Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with adware, tracing key keeps coming back


  • This topic is locked This topic is locked
8 replies to this topic

#1 IAmSergiu

IAmSergiu

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 28 December 2015 - 06:26 AM

A few days ago, I have opened up my browser and entered a site, clicked randomly on the page, it redirects me to some adds, "register to some game online", "you are a winner of 1 milion$", stuff like that. I tried removing with a bunch of antimalware software and it keeps coming up, I've run ADW Cleaner and it finds "HKCU/Software/Conduit" as a tracing key, I've deleted it, rescan the system after restart, it says it's not there anymore but after I enter on a random site it appears again.

Please help.

 

Here's the Farbar Recovery Scan Tool logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Sergiu (administrator) on SERGIU-PC (28-12-2015 13:10:25)
Running from C:\Users\Sergiu\Desktop
Loaded Profiles: Sergiu (Available Profiles: Sergiu)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174360 2015-10-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411864 2015-10-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411864 2015-10-02] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\MountPoints2: {a89292a4-9811-11e5-849d-2cd44492da85} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2536191027-2410054101-898883693-1001] => hxxp://unstopp.me/wpad.dat?cb706d0b582824a9903efa348d04da362903020
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{327c0fd1-7b80-4c9d-96e9-19d401285584}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ce324367-b172-4aec-9809-e7a97f471046}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F3E959C3-8239-46BB-B8ED-74B86D2EBEDE}: [NameServer] 193.231.252.1 213.154.124.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2536191027-2410054101-898883693-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2536191027-2410054101-898883693-1001 -> hxxp://www.google.ro/
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-18] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-18] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-11-25] [not signed]
 
