clean count(1), Clean failed count(0)
 
 
 

Thanks for your help!


Edited by Eyedawg, 13 November 2015 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 Eyedawg

Eyedawg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nelson BC
  • Local time:07:25 PM

Posted 13 November 2015 - 06:19 PM

is the attachment working?

Attached Files



#3 Eyedawg

Eyedawg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nelson BC
  • Local time:07:25 PM

Posted 13 November 2015 - 07:14 PM

after doing some reading apparently Trend Micro has given me a bunch of false positives. I'll shut it off for any other tools.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 PM

Posted 18 November 2015 - 10:05 AM


You are running the Farbar tool from this folder in bold C:\Users\Ivan\Downloads
Move of copy the file to your Desktop.
Place the Fixlist.txt file you will create on the Desktop also.

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-746234127-4004704579-3731223486-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ivan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad -bt=0 [X]
S3 ALSysIO; \??\C:\Users\Ivan\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U2 TMAgent; no ImagePath
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {9CCEA29A-56F6-4D8F-A94B-3AF2157C62CE} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\Ivan\AppData\Local\Temp\Mpy.exe <==== ATTENTION
C:\Users\Ivan\AppData\Local\Temp\Mpy.exe
C:\Users\Ivan\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ivan\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Ivan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ivan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ivan\AppData\Local\Temp\tmp3436aaaaaa.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

How is the is the computer running now?

#5 Eyedawg

Eyedawg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nelson BC
  • Local time:07:25 PM

Posted 22 November 2015 - 06:40 PM

oohhh seems to be running quite a bit better now. It's handling soundcloud for a while now without getting bogged down like it was before. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Ivan (2015-11-22 12:47:52) Run:1
Running from C:\Users\Ivan\Desktop
Loaded Profiles: Ivan (Available Profiles: Ivan & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-746234127-4004704579-3731223486-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ivan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad -bt=0 [X]
S3 ALSysIO; \??\C:\Users\Ivan\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U2 TMAgent; no ImagePath
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {9CCEA29A-56F6-4D8F-A94B-3AF2157C62CE} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\Ivan\AppData\Local\Temp\Mpy.exe <==== ATTENTION
C:\Users\Ivan\AppData\Local\Temp\Mpy.exe
C:\Users\Ivan\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ivan\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Ivan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ivan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ivan\AppData\Local\Temp\tmp3436aaaaaa.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-746234127-4004704579-3731223486-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => not found.
C:\Users\Ivan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn" => key removed successfully
Amsp => service removed successfully
ALSysIO => service removed successfully
BTCFilterService => service removed successfully
motandroidusb => service removed successfully
motccgp => service removed successfully
motccgpfl => service removed successfully
motmodem => service removed successfully
MotoSwitchService => service removed successfully
Motousbnet => service removed successfully
motusbdevice => service removed successfully
TMAgent => service removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-746234127-4004704579-3731223486-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CCEA29A-56F6-4D8F-A94B-3AF2157C62CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CCEA29A-56F6-4D8F-A94B-3AF2157C62CE}" => key removed successfully
C:\Windows\System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}" => key removed successfully
"C:\Users\Ivan\AppData\Local\Temp\Mpy.exe" => not found.
C:\Users\Ivan\AppData\Local\Temp\jre-8u31-windows-au.exe => moved successfully
C:\Users\Ivan\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
C:\Users\Ivan\AppData\Local\Temp\Quarantine.exe => moved successfully
C:\Users\Ivan\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Ivan\AppData\Local\Temp\tmp3436aaaaaa.exe => moved successfully
EmptyTemp: => 3.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:51:25 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 PM

Posted 23 November 2015 - 07:45 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 PM

Posted 29 November 2015 - 09:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users