Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspected malware (blinking screen, event viewers errors and network protocols)


  • This topic is locked This topic is locked
30 replies to this topic

#1 AlehCemy

AlehCemy

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:28 AM

Posted 04 April 2016 - 10:30 AM

Hello!

I decided to post in this forum because I wasn’t sure if my pc is infected with some malware or virus or just random problems. I have been having a couple of small problems and got fed up. 

I noticed that sometimes my internet will just present the following error “one or more network protocols are missing on this computer“ (tried everything possible to solve it, but nothing seemed to solve definitely) right after being painfully slow for a few minutes, sometimes my screen will blink like crazy in a few sites (and some of them will make the site completely blank, even though before the blinking it showed just fine) and my Event Viewer started to present two persistent errors that are the following:

 

Log Name:      System

Source:        Service Control Manager

Date:          04/04/2016 11:16:35

Event ID:      7001

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      Aleh-PC

Description:

The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

 

Log Name:      System

Source:        Service Control Manager

Date:          04/04/2016 10:52:28

Event ID:      7000

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      Aleh-PC

Description:

The Gbpddreg svc service failed to start due to the following error: 

The system cannot find the file specified.

 

I did a scan with Malwarebytes Anti-Malware and Bitdefender but all it accused was the crack for a few programs I have installed on this pc. Aside of all those problems, my pc is been running just fine, with the same speed of always. And in the moment, my Windows Firewall is up and running.  

