Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/filecoder.EA.trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 marvinpc

marvinpc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 20 February 2016 - 12:06 AM

Hi, any help is greatly appreciated. At first the computer couldn't boot up. Ran it in safe mode and scanned with ESET scanner. Now it runs a little better but this Win32/filecoder.EA.trojan still shows on the scan.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by Marvin Kim (administrator) on SAML (19-02-2016 20:27:17)
Running from C:\Users\Marvin Kim\Downloads
Loaded Profiles: Marvin Kim (Available Profiles: Marvin Kim)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-985648777-1730271808-901678370-1006\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-985648777-1730271808-901678370-1006\...\MountPoints2: {3c357ca1-3d78-11df-843c-001aa0a02e23} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [Ahoweverd] -> {84C1875D-6B7C-4CF5-B6DD-33D90DFBA182} =>  No File
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} =>  No File
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.0.1
Tcpip\..\Interfaces\{57FAC5AB-0901-4C93-A35F-8CE2B80DF7C2}: [DhcpNameServer] 192.168.1.254 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-985648777-1730271808-901678370-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {A5FD6BDA-6454-4354-B3F1-B987B9C9A84F} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-985648777-1730271808-901678370-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-985648777-1730271808-901678370-1006 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-01] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-01] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-985648777-1730271808-901678370-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} file:///D:/components/Liquid.ocx
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marvin Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7e58unpl.default-1455222864838
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2008-02-06] (BitTorrent, Inc.)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll [2009-05-12] (WebEx Communications, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008-09-03] (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-01-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-12-18] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-27] [not signed]
FF HKLM\...\Firefox\Extensions: [{fc4350fc-3e37-4f1e-8341-5af31e09f020}] - C:\Program Files\Mozilla Firefox\extensions\{fc4350fc-3e37-4f1e-8341-5af31e09f020} => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 ATMsrvc; C:\Windows\System32\ATMsrvc.exe [15360 2000-05-24] (Adobe Systems Incorporated) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-05-11] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S3 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 TBService; "C:\ProgramData\Baidu\tbservice\2.0.1.183\tbservice.exe" -r [X]
S2 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Aha154x; C:\Windows\system32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed]
S4 aic78u2; C:\Windows\system32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed]
S4 amsint; C:\Windows\system32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed]
S4 asc; C:\Windows\system32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed]
S4 asc3350p; C:\Windows\system32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed]
S4 asc3550; C:\Windows\system32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed]
S4 cd20xrnt; C:\Windows\system32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Cpqarray; C:\Windows\system32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed]
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 dac2w2k; C:\Windows\system32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed]
S4 dac960nt; C:\Windows\system32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed]
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
S4 dpti2o; C:\Windows\system32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [385072 2008-01-22] (Symantec Corporation)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23248 2015-11-29] (360.cn)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-02-11] ()
S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [13952 2010-02-04] (Windows ® Win 7 DDK provider)
S4 hpn; C:\Windows\system32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ini910u; C:\Windows\system32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsle99d0e0a; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A18FA0D-35B9-4BF2-9204-A6AB216F2ACC}\MpKsle99d0e0a.sys [39168 2016-02-19] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
S4 ql1080; C:\Windows\system32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed]
S4 Ql10wnt; C:\Windows\system32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ql12160; C:\Windows\system32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed]
S4 ql1240; C:\Windows\system32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ql1280; C:\Windows\system32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed]
S4 Sparrow; C:\Windows\system32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed]
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-04-09] (Duplex Secure Ltd.)
S4 symc810; C:\Windows\system32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-11-20] (The OpenVPN Project)
S4 TosIde; C:\Windows\system32\DRIVERS\toside.sys [4992 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ultra; C:\Windows\system32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-10] (Apple, Inc.) [File not signed]
S1 bduniptk; system32\DRIVERS\bduniptk.sys [X]
S3 ComputerZ; \??\C:\Program Files\LuDaShi\ComputerZ.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S1 TBEnhance; system32\DRIVERS\TBEnhance.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 20:27 - 2016-02-19 20:27 - 00014635 _____ C:\Users\Marvin Kim\Downloads\FRST.txt
2016-02-19 20:26 - 2016-02-19 20:27 - 00000000 ____D C:\FRST
2016-02-19 20:26 - 2016-02-19 20:26 - 01722368 _____ (Farbar) C:\Users\Marvin Kim\Downloads\FRST.exe
2016-02-19 19:41 - 2016-02-19 19:43 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-19 19:40 - 2016-02-19 19:40 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-19 19:40 - 2016-02-19 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-19 19:40 - 2016-02-19 19:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-19 19:40 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-19 19:40 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-19 19:40 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-19 19:39 - 2016-02-19 19:39 - 22908888 _____ (Malwarebytes ) C:\Users\Marvin Kim\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-02-11 13:24 - 2016-02-11 13:24 - 13767776 _____ (Microsoft Corporation) C:\Users\Marvin Kim\Downloads\vc_redist.x86.exe
2016-02-11 13:24 - 2016-02-11 13:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-11 13:22 - 2016-02-11 13:23 - 14572000 _____ (Microsoft Corporation) C:\Users\Marvin Kim\Downloads\vc_redist.x64.exe
2016-02-11 11:48 - 2016-02-11 12:19 - 00000000 ____D C:\EEK
2016-02-11 10:57 - 2016-02-11 12:37 - 00000751 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-02-11 10:57 - 2016-02-11 12:31 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2016-02-11 10:50 - 2016-02-11 10:50 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\Zemana
2016-02-11 10:48 - 2016-02-11 10:48 - 00043376 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-02-11 10:47 - 2016-02-11 10:47 - 00006192 _____ C:\Windows\system32\.crusader
2016-02-11 10:42 - 2016-02-11 10:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-11 10:38 - 2016-02-11 10:47 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-11 09:43 - 2016-02-11 09:45 - 00418302 _____ C:\TDSSKiller.3.1.0.9_11.02.2016_09.43.17_log.txt
2016-02-11 09:40 - 2016-02-11 09:41 - 00003832 _____ C:\TDSSKiller.3.1.0.9_11.02.2016_09.40.36_log.txt
2016-02-11 09:32 - 2016-02-11 09:34 - 00004322 _____ C:\TDSSKiller.3.1.0.9_11.02.2016_09.32.25_log.txt
