Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shopperz trojan keeps coming back with each reinstallation


  • This topic is locked This topic is locked
10 replies to this topic

#1 uberdorf

uberdorf

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 12 December 2015 - 07:10 PM

I've been having recurring problems with the Shopperz trojan in Windows 10.  Each time I reinstall Windows, it comes back.  I find Shopperz by scanning Windows with ClamTK (GUI for ClamAV) from a linux partition. 

 

So last time I reinstalled Windows, I scanned after each change I made.  I started with a backup that I made yesterday from a backup I made a year ago.  This backup is basic Windows 7 that is up to date on updates as of 11 Dec 2015, Comodo Security Suite, and Chrome.  I can't think of anything else extra in the backup.  So after restoring Windows 7 from the backup, I made a linux partition and scanned Windows with ClamTK.  Windows 7 was clean.  Next I upgraded to Windows 10 without visiting any webpages or installing anything else, and scanned again.  This time ClamTK found the Shopperz trojan.  So I'm wondering if Microsoft made a change to dnsapi.dll that is just enough of an intrusion to register as Malware?  I also tried scanning the Windows 10 partition with Comodo for Linux, and it came up clean.  So it is just ClamAV that is finding Shopperz malware in Windows 10.

 

Here is the path and ID of the trojan from ClamTK, I just stop the scan after the first trojan is found since it takes several hours to finish...

/media/scott/eMachines/Windows/System32/dnsapi.dll      Win.Trojan.Shopperz-154   

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by admin (administrator) on EMACHINE1 (12-12-2015 17:43:51)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-12-10] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-12-10] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-1542611063-752320771-3650504393-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-01-11]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-12-10]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{189a7ea4-e3e5-4beb-805a-e0a751964664}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1542611063-752320771-3650504393-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361010g406p04c5v195r45l1s211
HKU\S-1-5-21-1542611063-752320771-3650504393-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361010g406p04c5v195r45l1s211
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-1542611063-752320771-3650504393-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS401US401
SearchScopes: HKU\S-1-5-21-1542611063-752320771-3650504393-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS401US401
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
 