Chrome:
=======
CHR Profile: C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Disc Google) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google Search) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-22]
CHR Extension: (Documente Google Offline) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Plăți prin Magazinul web Chrome) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
CHR Extension: (Gmail) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [96128 2015-07-02] (Alps Electric Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-11-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [3352848 2015-12-17] ( Rsupport Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)
R3 FUJ02B1; C:\Windows\System32\drivers\FUJ02B1.sys [24400 2015-06-18] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\drivers\FUJ02E3.sys [29904 2015-06-18] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-27] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 13:10 - 2015-12-28 13:10 - 00017937 _____ C:\Users\Sergiu\Desktop\FRST.txt
2015-12-28 13:10 - 2015-12-28 13:10 - 00000000 ____D C:\FRST
2015-12-28 13:09 - 2015-12-28 13:10 - 02370560 _____ (Farbar) C:\Users\Sergiu\Desktop\FRST64.exe
2015-12-28 00:57 - 2015-12-28 00:58 - 00000000 ____D C:\Users\Sergiu\Desktop\MAC_Slider_C_Sharp_src
2015-12-28 00:57 - 2015-12-28 00:57 - 00037169 _____ C:\Users\Sergiu\Downloads\MAC_Slider_src.zip
2015-12-27 20:47 - 2015-12-27 20:47 - 00027819 _____ C:\Users\Sergiu\Downloads\Marco.Polo.2014.S01.720p.WEBRIP.x264-2HD.torrent
2015-12-27 15:55 - 2015-12-27 15:55 - 00000000 ____D C:\Users\Sergiu\AppData\Local\CrashDumps
2015-12-27 11:14 - 2015-12-27 11:15 - 00000000 ____D C:\Program Files\CCleaner
2015-12-27 11:14 - 2015-12-27 11:14 - 00002860 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-27 11:14 - 2015-12-27 11:14 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-27 11:12 - 2015-12-27 11:12 - 00002777 _____ C:\Users\Sergiu\Downloads\Piriform.CCleaner.Professional.v5.05.5176.Multilingual.Incl.Keymaker-CORE.torrent
2015-12-26 20:38 - 2015-12-26 20:38 - 01743360 _____ C:\Users\Sergiu\Downloads\adwcleaner_5.026.exe
2015-12-26 13:41 - 2015-12-26 13:41 - 00037188 _____ C:\Users\Sergiu\Downloads\The.Martian.2015.720p.BluRay.DD.5.1.x264.RoSubbed-88keyz.torrent
2015-12-26 13:23 - 2015-12-26 13:23 - 00097864 _____ C:\Users\Sergiu\Downloads\Colony.S01E01.720p.WEBRip.x264-BATV.torrent
2015-12-25 19:50 - 2015-12-25 19:50 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-25 19:48 - 2015-12-25 19:48 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-12-25 19:10 - 2015-12-25 19:11 - 00000000 ____D C:\Program Files\Cmder
2015-12-25 19:08 - 2015-12-25 19:09 - 79410601 _____ C:\Users\Sergiu\Downloads\cmder.zip
2015-12-25 18:04 - 2015-12-27 11:39 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-25 18:04 - 2015-12-25 18:40 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-25 18:03 - 2015-12-25 19:49 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-25 17:20 - 2015-12-25 17:20 - 01599336 _____ (Malwarebytes) C:\Users\Sergiu\Downloads\JRT (1).exe
2015-12-25 17:19 - 2015-12-25 17:19 - 01599336 _____ (Malwarebytes) C:\Users\Sergiu\Downloads\JRT.exe
2015-12-25 17:18 - 2015-12-25 19:16 - 11323704 _____ (SurfRight B.V.) C:\Users\Sergiu\Downloads\HitmanPro_x64.exe
2015-12-25 17:18 - 2015-12-25 18:04 - 20834888 _____ C:\Users\Sergiu\Downloads\RogueKiller.exe
2015-12-25 17:17 - 2015-12-25 17:17 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Sergiu\Downloads\iExplore.exe
2015-12-25 17:17 - 2015-12-25 17:17 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Sergiu\Downloads\iExplore64.exe
2015-12-25 17:11 - 2015-12-25 17:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sergiu\Downloads\tdsskiller.exe
2015-12-25 15:32 - 2015-12-25 15:32 - 00000000 ____D C:\Windows\pss
2015-12-25 15:16 - 2015-12-25 18:42 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-25 12:00 - 2015-12-25 12:00 - 00003646 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-12-25 11:55 - 2015-12-25 11:55 - 00000499 _____ C:\Users\Sergiu\Downloads\Appsdiagnostic10.diagcab
2015-12-24 20:16 - 2015-12-24 20:16 - 00330057 _____ C:\Users\Sergiu\Downloads\Republique.Remastered.Episode.4-CODEX.torrent
2015-12-24 20:09 - 2015-12-24 20:09 - 00183014 _____ C:\Users\Sergiu\Downloads\Zombie.Vikings-CODEX.torrent
2015-12-24 00:32 - 2015-12-24 00:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-24 00:32 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-24 00:32 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-24 00:32 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-12-24 00:22 - 2015-12-24 00:22 - 00000588 _____ C:\Users\Sergiu\Downloads\Malwarebytes Anti-Malware v2.1.8.1057 + Serial-FiLELiST.torrent
2015-12-23 23:48 - 2015-12-24 15:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 23:47 - 2015-12-23 23:47 - 22908888 _____ (Malwarebytes ) C:\Users\Sergiu\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-23 23:47 - 2015-12-23 23:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-22 14:48 - 2015-12-22 14:53 - 00042496 ____H C:\Users\Sergiu\Downloads\projectpag.v12.suo
2015-12-22 12:09 - 2015-12-23 11:46 - 00000000 ____D C:\Users\Sergiu\Desktop\MovieMania
2015-12-22 11:15 - 2015-12-22 12:25 - 00000000 ____D C:\Users\Sergiu\AppData\Local\Sublime Text 3
2015-12-22 11:15 - 2015-12-22 11:15 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Sublime Text 3
2015-12-22 11:14 - 2015-12-24 15:13 - 00001539 _____ C:\Users\Sergiu\Desktop\Sublime.lnk
2015-12-22 11:11 - 2015-12-24 15:13 - 00000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-12-22 11:11 - 2015-12-22 11:14 - 00000000 ____D C:\Program Files\Sublime Text 3
2015-12-22 10:41 - 2015-12-22 10:41 - 00008456 _____ C:\Users\Sergiu\.v8flags.4.6.85.31.Sergiu.json
2015-12-22 10:36 - 2015-12-22 10:36 - 00000000 ____D C:\Users\Sergiu\AppData\Local\bower
2015-12-22 10:15 - 2015-12-22 10:15 - 00000000 ____D C:\Users\Sergiu\.config
2015-12-22 10:07 - 2015-12-22 10:07 - 00000000 ____D C:\Windows\system32\node_modules
2015-12-22 09:55 - 2015-12-22 11:57 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\npm-cache
2015-12-22 09:53 - 2015-12-22 11:22 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\npm
2015-12-22 09:53 - 2015-12-22 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2015-12-22 09:53 - 2015-12-22 09:54 - 00000000 ____D C:\Program Files\nodejs
2015-12-22 09:25 - 2015-12-25 19:13 - 00000000 ____D C:\Users\Sergiu\AppData\Local\clink
2015-12-21 23:01 - 2015-12-21 23:01 - 00000000 ____D C:\Users\Sergiu\Documents\Graphics
2015-12-21 15:31 - 2015-12-21 15:31 - 00000000 ___HD C:\Users\Sergiu\Desktop\.git
2015-12-21 15:30 - 2015-12-21 15:30 - 00000000 ___HD C:\Users\Sergiu\.git
2015-12-21 14:44 - 2015-12-21 14:44 - 00000000 ____D C:\Users\Sergiu\AppData\Local\ESET
2015-12-21 14:38 - 2015-12-21 14:38 - 00000000 ____D C:\Users\Sergiu\AppData\Local\NVIDIA Corporation
2015-12-20 19:51 - 2015-12-20 19:51 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Xilisoft
2015-12-20 19:50 - 2015-12-20 19:50 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-12-20 19:50 - 2015-12-20 19:50 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-12-20 19:50 - 2015-12-20 19:50 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-12-20 19:50 - 2015-12-20 19:50 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-12-20 19:50 - 2015-12-20 19:50 - 00000000 ____D C:\ProgramData\Xilisoft
2015-12-20 19:50 - 2015-12-20 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2015-12-20 19:50 - 2015-12-20 19:50 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2015-12-20 19:50 - 2015-12-20 19:50 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-12-19 22:48 - 2015-12-19 22:48 - 00000000 ____D C:\Users\Sergiu\Documents\HardWest
2015-12-19 22:48 - 2015-12-19 22:48 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Steam
2015-12-17 22:11 - 2015-12-07 05:58 - 24601600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-17 22:11 - 2015-12-07 05:53 - 19339264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-17 22:10 - 2015-12-07 06:57 - 00973664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-12-17 22:10 - 2015-12-07 06:55 - 01281376 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-12-17 22:10 - 2015-12-07 06:49 - 00412512 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2015-12-17 22:10 - 2015-12-07 06:48 - 02544256 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01299504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01155944 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01118208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01092456 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01065080 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01020096 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00983464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00884256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00823264 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00526856 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00502112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00462760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00450904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00337840 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00289248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00245848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2015-12-17 22:10 - 2015-12-07 06:47 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-12-17 22:10 - 2015-12-07 06:47 - 00898184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:47 - 00716928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:47 - 00116720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-12-17 22:10 - 2015-12-07 06:46 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-17 22:10 - 2015-12-07 06:46 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-17 22:10 - 2015-12-07 06:45 - 00264544 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2015-12-17 22:10 - 2015-12-07 06:15 - 01035776 _____ (Microsoft Corporation) C:\Windows\system32\XboxNetApiSvc.dll
2015-12-17 22:10 - 2015-12-07 06:15 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-17 22:10 - 2015-12-07 06:10 - 00824320 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2015-12-17 22:10 - 2015-12-07 06:09 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2015-12-17 22:10 - 2015-12-07 06:09 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2015-12-17 22:10 - 2015-12-07 06:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2015-12-17 22:10 - 2015-12-07 06:07 - 16984064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-12-17 22:10 - 2015-12-07 06:07 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2015-12-17 22:10 - 2015-12-07 06:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2015-12-17 22:10 - 2015-12-07 06:06 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2015-12-17 22:10 - 2015-12-07 06:06 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2015-12-17 22:10 - 2015-12-07 06:06 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2015-12-17 22:10 - 2015-12-07 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2015-12-17 22:10 - 2015-12-07 06:05 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\BackgroundTransferHost.exe
2015-12-17 22:10 - 2015-12-07 06:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2015-12-17 22:10 - 2015-12-07 06:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2015-12-17 22:10 - 2015-12-07 06:03 - 13017600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-12-17 22:10 - 2015-12-07 06:02 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2015-12-17 22:10 - 2015-12-07 06:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2015-12-17 22:10 - 2015-12-07 06:01 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2015-12-17 22:10 - 2015-12-07 06:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BackgroundTransferHost.exe
2015-12-17 22:10 - 2015-12-07 06:00 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2015-12-17 22:10 - 2015-12-07 06:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2015-12-17 22:10 - 2015-12-07 06:00 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-12-17 22:10 - 2015-12-07 06:00 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2015-12-17 22:10 - 2015-12-07 05:59 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-12-17 22:10 - 2015-12-07 05:59 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2015-12-17 22:10 - 2015-12-07 05:59 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2015-12-17 22:10 - 2015-12-07 05:59 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2015-12-17 22:10 - 2015-12-07 05:58 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2015-12-17 22:10 - 2015-12-07 05:57 - 00409088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2015-12-17 22:10 - 2015-12-07 05:57 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-12-17 22:10 - 2015-12-07 05:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2015-12-17 22:10 - 2015-12-07 05:56 - 00607232 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-12-17 22:10 - 2015-12-07 05:56 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 05:55 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2015-12-17 22:10 - 2015-12-07 05:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2015-12-17 22:10 - 2015-12-07 05:54 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2015-12-17 22:10 - 2015-12-07 05:54 - 00569856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-12-17 22:10 - 2015-12-07 05:53 - 00381952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 05:51 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-12-17 22:10 - 2015-12-07 05:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2015-12-17 22:10 - 2015-12-07 05:50 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2015-12-17 22:10 - 2015-12-07 05:49 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2015-12-17 22:10 - 2015-12-07 05:48 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2015-12-17 22:10 - 2015-12-07 05:47 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-12-17 22:10 - 2015-12-07 05:45 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-12-17 22:10 - 2015-12-07 05:45 - 00900608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-17 22:10 - 2015-12-07 05:45 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-17 22:10 - 2015-12-07 05:44 - 02796032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-12-17 22:10 - 2015-12-07 05:43 - 02598400 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2015-12-17 22:10 - 2015-12-07 05:43 - 00931328 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2015-12-17 22:10 - 2015-12-07 05:41 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-12-17 22:10 - 2015-12-07 05:40 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-12-17 22:10 - 2015-12-07 05:40 - 01995776 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2015-12-17 22:10 - 2015-12-07 05:40 - 01706496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2015-12-17 22:10 - 2015-12-07 05:39 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-12-17 22:10 - 2015-12-07 05:38 - 00871936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2015-12-17 22:10 - 2015-12-07 05:33 - 00375296 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2015-12-17 22:10 - 2015-12-07 05:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
2015-12-15 13:20 - 2015-12-24 15:13 - 00002214 _____ C:\Users\Sergiu\Desktop\Slack.lnk
2015-12-15 13:20 - 2015-12-23 14:46 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Slack
2015-12-15 13:20 - 2015-12-15 13:21 - 00000000 ____D C:\Users\Sergiu\AppData\Local\SquirrelTemp
2015-12-15 13:20 - 2015-12-15 13:21 - 00000000 ____D C:\Users\Sergiu\AppData\Local\slack
2015-12-15 13:20 - 2015-12-15 13:20 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2015-12-15 09:27 - 2015-12-25 15:28 - 00000000 ____D C:\Users\Sergiu\AppData\Local\ElevatedDiagnostics
2015-12-11 11:38 - 2015-12-24 15:13 - 00002045 _____ C:\Users\Public\Desktop\Mobizen.lnk
2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\Users\Sergiu\Documents\Mobizen
2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Rsupport
2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\Users\Public\Documents\Rsupport
2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSUPPORT
2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\Program Files (x86)\RSUPPORT
2015-12-08 22:37 - 2015-12-08 22:44 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 22:37 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:34 - 2015-12-01 09:12 - 02152800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-12-08 22:34 - 2015-11-24 14:07 - 01817160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 22:34 - 2015-11-24 13:06 - 01540768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 22:34 - 2015-11-24 12:26 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 22:34 - 2015-11-24 12:01 - 02756096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 22:34 - 2015-11-24 11:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\readingviewresources.dll
2015-12-08 22:34 - 2015-11-24 11:53 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 22:34 - 2015-11-24 11:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 22:34 - 2015-11-24 11:26 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 22:34 - 2015-11-24 11:19 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-12-08 22:34 - 2015-11-24 11:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 22:34 - 2015-11-24 10:58 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 22:34 - 2015-11-24 10:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-12-08 22:34 - 2015-11-24 10:54 - 02756096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 22:34 - 2015-11-24 10:52 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 22:34 - 2015-11-24 10:49 - 01648640 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 22:34 - 2015-11-24 10:14 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 22:34 - 2015-11-24 10:03 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 22:34 - 2015-11-24 09:59 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 22:34 - 2015-11-24 09:57 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 22:34 - 2015-11-24 09:35 - 22393856 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-12-08 22:34 - 2015-11-24 09:29 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 22:34 - 2015-11-24 09:23 - 13381120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 22:34 - 2015-11-24 09:11 - 18678272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-12-08 22:34 - 2015-11-24 09:08 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 22:34 - 2015-11-24 09:04 - 02155008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 22:33 - 2015-11-24 11:45 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 16:33 - 2015-12-08 16:33 - 00000046 _____ C:\Users\Sergiu\.gitconfig