2016-02-11 07:44 - 2016-01-21 22:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-11 07:44 - 2016-01-21 22:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-11 07:44 - 2016-01-21 21:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-11 07:44 - 2016-01-21 21:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-11 07:44 - 2016-01-16 10:42 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-11 07:44 - 2016-01-16 10:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-11 07:44 - 2016-01-16 10:34 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-11 07:44 - 2016-01-11 06:07 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-11 07:44 - 2016-01-11 06:07 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-11 07:44 - 2016-01-11 06:07 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-11 07:44 - 2016-01-11 06:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-11 07:44 - 2016-01-11 06:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-11 07:44 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-11 07:44 - 2016-01-06 09:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-11 07:44 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-11 07:44 - 2015-12-08 13:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-11 07:44 - 2015-11-16 12:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-02-11 07:44 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-11 07:44 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-11 07:44 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-11 07:43 - 2016-01-22 12:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-11 07:43 - 2016-01-21 22:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-11 07:43 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-11 07:43 - 2016-01-21 22:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-11 07:43 - 2016-01-21 22:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-11 07:43 - 2016-01-21 22:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-11 07:43 - 2016-01-21 22:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-11 07:43 - 2016-01-21 21:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-11 07:43 - 2016-01-21 21:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-11 07:43 - 2016-01-21 21:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-11 07:43 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-11 07:43 - 2016-01-21 21:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-11 07:43 - 2016-01-21 21:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 07:43 - 2016-01-21 21:46 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-11 07:43 - 2016-01-21 21:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-11 07:43 - 2016-01-21 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-11 07:43 - 2016-01-21 21:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-11 07:43 - 2016-01-21 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-11 07:43 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-11 07:43 - 2016-01-21 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-11 07:43 - 2016-01-21 21:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-11 07:43 - 2016-01-21 21:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-11 07:43 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-11 07:43 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-11 07:43 - 2016-01-21 21:25 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-11 07:43 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-11 07:43 - 2016-01-21 21:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-11 07:43 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-11 07:43 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-11 07:43 - 2016-01-07 09:47 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-11 07:43 - 2016-01-07 09:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-11 07:43 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-11 07:43 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-11 07:43 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-11 07:43 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-11 07:43 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-11 07:42 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-11 07:42 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-11 07:42 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-11 07:42 - 2015-12-08 13:54 - 01202688 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-02-11 07:42 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-11 07:42 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-11 07:42 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-11 07:42 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-11 07:42 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-11 07:42 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-11 07:42 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-11 07:42 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-11 07:42 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-11 07:42 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-11 07:42 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-11 07:42 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-11 07:42 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-11 07:42 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-11 07:42 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-11 07:42 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-11 07:42 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-02-11 07:42 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-02-11 07:42 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-02-11 07:42 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-02-11 07:42 - 2015-12-08 13:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-02-11 07:42 - 2015-12-08 13:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-11 07:42 - 2015-12-08 13:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-02-11 07:41 - 2016-01-21 22:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-11 07:41 - 2016-01-21 22:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-11 07:41 - 2016-01-21 22:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-11 07:41 - 2016-01-21 22:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-11 07:40 - 2016-01-21 22:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-11 07:40 - 2016-01-21 22:13 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-11 07:40 - 2016-01-21 22:13 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-11 07:40 - 2016-01-21 22:06 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-11 07:40 - 2016-01-21 22:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-11 07:40 - 2016-01-21 22:06 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-11 07:40 - 2016-01-21 22:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-11 07:40 - 2016-01-21 22:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-11 07:40 - 2016-01-21 22:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-11 07:40 - 2016-01-21 22:05 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-11 07:40 - 2016-01-21 22:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-11 07:40 - 2016-01-21 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-11 07:40 - 2016-01-21 22:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 21:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-11 07:40 - 2016-01-21 21:01 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-11 07:40 - 2016-01-21 21:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-11 07:40 - 2016-01-21 20:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-11 07:40 - 2016-01-21 20:53 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-11 07:40 - 2016-01-21 20:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-11 07:40 - 2016-01-21 20:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-11 07:40 - 2016-01-21 20:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-11 07:40 - 2016-01-21 20:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-11 07:40 - 2016-01-21 20:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-11 07:40 - 2016-01-21 20:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 20:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 20:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 07:40 - 2016-01-21 20:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-11 07:39 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 07:39 - 2016-02-06 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 07:39 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 07:39 - 2016-02-06 01:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 07:39 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 07:39 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 07:37 - 2016-01-11 10:47 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-11 07:37 - 2016-01-11 10:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-11 07:37 - 2016-01-11 10:35 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-11 07:37 - 2016-01-11 10:17 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-11 07:37 - 2016-01-11 10:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-11 07:37 - 2016-01-11 10:14 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-11 07:37 - 2016-01-11 10:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-11 07:37 - 2016-01-11 10:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-11 07:37 - 2016-01-11 10:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-11 07:37 - 2016-01-11 10:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-11 07:37 - 2016-01-11 10:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 19:27 - 2016-02-10 19:27 - 00007619 _____ C:\Users\Marvin Kim\AppData\Local\Resmon.ResmonCfg
2016-02-10 19:15 - 2016-02-19 20:10 - 00352098 _____ C:\Windows\ntbtlog.txt
2016-02-10 19:13 - 2016-02-10 19:14 - 01295332 _____ C:\Users\Marvin Kim\Documents\cc_20160210_191326.reg
2016-02-10 18:11 - 2016-02-11 11:28 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\Ahoweverd
2016-02-10 18:07 - 2016-02-10 18:07 - 00005878 ____N C:\Windows\SchedLgU.Txt
2016-02-10 18:04 - 2016-02-10 18:04 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-10 18:04 - 2016-02-10 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-10 18:04 - 2016-02-10 18:04 - 00000000 ____D C:\Program Files\CCleaner
2016-02-10 17:45 - 2016-02-10 17:45 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-10 17:45 - 2016-02-10 17:45 - 00000000 ____D C:\Program Files\VS Revo Group