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytq5cn4k.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-10] (Google Inc.)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytq5cn4k.default\user.js [2011-01-02]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2010-10-20] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-01-02] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2010-09-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2010-09-14]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-11] [not signed]
FF HKU\S-1-5-21-1542611063-752320771-3650504393-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-09-14]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-09-14]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-10-20]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-09-14]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-10]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-10]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-10]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-10]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-10]
CHR Extension: (Google Play Music) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-12]
CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-10]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-10]
CHR Extension: (Evernote Web Clipper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-12-12]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcfXAudioService; C:\WINDOWS\SysWOW64\ACFXAU64.dll [436736 2015-12-11] (Conexant Systems, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-12-10] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-12-10] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-12-10] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-12-10] (Comodo Security Solutions, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 acfva; C:\Windows\system32\DRIVERS\ACFVA64.sys [123008 2015-12-11] (Conexant Systems Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-25] (Windows ® Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
R3 dgcfltr; C:\Windows\system32\DRIVERS\ACFDCP64.sys [34944 2015-12-11] (Conexant Systems, Inc.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
R2 mdmxsdk; C:\Windows\system32\DRIVERS\ACFSDK64.sys [17024 2015-12-11] (Conexant)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 XAudio; C:\Windows\system32\DRIVERS\ACFXAU64.sys [10240 2015-12-11] (Conexant Systems, Inc.)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 17:43 - 2015-12-12 17:44 - 00016815 _____ C:\Users\admin\Downloads\FRST.txt
2015-12-12 17:43 - 2015-12-12 17:43 - 00000000 ____D C:\FRST
2015-12-12 17:41 - 2015-12-12 17:41 - 00000000 ____D C:\Users\admin\AppData\Local\Comms
2015-12-12 17:40 - 2015-12-12 17:43 - 02369536 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2015-12-12 17:35 - 2015-12-12 17:35 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-12 08:54 - 2015-12-12 07:53 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-12 08:50 - 2015-12-12 08:51 - 00000000 ____D C:\Windows.old
2015-12-12 08:49 - 2015-12-12 08:49 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 19338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 03671896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-12 08:49 - 2015-12-12 08:49 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-12 08:49 - 2015-12-12 08:49 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-12 08:49 - 2015-12-12 08:49 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-12 08:49 - 2015-12-12 08:49 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-12 08:49 - 2015-12-12 08:49 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-12 08:49 - 2015-12-12 08:49 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-12 08:49 - 2015-12-12 08:49 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-12 08:49 - 2015-12-12 08:49 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-12 08:49 - 2015-12-12 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-12 08:45 - 2015-12-12 08:45 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-12 08:43 - 2015-12-12 08:43 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-12-12 08:43 - 2015-12-12 08:43 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-12-12 08:43 - 2015-12-12 08:43 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-12-12 08:43 - 2015-12-12 08:43 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-12 08:43 - 2015-12-12 08:43 - 00000000 ____D C:\Program Files\MSBuild
2015-12-12 08:43 - 2015-12-12 08:43 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-12 08:43 - 2015-12-12 08:43 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-12 08:43 - 2015-12-12 08:43 - 00000000 ____D C:\inetpub
2015-12-12 08:42 - 2015-10-23 19:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-12 08:42 - 2015-10-23 19:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-12 08:42 - 2015-10-23 19:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-12 08:42 - 2015-10-23 19:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-12 08:42 - 2015-10-23 19:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-12 08:42 - 2015-10-23 19:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-12 08:06 - 2015-11-18 11:16 - 00007884 _____ C:\WINDOWS\system32\Drivers\cmdguard.cat
2015-12-12 08:06 - 2015-08-04 18:32 - 00007471 _____ C:\WINDOWS\system32\Drivers\inspect.cat
2015-12-12 08:06 - 2015-08-04 18:32 - 00007467 _____ C:\WINDOWS\system32\Drivers\cmdhlp.cat
2015-12-12 07:59 - 2015-12-12 08:00 - 00002410 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-12 07:59 - 2015-12-12 08:00 - 00000000 ___RD C:\Users\admin\OneDrive
2015-12-12 07:58 - 2015-12-12 07:58 - 00000000 ____D C:\Users\admin\AppData\Local\AMD
2015-12-12 07:58 - 2015-12-12 07:58 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-12 07:58 - 2015-12-12 07:58 - 00000000 ____D C:\ProgramData\ATI
2015-12-12 07:55 - 2015-12-12 07:55 - 00000000 ____D C:\Users\admin\AppData\Local\ActiveSync
2015-12-12 07:54 - 2015-12-12 17:42 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2015-12-12 07:54 - 2015-12-12 07:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-12 07:54 - 2015-12-12 07:54 - 00000000 ____D C:\Users\admin\AppData\Local\Publishers
2015-12-12 07:53 - 2015-12-12 07:53 - 00000020 ___SH C:\Users\admin\ntuser.ini
2015-12-12 07:53 - 2015-12-12 07:53 - 00000000 ____D C:\Users\admin\AppData\Local\TileDataLayer
2015-12-12 07:52 - 2015-12-12 07:52 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-12 07:52 - 2015-12-12 07:52 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-12 07:52 - 2015-12-12 07:52 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-12 07:52 - 2015-12-12 07:52 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-12 07:52 - 2015-12-12 07:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-12 07:52 - 2015-12-12 07:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-12 07:52 - 2015-12-12 07:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-12 07:52 - 2015-12-12 07:52 - 00000000 ____D C:\ProgramData\USOShared
2015-12-12 07:50 - 2015-12-12 17:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-12 07:50 - 2015-12-12 07:50 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-12 07:22 - 2015-12-12 07:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-12 07:22 - 2015-12-12 07:22 - 00000000 ____D C:\Users\Default\AppData\Local\Windows Live
2015-12-12 07:22 - 2015-12-12 07:22 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-12 07:22 - 2015-12-12 07:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-12 07:22 - 2015-12-12 07:22 - 00000000 ____D C:\Users\Default User\AppData\Local\Windows Live