Below are the FRST log (attached is the Addition.txt):
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Aleh (administrator) on ALEH-PC (04-04-2016 12:23:41)
Running from F:\
Loaded Profiles: Aleh (Available Profiles: Aleh & postgres & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Users\Aleh\Program Files (x86)\BitTorrent_DNA\dna.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [apmwinapp] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows  10.4\apmwinsrv.exe [66768 2015-11-24] ()
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCui.exe [1332224 2015-10-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248528 2016-03-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Run: [BitTorrent DNA] => C:\Users\Aleh\Program Files (x86)\BitTorrent_DNA\dna.exe [286016 2015-05-17] ()
HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Run: [BitTorrent] => C:\Users\Aleh\Program Files (x86)\BitTorrent\BitTorrent.exe [587568 2015-05-17] ()
HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Run: [uTorrent] => C:\Users\Aleh\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-16] (BitTorrent Inc.)
HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Run: [ESL Wire] => C:\Program Files\EslWire\wire.exe [3624448 2015-12-07] (Turtle Entertainment GmbH)
HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Policies\Explorer: [] 
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-03-28] (Dropbox, Inc.)
Startup: C:\Users\Aleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cleantemp.bat [2015-07-14] ()
Startup: C:\Users\Aleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2016-02-26]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Startup: C:\Users\Aleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar590.lnk [2015-10-05]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{018d525a-4d17-4e12-a1e7-cd4547a8dad6}: [NameServer] 8.8.8.8,4.4.4.4
Tcpip\..\Interfaces\{018d525a-4d17-4e12-a1e7-cd4547a8dad6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0f6a575f-adb1-4746-b9eb-6fd87cacc1b4}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-11-04] (Banco do Brasil)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Aleh\AppData\Roaming\Mozilla\Firefox\Profiles\znnvofwr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\BitTorrent_DNA\npbtdna.dll [2015-05-16] (BitTorrent, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-4153844634-2514725889-2569056973-1000: @hola.org/vlc,version=1.8.77 -> C:\Users\Aleh\AppData\Local\Hola\firefox\app\vlc [2015-05-30] ()
FF Plugin HKU\S-1-5-21-4153844634-2514725889-2569056973-1000: gastecnologia.com.br/sf/abn -> C:\Users\Aleh\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-04-08] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-4153844634-2514725889-2569056973-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF user.js: detected! => C:\Users\Aleh\AppData\Roaming\Mozilla\Firefox\Profiles\znnvofwr.default\user.js [2016-03-20]
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Aleh\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-03-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-09-12] [not signed]
FF HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Aleh\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found
FF HKU\S-1-5-21-4153844634-2514725889-2569056973-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Aleh\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.57\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.57\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Aleh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Aleh\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2016-02-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Aleh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1139744 2015-11-16] (Autodesk Inc.)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-06] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-08-27] (Portrait Displays, Inc.)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-12-05] ()
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
S4 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-10-11] (Reprise Software Inc.) [File not signed]
S4 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-11-04] (GAS Tecnologia)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2940704 2015-12-28] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2014-11-07] (Paragon Software Group)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-31] (Disc Soft Ltd)
S0 gbpddreg; C:\Windows\SysWOW64\drivers\gbpddreg64.sys [29816 2015-09-22] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2014-11-07] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [205008 2014-11-07] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2014-11-07] (Paragon Software Group)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2015-01-01] (Intel Corporation)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [42704 2014-11-07] (Paragon Software Group)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\drivers\PdiPorts.sys [20784 2012-04-16] (Portrait Displays, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-07-28] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\system32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2015-01-01] (Synaptics Incorporated)
S3 tun3326; C:\Windows\System32\DRIVERS\tun3326.sys [32368 2013-03-22] (The OpenVPN Project)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-04-04] (GAS Tecnologia)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-04 12:23 - 2016-04-04 12:23 - 00000000 ____D C:\FRST
2016-04-04 11:00 - 2016-04-04 11:00 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\SongManager
2016-04-04 11:00 - 2016-04-04 11:00 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\Image-Line
2016-04-04 10:56 - 2016-04-04 10:56 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\Battle.net
2016-04-04 10:53 - 2016-04-04 10:53 - 00003806 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-04-04 10:52 - 2016-04-04 10:52 - 00003822 _____ C:\WINDOWS\System32\Tasks\AutoRearm
2016-04-04 10:52 - 2016-04-04 10:52 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-03 21:39 - 2016-04-03 21:39 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\DxO Labs
2016-04-03 21:39 - 2016-04-03 21:39 - 00000000 ____D C:\Users\Aleh\AppData\Local\DxO_Labs
2016-04-03 21:37 - 2016-04-03 21:55 - 00000000 ____D C:\Users\Aleh\Documents\DxO OpticsPro 10 logs
2016-04-03 21:35 - 2016-04-03 21:39 - 00000000 ____D C:\ProgramData\DxO Labs
2016-04-03 21:35 - 2016-04-03 21:39 - 00000000 ____D C:\Program Files\DxO Labs
2016-04-03 21:35 - 2016-04-03 21:35 - 00002059 _____ C:\Users\Public\Desktop\DxO OpticsPro 10.lnk
2016-04-03 21:35 - 2016-04-03 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO OpticsPro 10
2016-03-31 18:47 - 2016-03-29 22:05 - 01767248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-03-31 11:26 - 2016-03-31 11:26 - 00000251 _____ C:\Users\Aleh\Desktop\TheDivision.url
2016-03-30 21:31 - 2016-04-03 21:35 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\NVIDIA
2016-03-30 14:46 - 2016-03-30 14:46 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-30 14:46 - 2016-03-21 17:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-03-30 14:46 - 2016-03-21 17:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-30 14:46 - 2016-03-21 17:01 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-03-30 12:42 - 2016-03-30 12:42 - 00000233 _____ C:\Users\Aleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's The Division.url
2016-03-30 12:18 - 2016-04-04 10:52 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-30 12:18 - 2016-03-30 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan
2016-03-30 12:18 - 2016-03-30 12:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-30 12:18 - 2016-03-21 23:37 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-30 12:18 - 2016-03-21 23:37 - 02994744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-30 12:18 - 2016-03-21 23:37 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-30 12:18 - 2016-03-21 23:37 - 01265720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-30 12:18 - 2016-03-21 23:37 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-30 12:18 - 2016-03-21 23:37 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-30 12:18 - 2016-03-21 23:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-30 12:18 - 2016-03-21 23:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-30 12:18 - 2016-03-21 22:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-30 12:18 - 2016-03-18 08:44 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-30 12:18 - 2016-03-16 18:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-30 12:18 - 2016-03-16 18:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-30 12:18 - 2016-03-16 18:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-30 12:18 - 2016-03-16 18:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-30 12:16 - 2016-03-24 22:23 - 12659136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-30 12:16 - 2016-03-24 08:52 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-03-30 12:16 - 2016-03-24 08:52 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-03-30 12:16 - 2016-03-24 08:52 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 31594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 20074728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 17369448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 17328008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 14226672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 03263480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00784824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00630776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00601936 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-30 12:16 - 2016-03-22 01:08 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-30 12:16 - 2016-03-22 01:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-30 12:16 - 2016-03-22 01:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-29 22:30 - 2016-03-29 22:30 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\Google
2016-03-29 22:03 - 2016-03-29 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-26 21:46 - 2016-03-26 21:47 - 00000000 ____D C:\ProgramData\Google
2016-03-26 21:46 - 2016-03-26 21:46 - 00000000 ____D C:\Program Files\Google
2016-03-25 20:24 - 2016-03-25 20:31 - 00000292 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Aleh.job
2016-03-25 20:24 - 2016-03-25 20:24 - 00002474 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Aleh
2016-03-23 20:55 - 2016-03-23 20:55 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-23 20:55 - 2016-03-23 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-23 20:55 - 2016-03-23 20:55 - 00000000 ____D C:\Program Files\iTunes
2016-03-23 20:55 - 2016-03-23 20:55 - 00000000 ____D C:\Program Files\iPod
2016-03-23 20:55 - 2016-03-23 20:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-23 20:54 - 2016-03-23 20:54 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-23 20:54 - 2016-03-23 20:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-23 20:54 - 2016-03-23 20:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-16 18:30 - 2016-03-16 18:30 - 00128792 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-5-1.dll
2016-03-16 18:29 - 2016-03-16 18:29 - 00127768 _____ C:\WINDOWS\system32\vulkan-1-1-0-5-1.dll
2016-03-16 18:29 - 2016-03-16 18:29 - 00041752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-5-1.exe
2016-03-16 18:28 - 2016-03-16 18:28 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-5-1.exe
2016-03-10 18:44 - 2016-03-08 04:12 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-10 18:44 - 2016-03-08 04:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 20:15 - 2016-03-01 02:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-08 20:15 - 2016-03-01 02:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-08 20:15 - 2016-02-24 06:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-08 20:15 - 2016-02-24 06:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-08 20:15 - 2016-02-24 06:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-08 20:15 - 2016-02-24 06:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-08 20:15 - 2016-02-24 06:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-08 20:15 - 2016-02-24 06:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-08 20:15 - 2016-02-24 06:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-08 20:15 - 2016-02-24 06:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-08 20:15 - 2016-02-24 05:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-08 20:15 - 2016-02-24 05:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-08 20:15 - 2016-02-24 05:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-08 20:15 - 2016-02-24 05:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-08 20:15 - 2016-02-24 05:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-08 20:15 - 2016-02-24 05:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-08 20:15 - 2016-02-24 05:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-08 20:15 - 2016-02-24 05:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-08 20:15 - 2016-02-24 05:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-08 20:15 - 2016-02-24 05:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-08 20:15 - 2016-02-24 05:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-08 20:15 - 2016-02-24 05:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-08 20:15 - 2016-02-24 05:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-08 20:15 - 2016-02-24 05:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-08 20:15 - 2016-02-24 05:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-08 20:15 - 2016-02-24 05:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-08 20:15 - 2016-02-24 05:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-08 20:15 - 2016-02-24 05:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-08 20:15 - 2016-02-24 05:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-08 20:15 - 2016-02-24 05:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-08 20:15 - 2016-02-24 05:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-08 20:15 - 2016-02-24 04:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-08 20:15 - 2016-02-24 04:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-08 20:15 - 2016-02-24 04:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-08 20:15 - 2016-02-24 04:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-08 20:15 - 2016-02-24 04:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-08 20:15 - 2016-02-24 04:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-08 20:15 - 2016-02-24 04:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-08 20:15 - 2016-02-24 04:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-08 20:15 - 2016-02-24 04:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-08 20:15 - 2016-02-24 04:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-08 20:15 - 2016-02-24 04:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-08 20:15 - 2016-02-24 04:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-08 20:15 - 2016-02-24 04:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-08 20:15 - 2016-02-24 04:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-08 20:15 - 2016-02-24 04:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-08 20:15 - 2016-02-24 04:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-08 20:15 - 2016-02-24 04:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-08 20:15 - 2016-02-24 04:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-08 20:15 - 2016-02-24 04:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-08 20:15 - 2016-02-24 04:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-08 20:15 - 2016-02-24 04:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-08 20:15 - 2016-02-24 04:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-08 20:15 - 2016-02-24 04:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-08 20:15 - 2016-02-24 04:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-08 20:15 - 2016-02-24 04:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-08 20:15 - 2016-02-24 04:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-08 20:15 - 2016-02-24 04:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-08 20:15 - 2016-02-24 04:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-08 20:15 - 2016-02-24 04:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-08 20:15 - 2016-02-24 04:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-08 20:15 - 2016-02-24 04:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-08 20:15 - 2016-02-24 04:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-08 20:15 - 2016-02-24 04:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-08 20:15 - 2016-02-24 04:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-08 20:15 - 2016-02-24 04:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-08 20:15 - 2016-02-24 04:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-08 20:15 - 2016-02-24 04:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-08 20:15 - 2016-02-24 04:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-08 20:15 - 2016-02-24 04:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-08 20:15 - 2016-02-24 04:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-08 20:15 - 2016-02-24 03:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-08 20:15 - 2016-02-24 03:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-08 20:15 - 2016-02-24 03:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-08 20:15 - 2016-02-24 03:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-08 20:15 - 2016-02-24 03:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-08 20:15 - 2016-02-24 03:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-08 20:15 - 2016-02-24 03:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-08 20:15 - 2016-02-24 03:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-08 20:15 - 2016-02-24 03:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-08 20:15 - 2016-02-24 03:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-08 20:15 - 2016-02-24 03:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-08 20:15 - 2016-02-24 03:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-08 20:15 - 2016-02-24 03:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-08 20:15 - 2016-02-24 03:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-08 20:15 - 2016-02-24 03:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-08 20:15 - 2016-02-24 03:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-08 20:15 - 2016-02-24 03:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-08 20:15 - 2016-02-24 03:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-08 20:15 - 2016-02-24 03:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-08 20:15 - 2016-02-24 03:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-08 20:15 - 2016-02-24 03:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-08 20:15 - 2016-02-24 03:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-08 20:15 - 2016-02-24 03:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-08 20:15 - 2016-02-24 03:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-08 20:15 - 2016-02-24 03:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-08 20:15 - 2016-02-24 03:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-08 20:15 - 2016-02-24 03:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-08 20:15 - 2016-02-24 03:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-08 20:15 - 2016-02-24 03:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-08 20:15 - 2016-02-24 03:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-08 20:15 - 2016-02-24 03:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-08 20:15 - 2016-02-24 03:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-08 20:15 - 2016-02-24 03:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-08 20:15 - 2016-02-24 03:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-08 20:15 - 2016-02-24 03:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-08 20:15 - 2016-02-24 03:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-08 20:15 - 2016-02-24 03:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-08 20:15 - 2016-02-24 03:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-08 20:15 - 2016-02-24 03:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-08 20:15 - 2016-02-24 03:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-08 20:15 - 2016-02-24 03:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-08 20:15 - 2016-02-24 03:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-08 20:15 - 2016-02-24 03:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-08 20:15 - 2016-02-24 03:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-08 20:15 - 2016-02-24 03:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-08 20:15 - 2016-02-24 03:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-08 20:15 - 2016-02-24 03:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-08 20:15 - 2016-02-24 03:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-08 20:15 - 2016-02-24 03:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-08 20:15 - 2016-02-24 03:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-08 20:15 - 2016-02-24 03:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-08 20:15 - 2016-02-24 03:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-08 20:15 - 2016-02-24 03:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-08 20:15 - 2016-02-24 03:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-08 20:15 - 2016-02-24 03:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-08 20:15 - 2016-02-24 03:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-08 20:15 - 2016-02-24 03:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-08 20:15 - 2016-02-24 03:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-08 20:15 - 2016-02-24 03:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-08 20:15 - 2016-02-24 03:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-08 20:15 - 2016-02-24 03:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-08 20:15 - 2016-02-24 03:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-08 20:15 - 2016-02-24 03:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-08 20:15 - 2016-02-24 03:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-08 20:15 - 2016-02-24 03:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-08 20:15 - 2016-02-24 03:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-08 20:15 - 2016-02-24 03:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-08 20:15 - 2016-02-24 02:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-08 20:15 - 2016-02-24 02:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-08 20:15 - 2016-02-24 02:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-08 20:15 - 2016-02-24 02:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-08 20:15 - 2016-02-24 02:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-08 20:15 - 2016-02-24 02:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-08 20:15 - 2016-02-24 02:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 20:15 - 2016-02-24 02:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-08 20:15 - 2016-02-24 02:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 20:15 - 2016-02-24 02:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-08 20:15 - 2016-02-24 02:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-08 20:15 - 2016-02-24 02:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-08 20:15 - 2016-02-24 02:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-08 20:15 - 2016-02-24 01:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-08 20:15 - 2016-02-24 01:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-05 09:14 - 2016-03-05 09:14 - 00001373 _____ C:\Users\Aleh\Desktop\Steam.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-04 12:22 - 2015-05-16 17:24 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\BitTorrent DNA