2015-12-08 16:20 - 2015-12-08 16:21 - 00000000 ____D C:\ProgramData\Git
2015-12-08 16:20 - 2015-12-08 16:20 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git
2015-12-07 16:38 - 2015-12-07 16:39 - 00000000 ____D C:\OpenSSL
2015-12-03 23:08 - 2015-11-22 12:47 - 07476576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-03 23:08 - 2015-11-22 12:47 - 02653816 _____ C:\Windows\system32\CoreUIComponents.dll
2015-12-03 23:08 - 2015-11-22 12:41 - 01859448 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2015-12-03 23:08 - 2015-11-22 12:41 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-03 23:08 - 2015-11-22 12:35 - 00538632 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2015-12-03 23:08 - 2015-11-22 12:34 - 00080600 _____ (Microsoft Corporation) C:\Windows\system32\wwapi.dll
2015-12-03 23:08 - 2015-11-22 12:33 - 00095072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2015-12-03 23:08 - 2015-11-22 12:33 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2015-12-03 23:08 - 2015-11-22 12:33 - 00051680 _____ (Microsoft Corporation) C:\Windows\system32\SensorsUtilsV2.dll
2015-12-03 23:08 - 2015-11-22 12:30 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-12-03 23:08 - 2015-11-22 12:30 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-12-03 23:08 - 2015-11-22 12:26 - 00431232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2015-12-03 23:08 - 2015-11-22 12:25 - 00063528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwapi.dll
2015-12-03 23:08 - 2015-11-22 12:24 - 02772584 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-12-03 23:08 - 2015-11-22 12:20 - 00795840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-12-03 23:08 - 2015-11-22 12:19 - 00440160 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-12-03 23:08 - 2015-11-22 12:14 - 02185840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-12-03 23:08 - 2015-11-22 11:56 - 01268736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2015-12-03 23:08 - 2015-11-22 11:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManagerProxy.dll
2015-12-03 23:08 - 2015-11-22 11:54 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\ETWCoreUIComponentsResources.dll
2015-12-03 23:08 - 2015-11-22 11:54 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\capimg.sys
2015-12-03 23:08 - 2015-11-22 11:54 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-12-03 23:08 - 2015-11-22 11:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2015-12-03 23:08 - 2015-11-22 11:49 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2015-12-03 23:08 - 2015-11-22 11:45 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2015-12-03 23:08 - 2015-11-22 11:45 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-03 23:08 - 2015-11-22 11:44 - 01268736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-03 23:08 - 2015-11-22 11:43 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2015-12-03 23:08 - 2015-11-22 11:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthManagerProxy.dll
2015-12-03 23:08 - 2015-11-22 11:42 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2015-12-03 23:08 - 2015-11-22 11:42 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-03 23:08 - 2015-11-22 11:41 - 00948224 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2015-12-03 23:08 - 2015-11-22 11:39 - 02126848 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-03 23:08 - 2015-11-22 11:39 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-12-03 23:08 - 2015-11-22 11:39 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2015-12-03 23:08 - 2015-11-22 11:39 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2015-12-03 23:08 - 2015-11-22 11:39 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 01223168 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2015-12-03 23:08 - 2015-11-22 11:37 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2015-12-03 23:08 - 2015-11-22 11:37 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-12-03 23:08 - 2015-11-22 11:37 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2015-12-03 23:08 - 2015-11-22 11:36 - 01042432 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2015-12-03 23:08 - 2015-11-22 11:34 - 02843136 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2015-12-03 23:08 - 2015-11-22 11:34 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2015-12-03 23:08 - 2015-11-22 11:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2015-12-03 23:08 - 2015-11-22 11:32 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-03 23:08 - 2015-11-22 11:31 - 00470528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2015-12-03 23:08 - 2015-11-22 11:31 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 01734656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 00948224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 00686592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-03 23:08 - 2015-11-22 11:27 - 03993600 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2015-12-03 23:08 - 2015-11-22 11:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-03 23:08 - 2015-11-22 11:27 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2015-12-03 23:08 - 2015-11-22 11:27 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2015-12-03 23:08 - 2015-11-22 11:26 - 03355136 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-12-03 23:08 - 2015-11-22 11:26 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-12-03 23:08 - 2015-11-22 11:26 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2015-12-03 23:08 - 2015-11-22 11:26 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2015-12-03 23:08 - 2015-11-22 11:25 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-03 23:08 - 2015-11-22 11:24 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-03 23:08 - 2015-11-22 11:24 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2015-12-03 23:08 - 2015-11-22 11:20 - 01860096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2015-12-03 23:08 - 2015-11-22 11:18 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-03 23:08 - 2015-11-22 11:18 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2015-12-03 23:08 - 2015-11-22 11:18 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2015-12-03 23:08 - 2015-11-22 11:17 - 02680320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-12-03 23:08 - 2015-11-22 11:17 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-03 23:08 - 2015-11-22 11:11 - 00517632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2015-12-03 23:07 - 2015-11-22 12:00 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2015-12-03 23:07 - 2015-11-22 12:00 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\MosResource.dll
2015-12-03 23:07 - 2015-11-22 11:57 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MapControls.dll
2015-12-03 23:07 - 2015-11-22 11:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCoreRes.dll
2015-12-03 23:07 - 2015-11-22 11:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MosTrace.dll
2015-12-03 23:07 - 2015-11-22 11:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MosHost.dll
2015-12-03 23:07 - 2015-11-22 11:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2015-12-03 23:07 - 2015-11-22 11:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\ihvrilproxy.dll
2015-12-03 23:07 - 2015-11-22 11:56 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rilproxy.dll
2015-12-03 23:07 - 2015-11-22 11:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvcProxy.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\wsplib.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\nativemap.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\MapControlStringsRes.dll
2015-12-03 23:07 - 2015-11-22 11:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2015-12-03 23:07 - 2015-11-22 11:52 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll
2015-12-03 23:07 - 2015-11-22 11:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-03 23:07 - 2015-11-22 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2015-12-03 23:07 - 2015-11-22 11:51 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2015-12-03 23:07 - 2015-11-22 11:51 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2015-12-03 23:07 - 2015-11-22 11:51 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2015-12-03 23:07 - 2015-11-22 11:51 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\mapstoasttask.dll
2015-12-03 23:07 - 2015-11-22 11:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-03 23:07 - 2015-11-22 11:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-03 23:07 - 2015-11-22 11:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Wwanpref.dll
2015-12-03 23:07 - 2015-11-22 11:48 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosResource.dll
2015-12-03 23:07 - 2015-11-22 11:46 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 06572032 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00264192 _____ (Nokia) C:\Windows\system32\NmaDirect.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wwancfg.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCoreRes.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-03 23:07 - 2015-11-22 11:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2015-12-03 23:07 - 2015-11-22 11:43 - 00704000 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2015-12-03 23:07 - 2015-11-22 11:43 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-03 23:07 - 2015-11-22 11:42 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2015-12-03 23:07 - 2015-11-22 11:42 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WordBreakers.dll
2015-12-03 23:07 - 2015-11-22 11:42 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlStringsRes.dll
2015-12-03 23:07 - 2015-11-22 11:41 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2015-12-03 23:07 - 2015-11-22 11:40 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2015-12-03 23:07 - 2015-11-22 11:40 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2015-12-03 23:07 - 2015-11-22 11:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2015-12-03 23:07 - 2015-11-22 11:40 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-03 23:07 - 2015-11-22 11:34 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2015-12-03 23:07 - 2015-11-22 11:34 - 00166912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2015-12-03 23:07 - 2015-11-22 11:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2015-12-03 23:07 - 2015-11-22 11:34 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2015-12-03 23:07 - 2015-11-22 11:33 - 00205824 _____ (Nokia) C:\Windows\SysWOW64\NmaDirect.dll
2015-12-03 23:07 - 2015-11-22 11:31 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2015-12-03 23:07 - 2015-11-22 11:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2015-12-03 23:07 - 2015-11-22 11:28 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2015-12-03 23:07 - 2015-11-22 11:28 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-12-03 23:07 - 2015-11-22 11:28 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2015-12-03 23:07 - 2015-11-22 11:28 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2015-12-03 23:07 - 2015-11-22 11:27 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2015-12-03 23:07 - 2015-11-22 11:27 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2015-12-03 23:07 - 2015-11-22 11:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-03 23:07 - 2015-11-22 11:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2015-12-03 23:07 - 2015-11-22 11:24 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditBufferTestHook.dll
2015-12-03 23:07 - 2015-11-22 11:23 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2015-12-03 22:02 - 2015-12-28 12:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 22:02 - 2015-12-09 01:45 - 00003816 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 13:10 - 2015-10-30 08:28 - 00000000 ____D C:\Windows
2015-12-28 12:37 - 2015-11-20 21:19 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 02:00 - 2015-11-21 13:47 - 00000000 ____D C:\Users\Sergiu\AppData\Local\Adobe
2015-12-28 01:30 - 2015-11-20 21:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 01:11 - 2015-11-18 13:32 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\uTorrent
2015-12-28 00:29 - 2015-11-20 21:20 - 00004156 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FEEBFADE-F02F-4488-A123-DD10472A7E52}
2015-12-27 11:18 - 2015-11-17 18:31 - 00002448 _____ C:\Windows\System32\Tasks\{7ADB8292-2D09-48C7-AE1A-4186E3A2C0DE}
2015-12-27 11:17 - 2015-11-18 00:26 - 00000000 ____D C:\Windows\Panther
2015-12-27 11:17 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\ModemLogs
2015-12-27 11:17 - 2015-10-30 09:21 - 00000000 ____D C:\Windows\INF
2015-12-27 11:08 - 2015-11-18 00:30 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-27 11:08 - 2015-11-17 20:29 - 00000522 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-12-27 11:07 - 2015-10-30 08:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-26 20:30 - 2015-11-18 00:36 - 00000000 ____D C:\Users\Sergiu\AppData\Local\Packages
2015-12-24 15:32 - 2015-11-18 00:38 - 00929278 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-24 15:26 - 2015-11-20 22:11 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-12-24 15:13 - 2015-11-26 20:42 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-24 15:13 - 2015-11-25 19:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-12-24 15:13 - 2015-11-25 19:50 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-12-24 15:13 - 2015-11-25 19:50 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-12-24 15:13 - 2015-11-25 19:50 - 00002097 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-12-24 15:13 - 2015-11-23 08:33 - 00000741 _____ C:\Users\Sergiu\Desktop\WorkStation - Shortcut.lnk
2015-12-24 15:13 - 2015-11-23 00:27 - 00001572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 22:05 - 00001572 _____ C:\Users\Sergiu\Desktop\Adobe Illustrator CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 22:05 - 00001141 _____ C:\Users\Sergiu\Desktop\Adobe Dreamweaver CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 22:05 - 00001117 _____ C:\Users\Sergiu\Desktop\Adobe Photoshop CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 17:40 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 17:29 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 16:51 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-12-24 15:13 - 2015-11-21 16:51 - 00001280 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-12-24 15:13 - 2015-11-20 22:52 - 00001207 _____ C:\Users\Sergiu\Desktop\Android Studio.lnk
2015-12-24 15:13 - 2015-11-20 22:52 - 00000709 _____ C:\Users\Sergiu\Desktop\Android - Shortcut.lnk
2015-12-24 15:13 - 2015-11-20 21:20 - 00001359 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-24 15:13 - 2015-11-19 19:10 - 00000718 _____ C:\Users\Sergiu\Desktop\NetBeans - Shortcut.lnk
2015-12-24 15:13 - 2015-11-19 19:08 - 00002084 _____ C:\Users\Public\Desktop\NetBeans IDE 8.1.lnk
2015-12-24 15:13 - 2015-11-19 12:23 - 00002644 _____ C:\Users\Sergiu\Desktop\Word 2016.lnk
2015-12-24 15:13 - 2015-11-19 12:05 - 00000757 _____ C:\Users\Sergiu\Desktop\Visual Studio - Shortcut.lnk
2015-12-24 15:13 - 2015-11-18 23:29 - 00002717 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-24 15:13 - 2015-11-18 23:29 - 00002650 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2015-12-24 15:13 - 2015-11-18 23:29 - 00002644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-24 15:13 - 2015-11-18 23:29 - 00002636 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-24 15:13 - 2015-11-18 23:29 - 00002636 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-24 15:13 - 2015-11-18 23:29 - 00002630 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-24 15:13 - 2015-11-18 23:29 - 00002616 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-24 15:13 - 2015-11-18 19:56 - 00001495 _____ C:\Users\Sergiu\Desktop\Visual Studio 2013.lnk
2015-12-24 15:13 - 2015-11-18 00:38 - 00002335 _____ C:\Users\Sergiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-24 15:13 - 2015-11-17 18:57 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2015-12-24 15:13 - 2015-11-17 17:22 - 00001023 _____ C:\Users\Sergiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-12-24 00:28 - 2015-11-18 23:26 - 00000000 ____D C:\Windows\PCHEALTH
2015-12-23 23:23 - 2015-11-25 22:30 - 00000000 ____D C:\Windows\Minidump
2015-12-23 14:36 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\AppReadiness
2015-12-23 11:14 - 2015-11-20 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-22 12:51 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-22 10:41 - 2015-11-18 00:35 - 00000000 ____D C:\Users\Sergiu
2015-12-21 14:38 - 2015-11-17 17:18 - 00000000 ____D C:\Users\Sergiu\AppData\Local\Google
2015-12-21 14:15 - 2015-11-17 20:07 - 00003470 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2015-12-21 12:28 - 2015-11-23 08:37 - 00000000 ____D C:\Users\Sergiu\Documents\Visual Studio 2013
2015-12-19 00:32 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-12-19 00:32 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\Provisioning
2015-12-19 00:32 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\bcastdvr
2015-12-18 01:22 - 2015-10-30 09:11 - 00000000 ____D C:\Windows\CbsTemp
2015-12-16 19:55 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\NDF
2015-12-12 18:58 - 2015-11-18 00:36 - 00000000 ____D C:\Users\Sergiu\AppData\Local\VirtualStore
2015-12-10 10:18 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-09 13:32 - 2015-11-18 00:26 - 00366424 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 13:30 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\oobe
2015-12-06 00:24 - 2015-11-26 20:42 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Skype
2015-12-05 12:25 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\rescache
2015-12-04 13:56 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-12-04 12:25 - 2015-11-20 21:19 - 00003984 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 12:25 - 2015-11-20 21:19 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 02:33 - 2015-10-30 09:26 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 02:33 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-11-17 17:02 - 2015-11-17 17:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Sergiu\AppData\Local\Temp\dllnt_dump.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-12-21 09:43
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 IAmSergiu