2015-12-12 07:22 - 2015-12-12 07:22 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-12 07:21 - 2015-12-12 07:21 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-12 07:18 - 2015-12-12 07:18 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-12-12 07:16 - 2015-12-12 17:38 - 01011406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-12 07:16 - 2015-12-12 07:59 - 00000000 ____D C:\Users\admin
2015-12-12 07:16 - 2015-12-12 07:16 - 00000000 _SHDL C:\Users\admin\My Documents
2015-12-12 07:16 - 2015-12-12 07:16 - 00000000 _SHDL C:\Users\admin\Documents\My Videos
2015-12-12 07:16 - 2015-12-12 07:16 - 00000000 _SHDL C:\Users\admin\Documents\My Pictures
2015-12-12 07:16 - 2015-12-12 07:16 - 00000000 _SHDL C:\Users\admin\Documents\My Music
2015-12-12 07:15 - 2015-12-12 07:15 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-12 07:14 - 2015-12-12 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-12-12 07:13 - 2015-12-12 07:23 - 00000000 ____D C:\Program Files\ATI Technologies
2015-12-12 07:13 - 2015-12-12 07:18 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-12-12 07:13 - 2015-12-12 07:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-12 07:13 - 2015-12-12 07:13 - 00000000 ____D C:\ProgramData\AMD
2015-12-12 07:12 - 2015-12-12 07:12 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-12 07:12 - 2015-12-12 07:12 - 00000000 ____D C:\Program Files\Realtek
2015-12-12 07:12 - 2015-12-12 07:12 - 00000000 ____D C:\Program Files\CONEXANT
2015-12-12 07:12 - 2015-12-12 07:12 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-12-12 07:12 - 2015-12-12 07:12 - 00000000 ____D C:\Program Files\AMD
2015-12-12 07:12 - 2015-12-12 07:12 - 00000000 ____D C:\AMD
2015-12-12 07:12 - 2015-12-12 07:12 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-12-12 07:11 - 2015-10-30 01:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-12 07:08 - 2015-12-12 07:46 - 00277744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 06:24 - 2015-12-12 07:51 - 00010449 _____ C:\WINDOWS\diagerr.xml
2015-12-12 06:24 - 2015-12-12 07:51 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-12-12 04:54 - 2015-12-12 04:55 - 07635472 _____ (Microsoft Corporation) C:\Users\admin\Downloads\GetWindows10-pse_ggl.exe
2015-12-12 03:25 - 2015-12-12 03:25 - 00000000 ____D C:\Users\admin\AppData\Local\GWX
2015-12-10 21:21 - 2015-12-10 21:21 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\powertracker.dll
2015-12-10 21:19 - 2015-12-10 21:19 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-12-10 21:18 - 2015-12-10 21:18 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpGroupPolicyExtension.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-10 21:16 - 2015-12-10 21:16 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-10 21:15 - 2015-12-10 21:15 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-12-10 21:14 - 2015-12-10 21:14 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2015-12-10 21:14 - 2015-12-10 21:14 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2015-12-10 21:14 - 2015-12-10 21:14 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2015-12-10 20:27 - 2015-08-04 18:31 - 00127232 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-12-10 19:22 - 2015-12-10 19:22 - 00000000 ___HD C:\VTRoot
2015-12-10 19:12 - 2015-12-10 19:12 - 00000114 _____ C:\WINDOWS\wininit.ini
2015-12-10 19:12 - 2015-12-10 19:12 - 00000000 __SHD C:\Users\admin\AppData\LocalLow\EmieUserList
2015-12-10 19:12 - 2015-12-10 19:12 - 00000000 __SHD C:\Users\admin\AppData\LocalLow\EmieSiteList
2015-12-10 19:12 - 2015-12-10 19:12 - 00000000 __SHD C:\Users\admin\AppData\LocalLow\EmieBrowserModeList
2015-12-10 18:45 - 2015-12-10 18:49 - 217812544 _____ (COMODO) C:\Users\admin\Downloads\cispremium_installer_6100_08.exe
2015-12-10 18:43 - 2015-12-12 07:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-10 18:43 - 2015-12-10 18:43 - 00002224 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-10 18:42 - 2015-12-12 05:47 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 18:41 - 2015-12-12 17:33 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 18:41 - 2015-12-12 07:50 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-10 18:33 - 2015-12-10 18:33 - 00000000 __SHD C:\Users\admin\AppData\Local\EmieUserList
2015-12-10 18:33 - 2015-12-10 18:33 - 00000000 __SHD C:\Users\admin\AppData\Local\EmieSiteList
2015-12-10 18:33 - 2015-12-10 18:33 - 00000000 __SHD C:\Users\admin\AppData\Local\EmieBrowserModeList
2015-12-10 18:27 - 2015-12-10 18:27 - 00927824 _____ (Google Inc.) C:\Users\admin\Downloads\ChromeSetup.exe
2015-12-10 18:14 - 2015-12-12 07:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-12-10 18:14 - 2015-12-10 18:14 - 00002022 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2015-12-10 18:06 - 2015-12-10 18:06 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 17:43 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
2015-12-12 17:43 - 2015-01-24 14:08 - 00005278 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-12-12 17:42 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-12 17:42 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-12 17:41 - 2015-01-24 13:36 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-12-12 17:38 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-12 08:54 - 2015-10-30 01:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-12 08:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-12 08:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-12 08:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-12 08:50 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-12 08:50 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-12 08:50 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-12 08:43 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-12 08:43 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-12 08:43 - 2015-10-30 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-12-12 08:43 - 2015-10-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-12-12 08:43 - 2015-10-30 01:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-12-12 08:43 - 2015-10-30 01:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-12-12 08:43 - 2015-10-30 01:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-12-12 08:43 - 2015-10-30 01:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-12-12 08:43 - 2015-10-30 01:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-12-12 08:43 - 2015-10-30 01:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-12-12 08:43 - 2015-10-30 01:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-12-12 08:43 - 2015-10-30 01:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-12-12 08:43 - 2015-10-30 01:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-12-12 08:43 - 2015-10-30 01:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-12-12 08:43 - 2015-10-30 01:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-12-12 08:43 - 2015-10-30 01:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-12-12 08:43 - 2015-10-30 01:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-12-12 08:43 - 2015-10-30 01:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-12-12 08:43 - 2015-10-30 01:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-12-12 08:12 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-12 08:11 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-12 08:06 - 2015-01-24 14:19 - 00000338 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-12-12 07:54 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-12 07:54 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-12 07:54 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-12 07:54 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-12 07:54 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-12 07:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-12 07:52 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-12 07:51 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-12 07:51 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-12 07:50 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2015-12-12 07:50 - 2015-10-30 01:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-12 07:50 - 2015-01-24 14:42 - 00003506 _____ C:\WINDOWS\System32\Tasks\{EB361302-1AB9-4AF7-A939-FFB1903FC72E}