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 20:22 - 2010-01-27 20:27 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-19 20:22 - 2010-01-27 20:27 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-19 19:39 - 2010-01-27 20:29 - 00818298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-19 19:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-02-19 19:33 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-18 21:38 - 2014-12-20 20:52 - 00000000 ____D C:\AdwCleaner
2016-02-18 21:38 - 2014-10-18 20:32 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-02-18 21:38 - 2013-02-26 22:44 - 00000000 ____D C:\ProgramData\LogiShrd
2016-02-18 21:38 - 2010-07-04 08:26 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\DassaultSystemes
2016-02-18 21:38 - 2008-07-31 07:19 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\Cooliris
2016-02-18 21:38 - 2008-02-20 20:27 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\Apps\2.0
2016-02-18 21:38 - 2008-02-10 12:17 - 00000000 ____D C:\ProgramData\McNeel
2016-02-18 21:38 - 2008-02-08 16:43 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\Autodesk
2016-02-18 21:38 - 2008-02-08 15:57 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\Flickr
2016-02-18 21:38 - 2008-02-07 00:29 - 00000000 ____D C:\ProgramData\FLEXnet
2016-02-18 21:38 - 2004-08-10 11:39 - 00000000 ____D C:\dell
2016-02-18 20:09 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-02-11 18:37 - 2010-01-27 20:30 - 00000000 ____D C:\Users\Marvin Kim
2016-02-11 11:28 - 2015-12-11 09:59 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\optimistic
2016-02-11 11:28 - 2015-11-29 20:25 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\Asmashing
2016-02-11 11:28 - 2015-11-24 15:43 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\Agorgeous
2016-02-11 11:28 - 2014-11-25 20:20 - 00000000 ____D C:\025adff2-1b3c-4b0a-838c-c124657ad3fd
2016-02-11 10:47 - 2008-02-08 15:36 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\Apple Computer
2016-02-11 10:47 - 2008-02-05 23:23 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\Google
2016-02-11 10:47 - 2008-02-05 23:23 - 00000000 ____D C:\Users\Marvin Kim\AppData\Local\Adobe
2016-02-11 10:41 - 2015-11-07 09:24 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\FunUninst
2016-02-11 10:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-11 10:34 - 2015-03-12 18:38 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\FunUninstall
2016-02-11 10:34 - 2014-12-29 18:09 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\CloudMedia
2016-02-11 08:53 - 2015-12-04 09:45 - 06637160 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-11 08:51 - 2015-01-31 20:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-11 08:49 - 2014-12-10 03:25 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-11 08:49 - 2014-05-06 20:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-11 08:49 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 08:26 - 2015-01-31 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-11 08:10 - 2013-08-18 20:50 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 08:02 - 2011-06-03 07:28 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 22:41 - 2014-12-21 14:20 - 00000000 ____D C:\FunshionMedia
2016-02-10 22:41 - 2014-12-19 20:33 - 00000000 ____D C:\120f5a9d-817b-48b6-87cd-eafc30502088
2016-02-10 18:08 - 2012-06-13 06:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-10 18:08 - 2012-06-13 06:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-10 17:58 - 2014-04-25 13:55 - 00000000 __SHD C:\$360Section
2016-02-10 17:48 - 2015-11-05 13:15 - 00000000 ____D C:\Users\Marvin Kim\AppData\Roaming\Funshion
2016-02-10 17:45 - 2014-12-21 14:20 - 00000000 ____D C:\ProgramData\Funshion