IAmSergiu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 29 December 2015 - 07:52 AM

Can't anyone help? Maybe point me in the right direction. I've runned Hitman Pro and it founded this:
HitmanPro 3.7.12.253
www.hitmanpro.com
 
   Computer name . . . . : SERGIU-PC
   Windows . . . . . . . : 10.0.0.10586.X64/2
   User name . . . . . . : SERGIU-PC\Sergiu
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (26 days left)
 
   Scan date . . . . . . : 2015-12-29 14:12:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 82
 
   Objects scanned . . . : 2.782.958
   Files scanned . . . . : 185.558
   Remnants scanned  . . : 1.037.389 files / 1.560.011 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Sergiu\Desktop\FRST64.exe
      Size . . . . . . . : 2.370.560 bytes
      Age  . . . . . . . : 1.0 days (2015-12-28 13:09:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 302FE238A077E891B39A3DA34C25E74AA2716B5272CDA2955386041D0A540132
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 

Potential Unwanted Programs _________________________________________________
 
   HKU\S-1-5-21-2536191027-2410054101-898883693-1001\SOFTWARE\Conduit\ (Conduit)
 
Cookies _____________________________________________________________________
 
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:adzerk.net
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.adzerk.net
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\00LBOI38.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\01ZZP29Q.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0MFTBLXK.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0T30HC4Z.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\11X0DSSX.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1BXKBD9I.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1C0DCLBU.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1CERC4T4.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1HBVYH5L.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\24RS555K.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2HJQML53.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2IHJM0RA.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2OOT62FZ.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\37D53FU5.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3ZWDBBW8.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4S1MEUZK.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\51B34U65.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6323V7RH.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\65C95MBG.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\74A6ESNU.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\74DECP1S.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7DHLR3UD.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7WP1F794.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\81YI36XF.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8MX7JMMM.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\95DG8TZF.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9CQVHLV3.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9N6XCNFM.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AD238JXZ.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AMX1E09R.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AW43PIZ8.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\B5FOD5BJ.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BKVSJ6WT.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BMJHK3SD.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BONT1Q4T.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\F3A7AEV0.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H3ZMFDHA.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H7VH1R7X.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HY2B462I.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I02038HS.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JAJYM2GR.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JIYZYQSK.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K49W6HOV.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\L8BAHTA3.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MI9ND0VV.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MK1B76IN.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MT198ZYX.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OGHPVUBH.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PNB682LB.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QCGPSBJB.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\R4925HV0.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\S7T3GY8V.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TM81OG1M.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\U00QW77R.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UIRG69TO.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UZMJ3P0Q.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VABYF35U.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSRGTSDY.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VTHU73D0.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\X1JIIRVN.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\X8J682AD.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XCRZTG68.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZEEX721L.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZJ9W5JYB.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\03NJSPOM.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\LG41YLZQ.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\R22BQW1Z.txt
   C:\Users\Sergiu\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\VM1YRO4L.txt
 
Deleted all, but it keeps coming back.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 29 December 2015 - 10:36 AM

Greetings IAmSergiu and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall All Adobe products for which you do not have a valid Product Key, and any other illegal software on your computer. If you are willing to do that please rerun a FRST scan with Addition.txt (the file is legitimate) and post both logs. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 IAmSergiu

IAmSergiu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 30 December 2015 - 06:22 AM