2015-12-12 07:50 - 2015-01-24 14:19 - 00003456 _____ C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator
2015-12-12 07:50 - 2010-10-18 08:52 - 00004002 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-12 07:48 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-12 07:23 - 2015-01-24 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2015-12-12 07:23 - 2015-01-24 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-12 07:23 - 2015-01-24 13:11 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-12-12 07:23 - 2011-01-11 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-12 07:23 - 2011-01-01 17:24 - 00000000 ____D C:\WINDOWS\SysWOW64\logishrd
2015-12-12 07:23 - 2011-01-01 17:24 - 00000000 ____D C:\WINDOWS\system32\logishrd
2015-12-12 07:23 - 2010-11-21 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2015-12-12 07:23 - 2010-11-03 15:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-12 07:23 - 2010-11-03 15:46 - 00000000 ____D C:\WINDOWS\en
2015-12-12 07:23 - 2010-05-12 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines Documentation
2015-12-12 07:22 - 2009-07-13 21:20 - 00000000 ____D C:\Users\Default.migrated
2015-12-12 07:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-12 07:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-12 07:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-12 07:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-12 07:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-12 07:19 - 2015-01-24 15:58 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-12-12 07:19 - 2015-01-24 15:57 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-12-12 07:19 - 2009-11-24 11:00 - 00000000 ____D C:\WINDOWS\SysWOW64\OEM
2015-12-12 07:18 - 2015-10-30 01:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-12-12 07:18 - 2015-10-30 01:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-12-12 07:18 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\schemas
2015-12-12 07:18 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-12 07:18 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Help
2015-12-12 07:18 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-12 07:18 - 2015-01-24 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-12-12 07:18 - 2009-11-24 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-12 07:18 - 2009-11-24 11:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-12 07:18 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-12 07:18 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-12 07:18 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-12-12 07:15 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-12 07:08 - 2015-10-30 03:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-12 06:33 - 2009-07-13 22:45 - 00009920 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 06:33 - 2009-07-13 22:45 - 00009920 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 06:24 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-12 06:05 - 2015-10-21 02:11 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-12-12 06:05 - 2015-10-21 02:11 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-12-12 06:05 - 2015-10-21 02:11 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-12-12 06:05 - 2015-10-21 02:11 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-12-12 06:05 - 2015-10-21 02:11 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-12-12 06:05 - 2015-10-21 02:11 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-12-11 03:32 - 2010-10-16 07:01 - 00301728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-11 02:35 - 2015-01-24 14:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 01:05 - 2015-01-24 14:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 00:16 - 2009-11-11 05:51 - 00421888 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64C46.dll
2015-12-11 00:16 - 2009-09-02 04:26 - 00123008 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\ACFVA64.sys
2015-12-11 00:16 - 2009-04-29 02:21 - 00436736 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\ACFXAU64.dll
2015-12-11 00:16 - 2009-04-29 02:21 - 00034944 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\ACFDCP64.sys
2015-12-11 00:16 - 2009-04-29 02:21 - 00010240 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\ACFXAU64.sys
2015-12-11 00:16 - 2007-03-15 07:08 - 00017024 _____ (Conexant) C:\WINDOWS\system32\Drivers\ACFSDK64.sys
2015-12-11 00:16 - 2007-03-15 07:07 - 00094208 _____ (Conexant) C:\WINDOWS\SysWOW64\ACFSDK32.dll
2015-12-11 00:08 - 2015-01-24 13:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-11 00:03 - 2010-10-18 10:48 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-10 23:33 - 2011-01-12 16:22 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2015-12-10 20:12 - 2010-10-15 06:03 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2015-12-10 19:25 - 2010-10-18 08:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-10 19:22 - 2015-01-24 13:36 - 00001985 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-12-10 19:20 - 2015-01-25 06:06 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-12-10 19:20 - 2010-11-04 17:05 - 00000000 ____D C:\Program Files (x86)\HP
2015-12-10 19:20 - 2009-11-24 11:20 - 00000000 ____D C:\ProgramData\WildTangent
2015-12-10 19:20 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-10 19:19 - 2009-11-24 11:36 - 00000000 ____D C:\ProgramData\Nero
2015-12-10 19:17 - 2010-10-16 07:06 - 00000000 ____D C:\Users\internet
2015-12-10 19:15 - 2009-11-24 11:36 - 00000000 ____D C:\Program Files (x86)\Nero
2015-12-10 19:11 - 2011-01-01 17:24 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2015-12-10 19:09 - 2011-01-01 17:23 - 00000000 ____D C:\Program Files (x86)\Logitech
2015-12-10 19:08 - 2010-10-23 01:05 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-10 19:05 - 2015-01-24 15:31 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-12-10 19:01 - 2015-01-25 03:23 - 00000000 ____D C:\Program Files\GIMP 2
2015-12-10 19:00 - 2009-11-24 11:33 - 00000000 ____D C:\Program Files\eMachines
2015-12-10 19:00 - 2009-11-24 11:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-10 18:57 - 2009-11-24 11:20 - 00000000 ____D C:\Program Files (x86)\eMachines Games
2015-12-10 18:47 - 2010-10-30 09:49 - 00000000 ____D C:\ProgramData\Apple
2015-12-10 18:43 - 2009-11-24 11:35 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-10 18:41 - 2010-10-15 04:34 - 00084072 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-10 18:40 - 2010-10-15 04:47 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-10 18:21 - 2009-11-24 11:42 - 00000000 ____D C:\ProgramData\Adobe
2015-12-10 18:19 - 2010-10-28 23:34 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2015-12-10 18:07 - 2011-01-11 17:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate
2015-11-18 11:14 - 2014-12-09 00:20 - 00828144 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-11-18 11:14 - 2014-12-09 00:20 - 00021720 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
 