2016-04-04 12:07 - 2014-09-14 19:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-04 12:00 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-04 11:58 - 2015-07-06 22:47 - 00001016 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-04 11:42 - 2016-02-01 20:37 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-04 11:32 - 2014-09-14 17:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-04 11:27 - 2016-03-02 20:41 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FBE4EC20-88CD-407F-B90B-1B4ED056032E}
2016-04-04 11:05 - 2015-11-14 21:13 - 00939678 _____ C:\WINDOWS\system32\prfh0416.dat
2016-04-04 11:05 - 2015-11-14 21:13 - 00211848 _____ C:\WINDOWS\system32\prfc0416.dat
2016-04-04 11:05 - 2015-11-14 15:17 - 02295818 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-04 11:05 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-04 11:03 - 2015-08-02 18:36 - 00005196 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Aleh-PC-Aleh Aleh-PC
2016-04-04 10:59 - 2016-02-21 15:45 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-04-04 10:59 - 2016-02-21 15:45 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-04-04 10:59 - 2015-12-18 20:34 - 00000747 _____ C:\WINDOWS\disney.ini
2016-04-04 10:59 - 2014-09-14 17:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-04 10:56 - 2014-12-19 11:10 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\.Tribler
2016-04-04 10:54 - 2014-09-14 19:38 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-04 10:52 - 2016-02-01 20:37 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-04 10:52 - 2015-11-27 15:04 - 00101080 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2016-04-04 10:52 - 2015-11-14 15:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-04 10:52 - 2015-07-06 22:47 - 00001012 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-04 10:52 - 2015-05-16 17:24 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\BitTorrent
2016-04-04 10:52 - 2014-09-17 09:51 - 00000000 __SHD C:\Users\Aleh\IntelGraphicsProfiles
2016-04-04 10:51 - 2015-10-30 03:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-04 10:46 - 2016-02-02 10:21 - 00000252 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_Aleh.job
2016-04-04 10:44 - 2016-02-02 10:21 - 00002250 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-04-04 10:42 - 2015-11-14 15:17 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-04 10:26 - 2014-09-14 17:55 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\uTorrent
2016-04-04 07:00 - 2014-09-13 20:34 - 00000000 ____D C:\Users\Aleh\AppData\Local\Adobe
2016-04-03 20:48 - 2015-08-02 18:04 - 00000000 ____D C:\Users\Aleh\AppData\Local\Packages
2016-04-03 10:57 - 2014-09-15 21:42 - 00000000 ____D C:\Users\Aleh\AppData\Local\CrashDumps
2016-04-03 10:45 - 2014-11-08 20:45 - 00001205 _____ C:\Users\Aleh\Desktop\Uplay.lnk
2016-04-02 21:27 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-01 22:13 - 2015-11-14 15:17 - 00000000 ____D C:\Users\Aleh
2016-04-01 20:32 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-01 20:01 - 2014-09-13 20:30 - 00000000 ____D C:\ProgramData\ProductData
2016-03-31 18:47 - 2015-07-29 20:37 - 00001464 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-31 15:57 - 2014-09-21 14:30 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\vlc
2016-03-30 15:44 - 2014-09-14 17:03 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 12:18 - 2015-11-14 15:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-30 12:18 - 2015-11-14 15:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-30 12:18 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-30 12:18 - 2015-06-23 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-30 12:17 - 2015-11-14 15:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-29 22:06 - 2016-01-26 21:30 - 01373680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-03-29 22:06 - 2015-07-29 20:36 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-03-29 22:05 - 2015-11-20 17:22 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-29 22:05 - 2015-07-29 20:36 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-03-29 22:03 - 2015-07-06 22:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-29 21:16 - 2014-09-13 20:30 - 00000000 ____D C:\ProgramData\IObit
2016-03-26 21:47 - 2014-09-14 17:03 - 00000000 ____D C:\Users\Aleh\AppData\Local\Google
2016-03-26 21:46 - 2014-09-13 20:59 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-25 20:41 - 2016-02-26 22:53 - 00000000 ____D C:\Users\Aleh\AppData\Roaming\StardewValley
2016-03-25 20:40 - 2014-10-20 19:33 - 00000000 ____D C:\ProgramData\Origin
2016-03-25 20:19 - 2014-09-14 21:53 - 00000000 ____D C:\Users\Aleh\AppData\Local\ElevatedDiagnostics
2016-03-23 20:55 - 2014-09-15 21:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-22 20:47 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-21 14:14 - 2014-09-14 12:39 - 00000000 ____D C:\Fraps
2016-03-15 22:01 - 2014-12-09 18:17 - 00000000 ____D C:\Users\Aleh\Documents\Snapshot
2016-03-15 21:58 - 2015-02-08 18:57 - 00000000 ____D C:\KMPlayer
2016-03-12 11:26 - 2015-11-20 13:19 - 00000000 ____D C:\Users\Aleh\AppData\Local\Deployment
2016-03-10 08:31 - 2015-11-14 15:15 - 05183032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 22:58 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-09 22:58 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-09 22:58 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-09 22:58 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-08 20:41 - 2014-09-16 19:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-08 20:37 - 2014-09-16 19:59 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-04-26 18:17 - 2015-04-26 18:17 - 0000132 _____ () C:\Users\Aleh\AppData\Roaming\Adobe BMP Format CC Prefs
2015-03-22 22:02 - 2015-04-26 18:17 - 0000132 _____ () C:\Users\Aleh\AppData\Roaming\Adobe PNG Format CC Prefs
2015-08-23 14:43 - 2015-12-21 19:08 - 0000034 _____ () C:\Users\Aleh\AppData\Roaming\AdobeWLCMCache.dat
2014-12-09 18:36 - 2015-11-10 20:41 - 0000540 _____ () C:\Users\Aleh\AppData\Roaming\AutoGK.ini
2014-09-27 18:34 - 2014-09-27 18:34 - 0017751 _____ () C:\Users\Aleh\AppData\Roaming\unins001.dat
2015-01-26 15:19 - 2015-01-27 21:08 - 183677480 _____ () C:\Users\Aleh\AppData\Local\ACCCx2_9_0_465.zip.aamdownload
2015-01-26 15:19 - 2015-01-27 21:08 - 0002195 _____ () C:\Users\Aleh\AppData\Local\ACCCx2_9_0_465.zip.aamdownload.aamd
2015-05-14 21:53 - 2015-11-22 20:08 - 0001456 _____ () C:\Users\Aleh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-09-22 04:36 - 2015-09-22 04:36 - 0000000 _____ () C:\Users\Aleh\AppData\Local\{0F500257-69BF-4766-94DF-0A45D2BE1077}
2015-06-02 20:46 - 2015-06-02 20:46 - 0271622 _____ () C:\ProgramData\1433288634.bdinstall.bin
2015-11-14 15:16 - 2015-11-14 15:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-16 18:49 - 2015-08-16 18:49 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-06-02 11:26 - 2015-06-02 11:26 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-25 18:50
 