Thanks for helping, removed all illegal software, sorry about that. Here are the log files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by Sergiu (administrator) on SERGIU-PC (30-12-2015 13:01:00)
Running from C:\Users\Sergiu\Desktop
Loaded Profiles: Sergiu (Available Profiles: Sergiu)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174360 2015-10-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411864 2015-10-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411864 2015-10-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-18] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\MountPoints2: {a89292a4-9811-11e5-849d-2cd44492da85} - "E:\HTC_Sync_Manager_PC.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2536191027-2410054101-898883693-1001] => hxxp://unstopp.me/wpad.dat?cb706d0b582824a9903efa348d04da362903020
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{327c0fd1-7b80-4c9d-96e9-19d401285584}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F3E959C3-8239-46BB-B8ED-74B86D2EBEDE}: [NameServer] 193.231.252.1 213.154.124.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2536191027-2410054101-898883693-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2536191027-2410054101-898883693-1001 -> hxxp://www.google.ro/
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-18] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-18] (Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Disc Google) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google Search) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Documente Google Offline) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Plăți prin Magazinul web Chrome) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
CHR Extension: (Gmail) - C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [96128 2015-07-02] (Alps Electric Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-11-18] (Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FUJ02B1; C:\Windows\System32\drivers\FUJ02B1.sys [24400 2015-06-18] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\drivers\FUJ02E3.sys [29904 2015-06-18] (FUJITSU LIMITED)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-27] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-30 13:01 - 2015-12-30 13:01 - 00012755 _____ C:\Users\Sergiu\Desktop\FRST.txt
2015-12-30 12:58 - 2015-12-30 12:58 - 567656155 _____ C:\Windows\MEMORY.DMP
2015-12-30 12:58 - 2015-12-30 12:58 - 00254972 _____ C:\Windows\Minidump\123015-23687-01.dmp
2015-12-30 12:32 - 2015-12-30 12:33 - 02370560 _____ (Farbar) C:\Users\Sergiu\Desktop\FRST64.exe
2015-12-30 12:09 - 2015-12-30 12:09 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-30 11:35 - 2015-12-30 11:35 - 00000000 ____D C:\zoek_backup
2015-12-29 17:03 - 2015-12-29 17:04 - 01783448 _____ C:\Users\Sergiu\Downloads\AboControls3.rar
2015-12-29 16:29 - 2015-12-29 16:29 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\JetBrains
2015-12-29 15:33 - 2015-12-29 23:35 - 00000000 ____D C:\Users\Sergiu\Downloads\AboControls
2015-12-29 15:30 - 2015-12-29 15:30 - 01795350 _____ C:\Users\Sergiu\Downloads\AboControls7 (2).rar
2015-12-29 15:30 - 2015-12-29 15:30 - 01762958 _____ C:\Users\Sergiu\Downloads\AboControls1.rar
2015-12-29 15:29 - 2015-12-29 15:29 - 01795350 _____ C:\Users\Sergiu\Downloads\AboControls7 (1).rar
2015-12-29 14:12 - 2015-12-29 14:12 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-12-28 15:16 - 2015-12-28 15:30 - 00000000 ____D C:\Users\Sergiu\Desktop\AboControls
2015-12-28 15:16 - 2015-12-28 15:16 - 01795350 _____ C:\Users\Sergiu\Downloads\AboControls7.rar
2015-12-28 14:48 - 2015-12-28 14:48 - 00042162 _____ C:\Users\Sergiu\Downloads\ColorSlider_src.zip
2015-12-28 13:10 - 2015-12-30 13:01 - 00000000 ____D C:\FRST
2015-12-28 00:57 - 2015-12-28 00:57 - 00037169 _____ C:\Users\Sergiu\Downloads\MAC_Slider_src.zip
2015-12-27 20:47 - 2015-12-27 20:47 - 00027819 _____ C:\Users\Sergiu\Downloads\Marco.Polo.2014.S01.720p.WEBRIP.x264-2HD.torrent
2015-12-27 15:55 - 2015-12-29 00:53 - 00000000 ____D C:\Users\Sergiu\AppData\Local\CrashDumps
2015-12-27 11:12 - 2015-12-27 11:12 - 00002777 _____ C:\Users\Sergiu\Downloads\Piriform.CCleaner.Professional.v5.05.5176.Multilingual.Incl.Keymaker-CORE.torrent
2015-12-26 20:38 - 2015-12-26 20:38 - 01743360 _____ C:\Users\Sergiu\Downloads\adwcleaner_5.026.exe
2015-12-26 13:41 - 2015-12-26 13:41 - 00037188 _____ C:\Users\Sergiu\Downloads\The.Martian.2015.720p.BluRay.DD.5.1.x264.RoSubbed-88keyz.torrent
2015-12-26 13:23 - 2015-12-26 13:23 - 00097864 _____ C:\Users\Sergiu\Downloads\Colony.S01E01.720p.WEBRip.x264-BATV.torrent
2015-12-25 19:50 - 2015-12-25 19:50 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-25 19:10 - 2015-12-25 19:11 - 00000000 ____D C:\Program Files\Cmder
2015-12-25 19:08 - 2015-12-25 19:09 - 79410601 _____ C:\Users\Sergiu\Downloads\cmder.zip
2015-12-25 18:04 - 2015-12-27 11:39 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-25 18:04 - 2015-12-25 18:40 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-25 18:03 - 2015-12-25 19:49 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-25 17:20 - 2015-12-25 17:20 - 01599336 _____ (Malwarebytes) C:\Users\Sergiu\Downloads\JRT (1).exe
2015-12-25 17:19 - 2015-12-25 17:19 - 01599336 _____ (Malwarebytes) C:\Users\Sergiu\Downloads\JRT.exe
2015-12-25 17:18 - 2015-12-25 19:16 - 11323704 _____ (SurfRight B.V.) C:\Users\Sergiu\Downloads\HitmanPro_x64.exe
2015-12-25 17:18 - 2015-12-25 18:04 - 20834888 _____ C:\Users\Sergiu\Downloads\RogueKiller.exe
2015-12-25 17:17 - 2015-12-25 17:17 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Sergiu\Downloads\iExplore.exe
2015-12-25 17:17 - 2015-12-25 17:17 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Sergiu\Downloads\iExplore64.exe
2015-12-25 17:11 - 2015-12-25 17:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sergiu\Downloads\tdsskiller.exe
2015-12-25 15:32 - 2015-12-25 15:32 - 00000000 ____D C:\Windows\pss
2015-12-25 15:16 - 2015-12-25 18:42 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-25 12:00 - 2015-12-25 12:00 - 00003646 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-12-25 11:55 - 2015-12-25 11:55 - 00000499 _____ C:\Users\Sergiu\Downloads\Appsdiagnostic10.diagcab
2015-12-24 20:16 - 2015-12-24 20:16 - 00330057 _____ C:\Users\Sergiu\Downloads\Republique.Remastered.Episode.4-CODEX.torrent
2015-12-24 20:09 - 2015-12-24 20:09 - 00183014 _____ C:\Users\Sergiu\Downloads\Zombie.Vikings-CODEX.torrent
2015-12-24 00:22 - 2015-12-24 00:22 - 00000588 _____ C:\Users\Sergiu\Downloads\Malwarebytes Anti-Malware v2.1.8.1057 + Serial-FiLELiST.torrent
2015-12-23 23:47 - 2015-12-23 23:47 - 22908888 _____ (Malwarebytes ) C:\Users\Sergiu\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-23 23:47 - 2015-12-23 23:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-22 14:48 - 2015-12-22 14:53 - 00042496 ____H C:\Users\Sergiu\Downloads\projectpag.v12.suo
2015-12-22 12:09 - 2015-12-23 11:46 - 00000000 ____D C:\Users\Sergiu\Desktop\MovieMania
2015-12-22 11:15 - 2015-12-22 12:25 - 00000000 ____D C:\Users\Sergiu\AppData\Local\Sublime Text 3
2015-12-22 11:15 - 2015-12-22 11:15 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Sublime Text 3
2015-12-22 11:14 - 2015-12-24 15:13 - 00001539 _____ C:\Users\Sergiu\Desktop\Sublime.lnk
2015-12-22 11:11 - 2015-12-30 11:42 - 00000000 ____D C:\Program Files\Sublime Text 3
2015-12-22 10:41 - 2015-12-22 10:41 - 00008456 _____ C:\Users\Sergiu\.v8flags.4.6.85.31.Sergiu.json
2015-12-22 10:36 - 2015-12-22 10:36 - 00000000 ____D C:\Users\Sergiu\AppData\Local\bower
2015-12-22 10:15 - 2015-12-22 10:15 - 00000000 ____D C:\Users\Sergiu\.config
2015-12-22 10:07 - 2015-12-22 10:07 - 00000000 ____D C:\Windows\system32\node_modules
2015-12-22 09:55 - 2015-12-22 11:57 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\npm-cache
2015-12-22 09:53 - 2015-12-22 11:22 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\npm
2015-12-22 09:53 - 2015-12-22 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2015-12-22 09:53 - 2015-12-22 09:54 - 00000000 ____D C:\Program Files\nodejs
2015-12-22 09:25 - 2015-12-25 19:13 - 00000000 ____D C:\Users\Sergiu\AppData\Local\clink
2015-12-21 23:01 - 2015-12-21 23:01 - 00000000 ____D C:\Users\Sergiu\Documents\Graphics
2015-12-21 15:31 - 2015-12-28 16:16 - 00000000 ___HD C:\Users\Sergiu\Desktop\.git
2015-12-21 15:30 - 2015-12-21 15:30 - 00000000 ___HD C:\Users\Sergiu\.git
2015-12-21 14:44 - 2015-12-21 14:44 - 00000000 ____D C:\Users\Sergiu\AppData\Local\ESET
2015-12-21 14:38 - 2015-12-21 14:38 - 00000000 ____D C:\Users\Sergiu\AppData\Local\NVIDIA Corporation
2015-12-20 19:51 - 2015-12-20 19:51 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Xilisoft
2015-12-20 19:50 - 2015-12-20 19:50 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-12-20 19:50 - 2015-12-20 19:50 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-12-20 19:50 - 2015-12-20 19:50 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-12-20 19:50 - 2015-12-20 19:50 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-12-20 19:50 - 2015-12-20 19:50 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-12-19 22:48 - 2015-12-19 22:48 - 00000000 ____D C:\Users\Sergiu\Documents\HardWest
2015-12-19 22:48 - 2015-12-19 22:48 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Steam
2015-12-17 22:11 - 2015-12-07 05:58 - 24601600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-17 22:11 - 2015-12-07 05:53 - 19339264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-17 22:10 - 2015-12-07 06:57 - 00973664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-12-17 22:10 - 2015-12-07 06:55 - 01281376 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-12-17 22:10 - 2015-12-07 06:49 - 00412512 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2015-12-17 22:10 - 2015-12-07 06:48 - 02544256 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01299504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01155944 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01118208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01092456 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01065080 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 01020096 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00983464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00884256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00823264 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00526856 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00502112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00462760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00450904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00337840 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00289248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00245848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2015-12-17 22:10 - 2015-12-07 06:48 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2015-12-17 22:10 - 2015-12-07 06:47 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-12-17 22:10 - 2015-12-07 06:47 - 00898184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:47 - 00716928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2015-12-17 22:10 - 2015-12-07 06:47 - 00116720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-12-17 22:10 - 2015-12-07 06:46 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-17 22:10 - 2015-12-07 06:46 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-17 22:10 - 2015-12-07 06:45 - 00264544 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2015-12-17 22:10 - 2015-12-07 06:15 - 01035776 _____ (Microsoft Corporation) C:\Windows\system32\XboxNetApiSvc.dll
2015-12-17 22:10 - 2015-12-07 06:15 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-17 22:10 - 2015-12-07 06:10 - 00824320 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2015-12-17 22:10 - 2015-12-07 06:09 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2015-12-17 22:10 - 2015-12-07 06:09 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2015-12-17 22:10 - 2015-12-07 06:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2015-12-17 22:10 - 2015-12-07 06:07 - 16984064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-12-17 22:10 - 2015-12-07 06:07 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2015-12-17 22:10 - 2015-12-07 06:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2015-12-17 22:10 - 2015-12-07 06:06 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2015-12-17 22:10 - 2015-12-07 06:06 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2015-12-17 22:10 - 2015-12-07 06:06 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2015-12-17 22:10 - 2015-12-07 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2015-12-17 22:10 - 2015-12-07 06:05 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\BackgroundTransferHost.exe
2015-12-17 22:10 - 2015-12-07 06:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2015-12-17 22:10 - 2015-12-07 06:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2015-12-17 22:10 - 2015-12-07 06:03 - 13017600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-12-17 22:10 - 2015-12-07 06:02 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2015-12-17 22:10 - 2015-12-07 06:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2015-12-17 22:10 - 2015-12-07 06:01 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2015-12-17 22:10 - 2015-12-07 06:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BackgroundTransferHost.exe