==================== Files in the root of some directories =======
 
2010-11-04 16:56 - 2015-12-10 19:20 - 0004248 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-12 07:08
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 12 December 2015 - 09:10 PM

Hi uberdorf :)

My name is Aura and I'll be working with you on that issue. Please give me a few hours to analyse your logs, and I'll get back at you as soon as possible.

Thank you!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 13 December 2015 - 11:09 AM

Hi uberdorf :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • Finally, in the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Personally, I think that we are dealing with a false positive here, where ClamAV is wrongly detecting dnsapi.dll as "Trojan.Shopperz". It happens to every Antivirus and Antimalware to have false positive detections from time to time, and these are usually fixed pretty quickly if these are reported to the developers. The best proof to illustrate my theory is this line in your FRST log.
 
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
This line indicates that the dnsapi.dll file in your system32 folder have a legitimate MD5 (and therefore, is a legitimate, signed file by Microsoft Corporation). This is the same file that ClamAV is detecting according to your post.
 
/media/scott/eMachines/Windows/System32/dnsapi.dll      Win.Trojan.Shopperz-154   
As a test, I would like you to upload your dnsapi.dll file to VirusTotal, and see how many Antivirus vendors detects it :)

5KB3EXa.pngUpload a file on VirusTotal
  • Open your favorite web browser, and go on virustotal.com;
  • From there, click on the Select a file button and wait for the Windows Explorer to open;
  • Browse to C:\Windows\system32, select dnsapi.dll and click on Open;
  • Once it's done, click on the Analyze button;
  • If you get a message that the file was already analyzed, click on the Re-analyze button;
  • Once done, copy and paste the VirusTotal report URL in your next reply;
Also, we'll search your system for any "dnsapi.dll" file present on it, and I'll provide you some explanations on what they are and what their purpose is, alright? :) Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - File Search Mode
Follow the instructions below to execute a file search on your system using FRST, and provide the log in your next reply.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • In the Search area, copy and paste the following;
    *dnsapi*
  • Once done, click on the Search files button, and wait for FRST to finish its search;
  • On completion, a log will open. Copy and paste it's content in your next reply;
I don't see anything wrong in the logs you provided, except for an empty Run entry that we can remove by precaution. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    HKLM-x32\...\Run: [] => [X]
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;
Your next reply should contain:
  • URL to the VirusTotal report of dnsapi.dll;
  • Copy/pasted content of the FRST search log for dnsapi.dll;
  • Copy/pasted content of the FRST fix log;[/*
  • Your thoughts on what I explained about ClamAV wrongly detecting dnsapi.dll as Trojan.Shopperz (false positive);

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 uberdorf

uberdorf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 13 December 2015 - 12:07 PM

Thank you for the quick reply.  The first place I posted about this issue was on a linux forum where I asked if anyone knew how dnsapi.dll had changed from Windows 7 to Windows 10 so that it would be identified as malware in Windows 10 but not Windows 7.  I'm wondering if it became a little more intrusive regarding privacy in Windows 10, like so many other things Microsoft did for Windows 10?  I will only follow advice on what to do here rather than the linux forum though, if anyone even suggests anything on that forum which I doubt because I only asked for information at that forum and not advice.