==================== End of FRST.txt ============================

 

Thanks for your attention! 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 04 April 2016 - 09:20 PM

Hello AlehCemy and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  
uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove
 
İOBit  (Malware Fighter,Driver Boster, Advanced SystemCare+Obit Uninstaller+Surfing Protection+LiveUpdate+SmartDefragDriver.sys)

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish

=================================================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 AlehCemy

AlehCemy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:28 AM

Posted 05 April 2016 - 06:32 PM

Hello Yılmaz,

 

Already removed the cracks from the system. This computer only have 1 account which is my acess and I believe I have every kind of permission an administrator can have. I installed the Revo and removed IOBit as you told. Just one question: I only use the Windows Firewall and Windows Defender. Should I disable them before doing the scan with Zemana? 

 



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 05 April 2016 - 06:48 PM

Hello Yılmaz,

 

Already removed the cracks from the system. This computer only have 1 account which is my acess and I believe I have every kind of permission an administrator can have. I installed the Revo and removed IOBit as you told. Just one question: I only use the Windows Firewall and Windows Defender. Should I disable them before doing the scan with Zemana? 

 

Thank you.

Please disable  do the Windows Firewall and Windows Defender.


 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 AlehCemy

AlehCemy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:28 AM

Posted 05 April 2016 - 07:44 PM

Ok. Turned off the Windows Firewall and Windows Defender and ran the scan with Zemana. I have been stuck in the verification in cloud step for the last 40 min and basically all of them is giving an error that it wasn't possible to verify, I acidentally canceled one.. There are still a few that need to verify, can I cancel it or should I wait? 

 

 

EDIT:

 

Okay, here is the log (but I installed it in my own language, if you want I can translate). It found a few root, 1 malware, 1 adware and PUA (?).

 

Zemana AntiMalware 2.20.2.100 (Instalado)
 
-------------------------------------------------------
Resultado da Verificação : Concluído
Data da Verificação      : 2016/4/5
Sistema Operacional      : Windows 10 64-bit
Processador              : 8X Intel® Core™ i7-4790 CPU @ 3.60GHz
Modo da BIOS             : Legacy
CUID                     : 000230A8F642BD4899F14F
Tipo da Verificação      : Verificação Profunda
Duração                  : 58m 48s
Objetos Verificados      : 419460
Objetos Detectados       : 11
Objetos Excluídos        : 0
Nível da Leitura         : SCSI
Envio Automático         : Sim
Incluir Todas Extensões  : Não
Verificar Documentos     : Não
Informações do Domínio   : WORKGROUP,0,2
 
Objetos Detectados
-------------------------------------------------------
 
SumRando SSL Verifier CA
Status               : Verificado
Objeto               : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFE5E1C8C8671C7B624D34AC31BA784B1B5057D\Blob
MD5                  : -
Editor               : -
Tamanho              : -
Versão               : -
Detecção             : Root CA Suspeito
Ação da Limpeza      : Deletar
Traços               :
                Entrada do Registro - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFE5E1C8C8671C7B624D34AC31BA784B1B5057D\Blob = 5C000000010000000400000000080000030000000100000014000000DDFE5E1C8C8671C7B624D34AC31BA784B1B5057D19000000010000001000000000A18C965FB28A6BAAD64095DF48F3F41400000001000000140000005F9DD098BFD8EF95BEFAD8B34FC673C11F9EBEDF0F0000000100000014000000F4C6FCED9476700E94554B668584A9BD27AFB51A04000000010000001000000006D3E36464C959B29524F7AF361F0EC02000000001000000FB030000308203F7308202DFA003020102020A00ABCDEF11122233344B300D06092A864886F70D01010505003081A6310B3009060355040613025A41311530130603550408130C5765737465726E20436170653112301006035504071309436C6172656D6F6E7431233021060355040B131A53756D52616E646F20496E7465726E65742053657276696365733121301F0603550403131853756D52616E646F2053534C2056657269666965722043413124302206092A864886F70D010901161573656375726974794073756D72616E646F2E636F6D301E170D3133313030313137353130305A170D3138303933303137353130305A3081A6310B3009060355040613025A41311530130603550408130C5765737465726E20436170653112301006035504071309436C6172656D6F6E7431233021060355040B131A53756D52616E646F20496E7465726E65742053657276696365733121301F0603550403131853756D52616E646F2053534C2056657269666965722043413124302206092A864886F70D010901161573656375726974794073756D72616E646F2E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100A8DDEBE7F36ABD7CD4A02EB15F8A30D848E4D6E097DA15F41EE27717C26459D61FE1C7BA4D8999C382661C8F7BCEF3ADA5A33E06158DD1FEF7D25E050E6FC7CD11306F026BDDD2AAF673C67BFDAF5B1945438226FF4CEA6F9E4453C00C33672D4D708C5B3A29A0386C4E1452668664EA38E526E0AD2D1314D00E8ED4F09492C9163DA460FDEEE9043DC81CA5149356F4C5B342BE9DCDB5A895F5AC2A92096C5201231527A06D92645A9B56CD5AA0A0995223E218841F079A5FD73046B4C3FB297B0F76CE66C8F2EBE7BCA6D86BC92605D40A3C1DFF3239506906585E499268D03DEE6C23A41CB509CAC02B2DF346F3ACAB6AEA1DCC201B5B6757801616918E050203010001A325302330130603551D25040C300A06082B06010505070301300C0603551D13040530030101FF300D06092A864886F70D010105050003820101008B5D8AA398D5B44826D41B6C01121CF42962881FCE558D97F87BD64DCA7A1C346CFC4002AE09BA702166DFDA5A8F94937684E75ADA4BC049F9EC4076AE2B1CBCB23ED26954D536B6DEBB82F8FB3EB3956AE46A68E9E28EB0F1B0AB376E1B519DC49F8A8E653D19BD13DC44EFC242B931717FBB45AFDA656E5CDC445B7A34F87100A87919CBC2E63A603DB7A23AAE3A999A40BB14C08D04F82996FE4787DB27D1FEFB99A6117F00086DE03152AC1DAC96AE4C350733DD4E174A1D1F29A9DB1EDFAD4422C97BD10536B8A17CF3E83A04FAE0027921332ABFAA580D2EFDD1166DDE9240A69FD2F0A35F864168BB0C2EF3EE4D321D8BB8FB2EA387942FCDF1D6CFD1
 