==================== Files in the root of some directories =======

2013-08-18 18:00 - 2015-12-10 09:37 - 0000911 _____ () C:\Users\Marvin Kim\AppData\Roaming\coreavc.ini
2010-01-11 07:58 - 2010-01-11 07:59 - 0000192 _____ () C:\Users\Marvin Kim\AppData\Roaming\fontdb.ldb
2010-01-11 07:58 - 2010-01-11 07:59 - 0102400 _____ () C:\Users\Marvin Kim\AppData\Roaming\fontdb.mdb
2015-10-24 15:56 - 2015-10-24 15:57 - 0003874 _____ () C:\Users\Marvin Kim\AppData\Roaming\lds_uninst.log
2008-10-27 19:49 - 2008-10-27 19:49 - 0025575 _____ () C:\Users\Marvin Kim\AppData\Roaming\UserTile.png
2014-10-19 02:50 - 2014-10-26 23:50 - 0000129 _____ () C:\Users\Marvin Kim\AppData\Roaming\WB.CFG
2012-01-22 21:58 - 2012-01-22 21:58 - 0000000 _____ () C:\Users\Marvin Kim\AppData\Roaming\wklnhst.dat
2011-03-07 23:23 - 2011-05-09 22:07 - 0006144 _____ () C:\Users\Marvin Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-22 20:52 - 2014-10-22 20:52 - 0000001 _____ () C:\Users\Marvin Kim\AppData\Local\DSI.DAT
2010-01-28 22:10 - 2010-01-28 22:10 - 0000098 _____ () C:\Users\Marvin Kim\AppData\Local\fusioncache.dat
2016-02-10 19:27 - 2016-02-10 19:27 - 0007619 _____ () C:\Users\Marvin Kim\AppData\Local\Resmon.ResmonCfg
2010-05-06 06:42 - 2010-05-06 06:42 - 0000032 _____ () C:\ProgramData\ezsid.dat
2011-03-31 18:07 - 2011-03-31 18:07 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\ProgramData\ezsid.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-30 11:16