 

***Here is the URL to the report at VirusTotal.  Interestingly the only positive at that site was from Antiy-AVL and not ClamAV for some reason.

*** https://www.virustotal.com/en/file/ff499d74498ccee07d1edaba1b23dbc7156fba6fda4960a81d54cb4cfe5ba76c/analysis/1450024527/

 

***Here is FRST log for *dnsapi*

***
Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by admin (2015-12-13 10:38:06)
Running from C:\Users\admin\Downloads
Boot Mode: Normal
 
================== Search Files: "*dnsapi*" =============
 
C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2015-01-24 18:08][2015-01-24 18:08] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD [File not signed]
 
C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2015-01-24 18:08][2015-01-24 18:08] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File not signed]
 
C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2015-01-24 15:52][2015-01-24 15:52] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41 [File not signed]
 
C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_234809c32cf5e8cc\dnsapi.dll.mui
[2009-07-13 23:35][2009-07-13 20:05] 0013312 ____A (Microsoft Corporation) DA4F4927E92DC21B14A42EE59F7038D4 [File not signed]
 
C:\Windows.old\Windows\winsxs\Backup\amd64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_18f35f70f89526d1_dnsapi.dll.mui_97465f8a
[2009-07-13 23:37][2009-07-13 23:37] 0013312 ____A (Microsoft Corporation) 403D6557D10BF26AE3514A0F468F8C26 [File not signed]
 
C:\Windows.old\Windows\winsxs\Backup\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6_dnsapi.dll_c81f5791
[2015-01-24 22:59][2015-01-24 19:27] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File not signed]
 
C:\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_234809c32cf5e8cc_dnsapi.dll.mui_97465f8a
[2009-07-13 23:37][2009-07-13 23:37] 0013312 ____A (Microsoft Corporation) DA4F4927E92DC21B14A42EE59F7038D4 [File not signed]
 
C:\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1_dnsapi.dll_c81f5791
[2015-01-24 22:59][2015-01-24 19:27] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File not signed]
 
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2015-01-24 18:08][2015-01-24 18:08] 0357888 ____A (Microsoft Corporation) DCC0888655823103F19EF8FFD330080D [File not signed]
 
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2015-01-24 18:08][2015-01-24 18:08] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File not signed]
 
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2015-01-24 15:52][2015-01-24 15:52] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01 [File not signed]
 
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_18f35f70f89526d1\dnsapi.dll.mui
[2009-07-13 23:35][2009-07-13 20:26] 0013312 ____A (Microsoft Corporation) 403D6557D10BF26AE3514A0F468F8C26 [File not signed]
 
C:\Windows.old\Windows\SysWOW64\dnsapi.dll
[2015-01-24 18:08][2015-01-24 18:08] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File not signed]
 
C:\Windows.old\Windows\SysWOW64\en-US\dnsapi.dll.mui
[2009-07-13 23:35][2009-07-13 20:05] 0013312 ____A (Microsoft Corporation) DA4F4927E92DC21B14A42EE59F7038D4 [File not signed]
 
C:\Windows.old\Windows\System32\dnsapi.dll
[2015-01-24 18:08][2015-01-24 18:08] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File not signed]
 
C:\Windows.old\Windows\System32\en-US\dnsapi.dll.mui
[2009-07-13 23:35][2009-07-13 20:26] 0013312 ____A (Microsoft Corporation) 403D6557D10BF26AE3514A0F468F8C26 [File not signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_2c65f66b01dd8f12\dnsapi.dll
[2015-10-30 01:18][2015-10-30 01:18] 0535088 ____A (Microsoft Corporation) 2796C0957F6F05A528DD64B8591371B6 [File is digitally signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.10586.0_en-us_ae1d4928dff51358\dnsapi.dll.mui
[2015-10-30 03:01][2015-10-30 03:01] 0072704 ____A (Microsoft Corporation) D095215B4CF6A109D14D8309DA9FE2C1 [File is digitally signed]
 
C:\Windows\WinSxS\Backup\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.10586.0_en-us_a3c89ed6ab94515d_dnsapi.dll.mui_97465f8a
[2015-10-30 03:02][2015-10-30 03:02] 0072704 ____A (Microsoft Corporation) 0E9549C583B02A4D04A21476187AE0E2 [File is digitally signed]
 