Lansweeper Secure Website
Status               : Verificado
Objeto               : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AE9C1CDF57DBF4D62E5E369266A550D519B31E88\Blob
MD5                  : -
Editor               : -
Tamanho              : -
Versão               : -
Detecção             : Root CA Suspeito
Ação da Limpeza      : Deletar
Traços               :
                Entrada do Registro - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AE9C1CDF57DBF4D62E5E369266A550D519B31E88\Blob = 190000000100000010000000511821DB9F42CC73966F89523C6AB4FC0F00000001000000200000000AC47C85E8445D6283E310A22A77885D19849AB64D7067370EC9FA06A70D4D80030000000100000014000000AE9C1CDF57DBF4D62E5E369266A550D519B31E880200000001000000C40000001C000000740000000100000000000000000000000000000001000000500076006B0054006D0070003A00650064006200650066003900330034002D0031003700620036002D0034003800650064002D0039003800340036002D0033003000660061003900310064006300360035006300340000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072000000140000000100000014000000A66BE1FDF2D4EBE4E547D5AD80C68C1E93E2798820000000010000002C0200003082022830820191A00302010202109EC070CA048B47AC4DCB68833CF4D969300D06092A864886F70D01010B0500302431223020060355040313194C616E737765657065722053656375726520576562736974653020170D3939313233313232303030305A180F32303939313233313232303030305A302431223020060355040313194C616E7377656570657220536563757265205765627369746530819F300D06092A864886F70D010101050003818D00308189028181009AE78D654D38FD24822CD7C2FDE45529D5506029B70594C456AF8C8981DE12F166C61965478A5E8696073D677FCDE5F65E701916EED6F3BA91D7CC7237E8B9C593B7A49518A465DA62ABB386B57F8ED41E94E0FB30E050074080E516EBFA91B6CC883CD316A470FD9DF40ABCBC6FD83E72902F8C540B48FB882CE8CF87513B470203010001A359305730550603551D01044E304C8010CFE15797FFE25F30A7E7F15ED219B653A126302431223020060355040313194C616E7377656570657220536563757265205765627369746582109EC070CA048B47AC4DCB68833CF4D969300D06092A864886F70D01010B05000381810017C5E5828D4DB536B56122628FE3394844DA13926DFCC998A130263562BC0C2E43B52FDCE5E204C3CF13B2EE96C725F433A71DBACC7112CC3531932D860E57B7D3DC9D647A5806AE658FDDDC134C8FCB7C7AD80E55EF1F53540F909AFBA1BC6A0F8ECE822707851BE4904F86BB6E3D069013F52C80EC5D3E4ABC07CAE2C6F4DC
 