2015-12-17 22:10 - 2015-12-07 06:00 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2015-12-17 22:10 - 2015-12-07 06:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2015-12-17 22:10 - 2015-12-07 06:00 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-12-17 22:10 - 2015-12-07 06:00 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2015-12-17 22:10 - 2015-12-07 05:59 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-12-17 22:10 - 2015-12-07 05:59 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2015-12-17 22:10 - 2015-12-07 05:59 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2015-12-17 22:10 - 2015-12-07 05:59 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2015-12-17 22:10 - 2015-12-07 05:58 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2015-12-17 22:10 - 2015-12-07 05:57 - 00409088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2015-12-17 22:10 - 2015-12-07 05:57 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-12-17 22:10 - 2015-12-07 05:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2015-12-17 22:10 - 2015-12-07 05:56 - 00607232 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-12-17 22:10 - 2015-12-07 05:56 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 05:55 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2015-12-17 22:10 - 2015-12-07 05:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2015-12-17 22:10 - 2015-12-07 05:54 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2015-12-17 22:10 - 2015-12-07 05:54 - 00569856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-12-17 22:10 - 2015-12-07 05:53 - 00381952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2015-12-17 22:10 - 2015-12-07 05:51 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-12-17 22:10 - 2015-12-07 05:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2015-12-17 22:10 - 2015-12-07 05:50 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2015-12-17 22:10 - 2015-12-07 05:49 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2015-12-17 22:10 - 2015-12-07 05:48 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2015-12-17 22:10 - 2015-12-07 05:47 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-12-17 22:10 - 2015-12-07 05:45 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-12-17 22:10 - 2015-12-07 05:45 - 00900608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-17 22:10 - 2015-12-07 05:45 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-17 22:10 - 2015-12-07 05:44 - 02796032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-12-17 22:10 - 2015-12-07 05:43 - 02598400 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2015-12-17 22:10 - 2015-12-07 05:43 - 00931328 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2015-12-17 22:10 - 2015-12-07 05:41 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-12-17 22:10 - 2015-12-07 05:40 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-12-17 22:10 - 2015-12-07 05:40 - 01995776 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2015-12-17 22:10 - 2015-12-07 05:40 - 01706496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2015-12-17 22:10 - 2015-12-07 05:39 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-12-17 22:10 - 2015-12-07 05:38 - 00871936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2015-12-17 22:10 - 2015-12-07 05:33 - 00375296 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2015-12-17 22:10 - 2015-12-07 05:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
2015-12-15 13:20 - 2015-12-24 15:13 - 00002214 _____ C:\Users\Sergiu\Desktop\Slack.lnk
2015-12-15 13:20 - 2015-12-23 14:46 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Slack
2015-12-15 13:20 - 2015-12-15 13:21 - 00000000 ____D C:\Users\Sergiu\AppData\Local\SquirrelTemp
2015-12-15 13:20 - 2015-12-15 13:21 - 00000000 ____D C:\Users\Sergiu\AppData\Local\slack
2015-12-15 13:20 - 2015-12-15 13:20 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2015-12-15 09:27 - 2015-12-29 21:28 - 00000000 ____D C:\Users\Sergiu\AppData\Local\ElevatedDiagnostics
2015-12-11 11:38 - 2015-12-30 12:07 - 00000000 ____D C:\Program Files (x86)\RSUPPORT
2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\Users\Sergiu\Documents\Mobizen
2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Rsupport
2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\Users\Public\Documents\Rsupport
2015-12-08 22:37 - 2015-12-08 22:44 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 22:37 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:34 - 2015-12-01 09:12 - 02152800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-12-08 22:34 - 2015-11-24 14:07 - 01817160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 22:34 - 2015-11-24 13:06 - 01540768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 22:34 - 2015-11-24 12:26 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 22:34 - 2015-11-24 12:01 - 02756096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 22:34 - 2015-11-24 11:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\readingviewresources.dll
2015-12-08 22:34 - 2015-11-24 11:53 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 22:34 - 2015-11-24 11:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 22:34 - 2015-11-24 11:26 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 22:34 - 2015-11-24 11:19 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-12-08 22:34 - 2015-11-24 11:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 22:34 - 2015-11-24 10:58 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 22:34 - 2015-11-24 10:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-12-08 22:34 - 2015-11-24 10:54 - 02756096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 22:34 - 2015-11-24 10:52 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 22:34 - 2015-11-24 10:49 - 01648640 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 22:34 - 2015-11-24 10:14 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 22:34 - 2015-11-24 10:03 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 22:34 - 2015-11-24 09:59 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 22:34 - 2015-11-24 09:57 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 22:34 - 2015-11-24 09:35 - 22393856 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-12-08 22:34 - 2015-11-24 09:29 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 22:34 - 2015-11-24 09:23 - 13381120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 22:34 - 2015-11-24 09:11 - 18678272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-12-08 22:34 - 2015-11-24 09:08 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 22:34 - 2015-11-24 09:04 - 02155008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 22:33 - 2015-11-24 11:45 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 16:33 - 2015-12-08 16:33 - 00000046 _____ C:\Users\Sergiu\.gitconfig
2015-12-08 16:20 - 2015-12-08 16:21 - 00000000 ____D C:\ProgramData\Git
2015-12-08 16:20 - 2015-12-08 16:20 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git
2015-12-07 16:38 - 2015-12-07 16:39 - 00000000 ____D C:\OpenSSL
2015-12-03 23:08 - 2015-11-22 12:47 - 07476576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-03 23:08 - 2015-11-22 12:47 - 02653816 _____ C:\Windows\system32\CoreUIComponents.dll
2015-12-03 23:08 - 2015-11-22 12:41 - 01859448 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2015-12-03 23:08 - 2015-11-22 12:41 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-03 23:08 - 2015-11-22 12:35 - 00538632 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2015-12-03 23:08 - 2015-11-22 12:34 - 00080600 _____ (Microsoft Corporation) C:\Windows\system32\wwapi.dll
2015-12-03 23:08 - 2015-11-22 12:33 - 00095072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2015-12-03 23:08 - 2015-11-22 12:33 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2015-12-03 23:08 - 2015-11-22 12:33 - 00051680 _____ (Microsoft Corporation) C:\Windows\system32\SensorsUtilsV2.dll
2015-12-03 23:08 - 2015-11-22 12:30 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-12-03 23:08 - 2015-11-22 12:30 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-12-03 23:08 - 2015-11-22 12:26 - 00431232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2015-12-03 23:08 - 2015-11-22 12:25 - 00063528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwapi.dll
2015-12-03 23:08 - 2015-11-22 12:24 - 02772584 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-12-03 23:08 - 2015-11-22 12:20 - 00795840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-12-03 23:08 - 2015-11-22 12:19 - 00440160 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-12-03 23:08 - 2015-11-22 12:14 - 02185840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-12-03 23:08 - 2015-11-22 11:56 - 01268736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2015-12-03 23:08 - 2015-11-22 11:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManagerProxy.dll
2015-12-03 23:08 - 2015-11-22 11:54 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\ETWCoreUIComponentsResources.dll
2015-12-03 23:08 - 2015-11-22 11:54 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\capimg.sys
2015-12-03 23:08 - 2015-11-22 11:54 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-12-03 23:08 - 2015-11-22 11:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2015-12-03 23:08 - 2015-11-22 11:49 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2015-12-03 23:08 - 2015-11-22 11:45 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2015-12-03 23:08 - 2015-11-22 11:45 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-03 23:08 - 2015-11-22 11:44 - 01268736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-03 23:08 - 2015-11-22 11:43 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2015-12-03 23:08 - 2015-11-22 11:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthManagerProxy.dll
2015-12-03 23:08 - 2015-11-22 11:42 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2015-12-03 23:08 - 2015-11-22 11:42 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-03 23:08 - 2015-11-22 11:41 - 00948224 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2015-12-03 23:08 - 2015-11-22 11:39 - 02126848 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-03 23:08 - 2015-11-22 11:39 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-12-03 23:08 - 2015-11-22 11:39 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2015-12-03 23:08 - 2015-11-22 11:39 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2015-12-03 23:08 - 2015-11-22 11:39 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 01223168 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2015-12-03 23:08 - 2015-11-22 11:38 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2015-12-03 23:08 - 2015-11-22 11:37 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2015-12-03 23:08 - 2015-11-22 11:37 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-12-03 23:08 - 2015-11-22 11:37 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2015-12-03 23:08 - 2015-11-22 11:36 - 01042432 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2015-12-03 23:08 - 2015-11-22 11:34 - 02843136 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2015-12-03 23:08 - 2015-11-22 11:34 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2015-12-03 23:08 - 2015-11-22 11:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2015-12-03 23:08 - 2015-11-22 11:32 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-03 23:08 - 2015-11-22 11:31 - 00470528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2015-12-03 23:08 - 2015-11-22 11:31 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 01734656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 00948224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2015-12-03 23:08 - 2015-11-22 11:28 - 00686592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-03 23:08 - 2015-11-22 11:27 - 03993600 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2015-12-03 23:08 - 2015-11-22 11:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-03 23:08 - 2015-11-22 11:27 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2015-12-03 23:08 - 2015-11-22 11:27 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2015-12-03 23:08 - 2015-11-22 11:26 - 03355136 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-12-03 23:08 - 2015-11-22 11:26 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-12-03 23:08 - 2015-11-22 11:26 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2015-12-03 23:08 - 2015-11-22 11:26 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2015-12-03 23:08 - 2015-11-22 11:25 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-03 23:08 - 2015-11-22 11:24 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-03 23:08 - 2015-11-22 11:24 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2015-12-03 23:08 - 2015-11-22 11:20 - 01860096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2015-12-03 23:08 - 2015-11-22 11:18 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-03 23:08 - 2015-11-22 11:18 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2015-12-03 23:08 - 2015-11-22 11:18 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2015-12-03 23:08 - 2015-11-22 11:17 - 02680320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-12-03 23:08 - 2015-11-22 11:17 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-03 23:08 - 2015-11-22 11:11 - 00517632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2015-12-03 23:07 - 2015-11-22 12:00 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2015-12-03 23:07 - 2015-11-22 12:00 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\MosResource.dll
2015-12-03 23:07 - 2015-11-22 11:57 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MapControls.dll
2015-12-03 23:07 - 2015-11-22 11:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCoreRes.dll
2015-12-03 23:07 - 2015-11-22 11:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MosTrace.dll
2015-12-03 23:07 - 2015-11-22 11:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MosHost.dll
2015-12-03 23:07 - 2015-11-22 11:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2015-12-03 23:07 - 2015-11-22 11:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\ihvrilproxy.dll
2015-12-03 23:07 - 2015-11-22 11:56 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rilproxy.dll
2015-12-03 23:07 - 2015-11-22 11:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvcProxy.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\wsplib.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\nativemap.dll
2015-12-03 23:07 - 2015-11-22 11:54 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\MapControlStringsRes.dll
2015-12-03 23:07 - 2015-11-22 11:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2015-12-03 23:07 - 2015-11-22 11:52 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll
2015-12-03 23:07 - 2015-11-22 11:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-03 23:07 - 2015-11-22 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2015-12-03 23:07 - 2015-11-22 11:51 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2015-12-03 23:07 - 2015-11-22 11:51 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2015-12-03 23:07 - 2015-11-22 11:51 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2015-12-03 23:07 - 2015-11-22 11:51 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\mapstoasttask.dll
2015-12-03 23:07 - 2015-11-22 11:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-03 23:07 - 2015-11-22 11:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-03 23:07 - 2015-11-22 11:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Wwanpref.dll
2015-12-03 23:07 - 2015-11-22 11:48 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosResource.dll