C:\Windows\WinSxS\Backup\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_22114c18cd7ccd17_dnsapi.dll_c81f5791
[2015-10-30 01:24][2015-10-30 02:07] 0270510 ____A () 935F462BCD67443265FFE098B693A408 [File not signed]
 
C:\Windows\WinSxS\Backup\wow64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.10586.0_en-us_ae1d4928dff51358_dnsapi.dll.mui_97465f8a
[2015-10-30 03:02][2015-10-30 03:02] 0072704 ____A (Microsoft Corporation) D095215B4CF6A109D14D8309DA9FE2C1 [File is digitally signed]
 
C:\Windows\WinSxS\Backup\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_2c65f66b01dd8f12_dnsapi.dll_c81f5791
[2015-10-30 01:24][2015-10-30 02:08] 0233174 ____A () D61E87D9A47598ADB2078C246D47EABD [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_22114c18cd7ccd17\dnsapi.dll
[2015-10-30 01:18][2015-10-30 01:18] 0686984 ____A (Microsoft Corporation) E7B524818100B0FDE2B057C74B0C0DCD [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.10586.0_en-us_a3c89ed6ab94515d\dnsapi.dll.mui
[2015-10-30 03:01][2015-10-30 03:01] 0072704 ____A (Microsoft Corporation) 0E9549C583B02A4D04A21476187AE0E2 [File is digitally signed]
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-10-30 01:18][2015-10-30 01:18] 0535088 ____A (Microsoft Corporation) 2796C0957F6F05A528DD64B8591371B6 [File is digitally signed]
 
C:\Windows\SysWOW64\en-US\dnsapi.dll.mui
[2015-10-30 03:01][2015-10-30 03:01] 0072704 ____A (Microsoft Corporation) D095215B4CF6A109D14D8309DA9FE2C1 [File is digitally signed]
 
C:\Windows\System32\dnsapi.dll
[2015-10-30 01:18][2015-10-30 01:18] 0686984 ____A (Microsoft Corporation) E7B524818100B0FDE2B057C74B0C0DCD [File is digitally signed]
 
C:\Windows\System32\en-US\dnsapi.dll.mui
[2015-10-30 03:01][2015-10-30 03:01] 0072704 ____A (Microsoft Corporation) 0E9549C583B02A4D04A21476187AE0E2 [File is digitally signed]
 
====== End of Search ======
 
***Here is the FRST fix log
***
Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by admin (2015-12-13 10:46:38) Run:1
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
 
==== End of Fixlog 10:46:38 ====

 

***

I admit that it is possibly a false positive from ClamAV and now Antiy-AVL, since it happened after the upgrade to Windows 10 without any other changes, and since it has been persistant despite a couple of reformats and installations of Windows.  I'm thinking it might be more of a "grey area" positive, in which maybe Microsoft is using that library to collect private information and that is what is causing it to be identified as malware?

 

I don't know enough about this library and any changes to be able to recognize what is going on.



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 13 December 2015 - 03:21 PM

Thank you for the quick reply. The first place I posted about this issue was on a linux forum where I asked if anyone knew how dnsapi.dll had changed from Windows 7 to Windows 10 so that it would be identified as malware in Windows 10 but not Windows 7. I'm wondering if it became a little more intrusive regarding privacy in Windows 10, like so many other things Microsoft did for Windows 10?


I do not have the answer to that sadly. A false positive can occur for a lot of reasons, and since this file (dnsapi.dll) is a core component in Windows' networking, it's possible that ClamAV flagged it wrongly because it had never scanned it before.
 

I will only follow advice on what to do here rather than the linux forum though, if anyone even suggests anything on that forum which I doubt because I only asked for information at that forum and not advice.


That's good :) When you get assisted on BleepingComputer, we ask you to not get assisted anywhere else in the meantime. This is to ensure that you only follow the instructions we give you so we know exactly what is being done on your system and keep track of what needs to be done.
 

***Here is the URL to the report at VirusTotal. Interestingly the only positive at that site was from Antiy-AVL and not ClamAV for some reason.
*** https://www.virustotal.com/en/file/ff499d74498ccee07d1edaba1b23dbc7156fba6fda4960a81d54cb4cfe5ba76c/analysis/1450024527/


It looks like ClamAV have fixed their false positive detection for dnsapi.dll. What you could try is to update your ClamAV definition database, and scan the dnsapi.dll file again to see if it's still detected. Even there, it could still be detected wrongly since you're scanning it from a Linux environment, and not a Windows one.
 

***Here is FRST log for *dnsapi*


You have a lot of dnsapi.dll files on your system (on top of dnsapi.dll.mui, which is another Windows system file), but most of them are from your previous Windows 7 installation (hence why they are located in the windows.old folder). As for the others, they are all legitimate and in the right locations (on top of being signed and have legitimate MD5).
 