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 20 February 2016 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [Ahoweverd] -> {84C1875D-6B7C-4CF5-B6DD-33D90DFBA182} =>  No File
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-985648777-1730271808-901678370-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
Toolbar: HKU\S-1-5-21-985648777-1730271808-901678370-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM\...\Firefox\Extensions: [{fc4350fc-3e37-4f1e-8341-5af31e09f020}] - C:\Program Files\Mozilla Firefox\extensions\{fc4350fc-3e37-4f1e-8341-5af31e09f020} => not found
S2 TBService; "C:\ProgramData\Baidu\tbservice\2.0.1.183\tbservice.exe" -r [X]
S2 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]
S1 bduniptk; system32\DRIVERS\bduniptk.sys [X]
S3 ComputerZ; \??\C:\Program Files\LuDaShi\ComputerZ.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S1 TBEnhance; system32\DRIVERS\TBEnhance.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
CustomCLSID: HKU\S-1-5-21-985648777-1730271808-901678370-1006_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\ACADM 2010\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-985648777-1730271808-901678370-1006_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\ACADM 2010\acad.exe => No File
Task: {108EB317-FD0F-4D13-A478-4D2E6945B551} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {46915913-43E2-4BB3-9F02-0A38EE5BCA0D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Marvin Kim\.DS_Store:AFP_AfpInfo


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java via the Control Panel > Programs and Features applet.
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)


Please let me know what problem persists with this computer.

#3 marvinpc

marvinpc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 20 February 2016 - 09:00 PM

Hi nasdaq,

Thank you so much for your help. Updated Java, ran the fix.

Computer seems to be running fine, here's the fixed log...

 

Fix result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Marvin Kim (2016-02-20 17:09:44) Run:1
Running from C:\Users\Marvin Kim\Downloads
Loaded Profiles: Marvin Kim (Available Profiles: Marvin Kim)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [Ahoweverd] -> {84C1875D-6B7C-4CF5-B6DD-33D90DFBA182} =>  No File
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-985648777-1730271808-901678370-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
Toolbar: HKU\S-1-5-21-985648777-1730271808-901678370-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM\...\Firefox\Extensions: [{fc4350fc-3e37-4f1e-8341-5af31e09f020}] - C:\Program Files\Mozilla Firefox\extensions\{fc4350fc-3e37-4f1e-8341-5af31e09f020} => not found
S2 TBService; "C:\ProgramData\Baidu\tbservice\2.0.1.183\tbservice.exe" -r [X]
S2 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]
S1 bduniptk; system32\DRIVERS\bduniptk.sys [X]
S3 ComputerZ; \??\C:\Program Files\LuDaShi\ComputerZ.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S1 TBEnhance; system32\DRIVERS\TBEnhance.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
CustomCLSID: HKU\S-1-5-21-985648777-1730271808-901678370-1006_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\ACADM 2010\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-985648777-1730271808-901678370-1006_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\ACADM 2010\acad.exe => No File
Task: {108EB317-FD0F-4D13-A478-4D2E6945B551} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {46915913-43E2-4BB3-9F02-0A38EE5BCA0D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Marvin Kim\.DS_Store:AFP_AfpInfo


End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Command Processor\\AutoRun => value removed successfully.
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Ahoweverd" => key removed successfully.
HKCR\CLSID\{84C1875D-6B7C-4CF5-B6DD-33D90DFBA182} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => key removed successfully.
HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-985648777-1730271808-901678370-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => key removed successfully.
HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => key not found.
HKU\S-1-5-21-985648777-1730271808-901678370-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0" => key removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{fc4350fc-3e37-4f1e-8341-5af31e09f020} => value removed successfully.
TBService => service removed successfully.
ZAMSvc => service removed successfully.
bduniptk => service removed successfully.
ComputerZ => service removed successfully.
DIRECTIO => service removed successfully.
Synth3dVsc => service removed successfully.
TBEnhance => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
ZAM => service removed successfully.
ZAM_Guard => service removed successfully.
"HKU\S-1-5-21-985648777-1730271808-901678370-1006_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}" => key removed successfully.
"HKU\S-1-5-21-985648777-1730271808-901678370-1006_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{108EB317-FD0F-4D13-A478-4D2E6945B551}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{108EB317-FD0F-4D13-A478-4D2E6945B551}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46915913-43E2-4BB3-9F02-0A38EE5BCA0D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46915913-43E2-4BB3-9F02-0A38EE5BCA0D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B184694-64C3-4633-94C5-945B3FA561D6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B184694-64C3-4633-94C5-945B3FA561D6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D21F6024-191F-4454-BBBC-09A650DA2549}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D21F6024-191F-4454-BBBC-09A650DA2549}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully..
C:\Users\Marvin Kim\.DS_Store => ":AFP_AfpInfo" ADS removed successfully..
EmptyTemp: => 382.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:10:48 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 21 February 2016 - 08:01 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 27 February 2016 - 08:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users