2015-12-03 23:07 - 2015-11-22 11:46 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 06572032 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00264192 _____ (Nokia) C:\Windows\system32\NmaDirect.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wwancfg.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCoreRes.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-03 23:07 - 2015-11-22 11:45 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-03 23:07 - 2015-11-22 11:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2015-12-03 23:07 - 2015-11-22 11:43 - 00704000 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2015-12-03 23:07 - 2015-11-22 11:43 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-03 23:07 - 2015-11-22 11:42 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2015-12-03 23:07 - 2015-11-22 11:42 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WordBreakers.dll
2015-12-03 23:07 - 2015-11-22 11:42 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlStringsRes.dll
2015-12-03 23:07 - 2015-11-22 11:41 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2015-12-03 23:07 - 2015-11-22 11:40 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2015-12-03 23:07 - 2015-11-22 11:40 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2015-12-03 23:07 - 2015-11-22 11:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2015-12-03 23:07 - 2015-11-22 11:40 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2015-12-03 23:07 - 2015-11-22 11:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-03 23:07 - 2015-11-22 11:34 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2015-12-03 23:07 - 2015-11-22 11:34 - 00166912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2015-12-03 23:07 - 2015-11-22 11:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2015-12-03 23:07 - 2015-11-22 11:34 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2015-12-03 23:07 - 2015-11-22 11:33 - 00205824 _____ (Nokia) C:\Windows\SysWOW64\NmaDirect.dll
2015-12-03 23:07 - 2015-11-22 11:31 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2015-12-03 23:07 - 2015-11-22 11:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2015-12-03 23:07 - 2015-11-22 11:28 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2015-12-03 23:07 - 2015-11-22 11:28 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-12-03 23:07 - 2015-11-22 11:28 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2015-12-03 23:07 - 2015-11-22 11:28 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2015-12-03 23:07 - 2015-11-22 11:27 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2015-12-03 23:07 - 2015-11-22 11:27 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2015-12-03 23:07 - 2015-11-22 11:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-03 23:07 - 2015-11-22 11:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2015-12-03 23:07 - 2015-11-22 11:24 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditBufferTestHook.dll
2015-12-03 23:07 - 2015-11-22 11:23 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2015-12-03 22:02 - 2015-12-30 12:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 22:02 - 2015-12-09 01:45 - 00003816 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-30 13:00 - 2015-11-20 21:19 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 12:58 - 2015-11-25 22:30 - 00000000 ____D C:\Windows\Minidump
2015-12-30 12:58 - 2015-11-18 00:30 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-30 12:58 - 2015-10-30 08:28 - 00000000 ____D C:\Windows
2015-12-30 12:50 - 2015-10-30 09:21 - 00000000 ____D C:\Windows\INF
2015-12-30 12:48 - 2015-11-17 18:57 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\BSplayer PRO
2015-12-30 12:48 - 2015-11-17 18:56 - 00000000 ____D C:\Program Files (x86)\Webteh
2015-12-30 12:30 - 2015-11-20 21:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-30 12:23 - 2015-11-18 00:26 - 00361784 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-30 12:22 - 2015-10-30 08:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-30 12:20 - 2015-11-21 13:50 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-30 12:19 - 2015-11-21 14:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-30 12:18 - 2015-11-21 16:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-30 12:18 - 2015-11-21 13:48 - 00000000 ____D C:\ProgramData\Adobe
2015-12-30 12:14 - 2015-11-18 23:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-30 12:14 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-30 12:13 - 2015-11-18 23:23 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-30 12:13 - 2015-10-30 11:07 - 00000000 ____D C:\Windows\ShellNew
2015-12-30 12:13 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-30 12:10 - 2015-10-30 09:24 - 00000076 _____ C:\Windows\win.ini
2015-12-30 12:10 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-30 11:53 - 2015-11-18 13:32 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\uTorrent
2015-12-30 11:02 - 2015-11-20 21:20 - 00004156 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FEEBFADE-F02F-4488-A123-DD10472A7E52}
2015-12-30 11:02 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 11:02 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\AppReadiness
2015-12-30 02:00 - 2015-11-21 13:47 - 00000000 ____D C:\Users\Sergiu\AppData\Local\Adobe
2015-12-29 21:21 - 2015-10-30 09:11 - 00000000 ____D C:\Windows\CbsTemp
2015-12-29 14:28 - 2015-11-17 20:29 - 00000522 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-12-29 00:47 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\NDF
2015-12-28 14:15 - 2015-11-17 20:07 - 00003470 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2015-12-27 23:10 - 2015-10-30 09:26 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-27 23:10 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-27 11:18 - 2015-11-17 18:31 - 00002448 _____ C:\Windows\System32\Tasks\{7ADB8292-2D09-48C7-AE1A-4186E3A2C0DE}
2015-12-27 11:17 - 2015-11-18 00:26 - 00000000 ____D C:\Windows\Panther
2015-12-27 11:17 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\ModemLogs
2015-12-26 20:30 - 2015-11-18 00:36 - 00000000 ____D C:\Users\Sergiu\AppData\Local\Packages
2015-12-24 15:32 - 2015-11-18 00:38 - 00929278 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-24 15:26 - 2015-11-20 22:11 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-12-24 15:13 - 2015-11-26 20:42 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-24 15:13 - 2015-11-23 08:33 - 00000741 _____ C:\Users\Sergiu\Desktop\WorkStation - Shortcut.lnk
2015-12-24 15:13 - 2015-11-21 22:05 - 00001572 _____ C:\Users\Sergiu\Desktop\Adobe Illustrator CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 22:05 - 00001141 _____ C:\Users\Sergiu\Desktop\Adobe Dreamweaver CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 22:05 - 00001117 _____ C:\Users\Sergiu\Desktop\Adobe Photoshop CC 2015.lnk
2015-12-24 15:13 - 2015-11-21 16:51 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-12-24 15:13 - 2015-11-21 16:51 - 00001280 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-12-24 15:13 - 2015-11-20 22:52 - 00001207 _____ C:\Users\Sergiu\Desktop\Android Studio.lnk
2015-12-24 15:13 - 2015-11-20 22:52 - 00000709 _____ C:\Users\Sergiu\Desktop\Android - Shortcut.lnk
2015-12-24 15:13 - 2015-11-20 21:20 - 00001359 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-24 15:13 - 2015-11-19 19:10 - 00000718 _____ C:\Users\Sergiu\Desktop\NetBeans - Shortcut.lnk
2015-12-24 15:13 - 2015-11-19 19:08 - 00002084 _____ C:\Users\Public\Desktop\NetBeans IDE 8.1.lnk
2015-12-24 15:13 - 2015-11-19 12:23 - 00002644 _____ C:\Users\Sergiu\Desktop\Word 2016.lnk
2015-12-24 15:13 - 2015-11-19 12:05 - 00000757 _____ C:\Users\Sergiu\Desktop\Visual Studio - Shortcut.lnk
2015-12-24 15:13 - 2015-11-18 19:56 - 00001495 _____ C:\Users\Sergiu\Desktop\Visual Studio 2013.lnk
2015-12-24 15:13 - 2015-11-18 00:38 - 00002335 _____ C:\Users\Sergiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-24 15:13 - 2015-11-17 17:22 - 00001023 _____ C:\Users\Sergiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-12-23 11:14 - 2015-11-20 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-22 10:41 - 2015-11-18 00:35 - 00000000 ____D C:\Users\Sergiu
2015-12-21 14:38 - 2015-11-17 17:18 - 00000000 ____D C:\Users\Sergiu\AppData\Local\Google
2015-12-21 12:28 - 2015-11-23 08:37 - 00000000 ____D C:\Users\Sergiu\Documents\Visual Studio 2013
2015-12-19 00:32 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-12-19 00:32 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\Provisioning
2015-12-19 00:32 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\bcastdvr
2015-12-12 18:58 - 2015-11-18 00:36 - 00000000 ____D C:\Users\Sergiu\AppData\Local\VirtualStore
2015-12-10 10:18 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-09 13:30 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\oobe
2015-12-06 00:24 - 2015-11-26 20:42 - 00000000 ____D C:\Users\Sergiu\AppData\Roaming\Skype
2015-12-05 12:25 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\rescache
2015-12-04 13:56 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-12-04 12:25 - 2015-11-20 21:19 - 00003984 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 12:25 - 2015-11-20 21:19 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-11-17 17:02 - 2015-11-17 17:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Sergiu\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-21 09:43
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by Sergiu (2015-12-30 13:02:49)
Running from C:\Users\Sergiu\Desktop
Windows 10 Pro (X64) (2015-11-17 22:34:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2536191027-2410054101-898883693-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2536191027-2410054101-898883693-503 - Limited - Disabled)
Guest (S-1-5-21-2536191027-2410054101-898883693-501 - Limited - Disabled)
Sergiu (S-1-5-21-2536191027-2410054101-898883693-1001 - Administrator - Enabled) => C:\Users\Sergiu
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.0.177 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.100.404.105 - Alps Electric)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.5 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2013 (HKLM-x32\...\{D5170452-84D1-4725-AD9C-F9ECFD0A9E9F}) (Version: 12.0.40302.0 - Microsoft Corporation)
Git version 2.6.3 (HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\Git_is1) (Version: 2.6.3 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Memory Profiler (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 with Update 4 (HKLM-x32\...\{dca572ee-b6f6-4560-9879-fec58cc0022c}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
Node.js (HKLM\...\{76286A49-5C6A-4345-B83F-A034BAA13FDD}) (Version: 5.3.0 - Node.js Foundation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PowerShellIntegration.Notifications (x32 Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Release Management for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\slack) (Version: 1.2.7 - Slack Technologies)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Virtual Router Plus (HKLM-x32\...\{0AEE4D51-3657-4F40-A689-533429CAEE0C}) (Version: 2.5.0 - Runxia Electronics)
Visual Studio 2013 Update 5 (KB2829760) (HKLM-x32\...\{17551f85-1d1c-4142-a83f-bbd18a3522c2}) (Version: 12.0.40629 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2536191027-2410054101-898883693-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0419737C-ADF1-466C-930A-19DF3118D8AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {29C1A036-694A-4043-9063-FB9B803B9BA4} - System32\Tasks\{7ADB8292-2D09-48C7-AE1A-4186E3A2C0DE} => pcalua.exe -a "E:\ESET NOD32 8.0.304.1 AV & SS - BOX mara\cure\Eset fix.exe" -d "E:\ESET NOD32 8.0.304.1 AV & SS - BOX mara\cure"
Task: {2DC50334-C4A1-417E-A04C-3F3979274716} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 8.0\upgrade.exe [2015-11-23] (ESET)
Task: {63CAD1C5-151D-4DDC-A26E-217C8025A9AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {858F9D80-B9C6-4F77-B2F2-B11E381F4F07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {E9CFB8DE-8845-4A1C-8D28-9C9F4D2A467A} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {FAD8B09C-1999-4743-B8DD-B75CF6BDD408} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-12-03 23:08 - 2015-11-22 12:47 - 02653816 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-12-03 23:08 - 2015-11-22 12:47 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-12-17 09:08 - 2015-12-17 09:10 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-17 22:10 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 22:10 - 2015-12-07 06:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-17 22:10 - 2015-12-07 05:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-17 22:10 - 2015-12-07 05:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-17 22:10 - 2015-12-07 05:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-17 22:10 - 2015-12-07 05:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-17 09:08 - 2015-12-17 09:10 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 09:08 - 2015-12-17 09:10 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-17 09:33 - 2015-12-11 05:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 09:33 - 2015-12-11 05:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-27 00:54 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Sergiu\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67840792.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\88826989.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67840792.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\88826989.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 09:24 - 2015-12-25 18:02 - 00001134 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\Control Panel\Desktop\\Wallpaper -> D:\clouds at the bend.jpg
DNS Servers: 193.231.252.1 - 213.154.124.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\StartupApproved\StartupFolder: => "winupdate.lnk"
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2536191027-2410054101-898883693-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
26-12-2015 20:31:34 JRT Pre-Junkware Removal
28-12-2015 13:01:14 LastRestorePoint
29-12-2015 14:25:31 Checkpoint by HitmanPro
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2015 11:52:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MobizenService.exe, version: 2.20.0.1, time stamp: 0x56721e46
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x5654262a
Exception code: 0xc000070a
Fault offset: 0x000e9ad2
Faulting process id: 0x84c
Faulting application start time: 0xMobizenService.exe0
Faulting application path: MobizenService.exe1
Faulting module path: MobizenService.exe2
Report Id: MobizenService.exe3
Faulting package full name: MobizenService.exe4
Faulting package-relative application ID: MobizenService.exe5
 