***Here is the FRST fix log


The fix worked, good :)
 

I admit that it is possibly a false positive from ClamAV and now Antiy-AVL, since it happened after the upgrade to Windows 10 without any other changes, and since it has been persistant despite a couple of reformats and installations of Windows. I'm thinking it might be more of a "grey area" positive, in which maybe Microsoft is using that library to collect private information and that is what is causing it to be identified as malware?

I don't know enough about this library and any changes to be able to recognize what is going on.


In my opinion, it really is a false positive from ClamAV. And once again, sadly I do not have the answer to that. This being said, I'm sure that reverse engineering a Windows system DLL file is against the EULA, and therefore not allowed. Plus, now a day, if a Windows system file was really malicious, we would know about it :)

Let's run a scan with Malwarebytes, just to confirm that there's nothing wrong with your system. If your dnsapi.dll was indeed patched and malicious, Malwarebytes will detect it.

aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply should include:
  • Your thoughts about what I just said;
  • Copy/pasted content of the Malwarebytes scan log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 uberdorf

uberdorf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 13 December 2015 - 05:12 PM

Thank you for your help.  If there is a threat, apparently it would have to be from Microsoft and there appears to be no legal way to determine that since it is not open-source software.  Here is the MBAM scan result...

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/13/2015
Scan Time: 3:06 PM
Logfile: MBAMresults.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.13.04
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363780
Time Elapsed: 34 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 14 December 2015 - 03:23 PM

Thank you for your help. If there is a threat, apparently it would have to be from Microsoft and there appears to be no legal way to determine that since it is not open-source software.


I can assure you that if the dnsapi.dll file was modified in such a way that it would threaten the users, we would already by aware of it :)
 

Here is the MBAM scan result...


And it cameback clean, therefore, we are done here and I declare your system clean :)

Cleaning of System Restore points and Malware Removal Tools

Now that we don't need the Malware Removal Tools that I made you download, we'll remove them from your system as well as your precedent System Restore points. This will allow us to get rid of what you don't need any more on your system and also remove your precedent System Restore points that could have been infected, damaged and/or corrupted by your infection. To do this, we'll use Delfix by Xplode. This will at the same time create a fresh new Restore Point that you can use in the future if you ever need to.
  • Download Delfix by clicking HERE;
  • Execute Delfix by double-clicking on it;
  • Make sure to check the following checkboxes:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once everything is checked, click on Run;
  • After the program is done running, Notepad will open with a log. Please copy/paste the content of the log here;
Tips, tricks, advices and recommendations

Now that your system is clean, it's time to give you some tips, tricks, advices and recommendations on how to protect your system and prevents you from being infected in the future. Every program recommended below is free to use and therefore you don't have to pay for anything. You are free to follow these recommendations or to ignore them, however for the safety of your system, I strongly suggest you to read all my recommendations and to install the software/program that I recommend below. If you have any questions about one of the points covered in that speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Turning On Automatic Windows Updates

Keeping Windows up to date is one of the first step in having a secure and safe system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Check if there's any Important Updates available
  • Click on your Windows Start Menu then on Control Panel;
  • Click on System and Security then on Windows Update;
  • In the left pane, click on "Check for updates" and wait for the scan to complete;
  • If any Important Updates are available, click on "X Important Updates are available", make sure that they are all checked and click on "Install updates" (Please follow the same steps for the "Recommended Updates" if any are found);
  • Depending on how many updates you have to install and how big they are, that process can take a while. You'll most likely be asked to restart your computer once they are all installed to finish the installation, please do so;
To turn On Automatic Windows Updates
  • Click on your Windows Start Menu then on Control Panel;
  • Click on System and Security then on Windows Update;
  • In the left pane, click on "Change settings";
  • Now you have the choice to select between
    • Install updates automatically (recommended);
    • Download updates but let me choose whether to install them;
    • Check for updates but let me choose whether to download and install them;
  • The best choice in this situation is to pick the first option, "Install updates automatically (recommended)". This will automatically download and install Windows Updates whenever there's new ones without you having to do it manually. When these Windows Updates are installed, if they require a restart, a pop-up box will pop out in the bottom right-corner of your screen telling you to restart your computer now or it will be automatically restarted soon. You can however postpone that restart if you're already working on something else;
  • Make sure to check the "Give me recommended updates the same way I receive important updates" option so Windows Updates will install the Recommended Updates at the same time as your Important Updates;
Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here's a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on BleepingComputer and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 17 December 2015 - 08:02 AM

Hi uberdorf,

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 uberdorf

uberdorf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 18 December 2015 - 07:58 AM

No more questions, thank you for the help.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 18 December 2015 - 07:59 AM

No problem uberdorf, you are welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 18 December 2015 - 10:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users