Error: (12/29/2015 09:21:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (12/29/2015 09:03:35 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B791EE26-9303-48D0-B1F9-B94FB3E05C77}: The user SERGIU-PC\Sergiu dialed a connection named RCS&RDS which has failed. The error code returned on failure is 720.
 
Error: (12/29/2015 09:03:24 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={6C8E6FB6-28CD-4C61-8CEF-B5E7E03DF221}: The user SERGIU-PC\Sergiu dialed a connection named RCS&RDS which has failed. The error code returned on failure is 720.
 
Error: (12/29/2015 09:02:53 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3FD566D3-C90F-438A-9F0C-CBC9BB6325D6}: The user SERGIU-PC\Sergiu dialed a connection named RCS&RDS which has failed. The error code returned on failure is 720.
 
Error: (12/29/2015 09:02:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={0875A2E6-E303-40A9-98D8-E988C3B21507}: The user SERGIU-PC\Sergiu dialed a connection named RCS&RDS which has failed. The error code returned on failure is 720.
 
Error: (12/29/2015 09:02:43 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C26042B3-AB48-4596-A654-DA5496EF7379}: The user SERGIU-PC\Sergiu dialed a connection named RCS&RDS which has failed. The error code returned on failure is 0.
 
Error: (12/29/2015 09:02:22 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E6359285-DEDC-441F-8040-E1C5E8480E1C}: The user SERGIU-PC\Sergiu dialed a connection named RCS&RDS which has failed. The error code returned on failure is 0.
 
Error: (12/29/2015 09:02:19 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={6C08C854-043F-4FD8-97DF-FD7006505FC3}: The user SERGIU-PC\Sergiu dialed a connection named RCS&RDS which has failed. The error code returned on failure is 0.
 
Error: (12/29/2015 02:26:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000318,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000CABA77E9E0.72).  hr = 0x80070005, Access is denied.
.
 
 
System errors:
=============
Error: (12/30/2015 12:58:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobizen plugin service failed to start due to the following error: 
%%2
 
Error: (12/30/2015 12:58:43 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xffffe0005b1e5040, 0xfffff80084c58d00)C:\Windows\MEMORY.DMP4e01c2c2-4031-4c6e-aa96-8d661faeeb4f
 
Error: (12/30/2015 12:52:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (12/30/2015 12:52:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
 
Error: (12/30/2015 12:52:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
 
Error: (12/30/2015 12:51:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_41c0e service to connect.
 
Error: (12/30/2015 12:51:37 PM) (Source: DCOM) (EventID: 10010) (User: SERGIU-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
 
Error: (12/30/2015 12:51:27 PM) (Source: DCOM) (EventID: 10010) (User: SERGIU-PC)
Description: {0002DF02-0000-0000-C000-000000000046}
 
Error: (12/30/2015 12:51:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_41c0e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/30/2015 12:51:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2015-12-30 12:24:34.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-30 12:12:55.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-29 21:23:32.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-20 19:55:16.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 10:34:51.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-10 23:12:21.706
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 13:33:19.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 09:07:56.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-04 13:59:09.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-25 22:33:49.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 39%
Total physical RAM: 3949.64 MB
Available physical RAM: 2404.96 MB
Total Virtual: 10093.64 MB
Available Virtual: 8687.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:99.51 GB) (Free:28.81 GB) NTFS
Drive d: (Sergiu) (Fixed) (Total:365.76 GB) (Free:117.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 452D8336)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 30 December 2015 - 12:14 PM

No problem, I appreciate your understanding.

Are you still getting the pop ups, is it the same every time, and if so with which browser(s)?

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKU\S-1-5-21-2536191027-2410054101-898883693-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = 
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Browser(s)?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 IAmSergiu

IAmSergiu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 31 December 2015 - 08:56 AM

I solved it, thanks for help.



#7 IAmSergiu

IAmSergiu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 31 December 2015 - 08:58 AM

Thank you for the advice as well.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 31 December 2015 - 10:52 AM

You are welcome and thanks for letting me know.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 31 December 2015 - 10:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users