Warsaw Personal CA
Status               : Verificado
Objeto               : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6BE927D3C182E0D7D689BEC9B36AE9C5FED1C65F\Blob
MD5                  : -
Editor               : -
Tamanho              : -
Versão               : -
Detecção             : Root CA Suspeito
Ação da Limpeza      : Deletar
Traços               :
                Entrada do Registro - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6BE927D3C182E0D7D689BEC9B36AE9C5FED1C65F\Blob = 1900000001000000100000003749FA89957A0D5AD18C0F1E82D866AA14000000010000001400000052DC4EEC606598C5E870896E61F5FD8CCAC13F2A0300000001000000140000006BE927D3C182E0D7D689BEC9B36AE9C5FED1C65F0F0000000100000020000000B22113711520CFFB1258108FBAD5B2E248EAFF11C56D94D8F968FBA01FEBCE3D2000000001000000D6040000308204D2308202BAA0030201000209008E49D07228AF515C300D06092A864886F70D01010B0500301D311B301906035504030C1257617273617720506572736F6E616C204341301E170D3135313132373138303333315A170D3235313132343138303333315A301D311B301906035504030C1257617273617720506572736F6E616C20434130820222300D06092A864886F70D01010105000382020F003082020A0282020100D5E7CF4EE1E9AA7C5AC04AD6F32C5C07F7B04B7E732065896D00A788E35452C6163761CC979976885907C4AD8F6916D36C11C2C5ADA91D69EDE4F3F7A7C61FCEF58C90CB98D9D60A9942448A7A38C485B263ADA5DE93BBAF91EA0528C6B9F93ADD159A7B61E1B32A24C870BF04F4FF35E0158C454954CDC5CD0E1A512A9AB0003F6250F2113FAC4CF9397D5678F6E4B9DD7952166360A2480E4CA389458E2CA944F8973D64C665F0ADD636C8B41C0175387E6E8B9D557B0C2DEC08FF260D5BA8F7DC28FF1D9BA7A85BBE432B52F978CA2F0813364731DF54CEA9906158D50814AEB5BDE4B1D3D19F668491E6692E3F4338F7CFB1B53154C7AF8428B2174A4B84C8D6C8A978451D07F43BE08D34F80273A162DC5452F23E633C71CC95404DB82D3B5169AD746A39A3741A36957679F13B9AF305C4472D57367C50C2D35C17E690E7013CDA6D154033EF39D1C267D9FFBB6494F55A5C54760082BB8F75015F428C87C2700174B5D9DBD3AB513FF183A5F913D4FE9C907C095C84F883F54B10307BD60CAE4B422D3442DE4579F20DCC46A075E617202F6C45CB71E74A4860F547DC5ED2702E044486F336DEA53035F967EA46F48BB66A1AD5BA22198C17BD9A58AAA4587521AAA788AD1BE437B0D1D19D3F6F3A95DE60FA2F38DFA71B87F9395226A754F6EFD8603357AAC4C73E9C2D631DA0EF4B72864FE53EC221842EF12098950203010001A3153013301106096086480186F8420101040403020204300D06092A864886F70D01010B0500038202010067A9FABDDD94D3AEE936CF229DD5C87FC564965EF4C9CD0940CDFC1FFA818DA829AED352966F9820F2ADDCE182499A0EA32344223DDA33507B7B317EB29C77259892D206ED14A074DF0CC472DA2D0792DE17A90BF0776B2B943735AA313048B06610BD6CECEF4E5ADDC7750FC633BFB0BF10D9A9229360AC4B4A8535AAC5E4219A6CD014D9622B7B253D54A31EC02E07F34F20B36123998D616CA866FDE686613C9093444BE630693A93330A2846697BE7CB7A0045B71115F0CA0E2AD914370224ED0AC7863AAFF998E507413A12F97C76909DB1E85B08CFC21DDB799025DA6EB9686EECF47FD4AF04C7C4615AB448565B60CA74727E7B3F473719FE7B73A659342516DE6E38E8D30E4449DF21F372629DD02E19792A7AC99893498505921153036DFE23EC048A62C024E9DD77501D1BBF620BA6388B5AFBADABACDFDDDF3A79056129D12D78EC92031AF72420BF35D474DD99CD200C0C9B779E3861F9D478A573642FFD7396FBF2E2096D8CD05DA73C80C41E65F1C592CFED5F018D53835EE56339C49C9C63844464A6F2E26DB53910086919DA21064F6FBF8E5A08ECF7DBF94731F1FA5688209A104ADDC721EA1F863447A00AF27DD5A066AB9C304CBC4F7176531E5769AF6620D97805CC8FDD7E7D4BBE31B9B9DD3AE54A9EED948412A36C541DB06950A4E98EBEE73E2F079CA3E0F6A8285E65F78526E408A833636F0427
 
$VBR1
Status               : Falhou
Objeto               : %temp%\zam-shadow-copy-record1.vbr
MD5                  : 55855BAA7BFEAE67BD8A383FF48691F1
Editor               : -
Tamanho              : 7168
Versão               : -
Detecção             : 
Ação da Limpeza      : Reparar
Traços               :
                Arquivo - %temp%\zam-shadow-copy-record1.vbr
                VBR - C: - Index 1
 
$VBR0
Status               : Falhou
Objeto               : %temp%\zam-shadow-copy-record0.vbr
MD5                  : F7BB0AD716FBCA9C5C7F1A2704D31349
Editor               : -
Tamanho              : 7168
Versão               : -
Detecção             : 
Ação da Limpeza      : Reparar
Traços               :
                Arquivo - %temp%\zam-shadow-copy-record0.vbr
                VBR - C: - Index 0
 
celtx.exe
Status               : Falhou
Objeto               : %programfiles%\celtx\celtx.exe
MD5                  : 5118F80D0B75A445630F892BA8D29CD7
Editor               : -
Tamanho              : 8548352
Versão               : 1.9.0.4472
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\celtx\celtx.exe
                Referência - C:\Users\Aleh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
                Referência - C:\Users\Public\Desktop\Celtx.lnk
 
fixnetwork.bat
Status               : Falhou
Objeto               : %userprofile%\desktop\fixnetwork.bat
MD5                  : C5415A05ABF6B386DD22BDEAF940694B
Editor               : -
Tamanho              : 190
Versão               : -
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %userprofile%\desktop\fixnetwork.bat
 
DLLDEV32i.dll
Status               : Falhou
Objeto               : %systemroot%\syswow64\dlldev32i.dll
MD5                  : 1165A0ADA6D4BE793D96D468683F974D
Editor               : -
Tamanho              : 120200
Versão               : 3.7.0.12
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %systemroot%\syswow64\dlldev32i.dll
 
AutoRearm.exe
Status               : Verificado
Objeto               : %systemroot%\autorearm\autorearm.exe
MD5                  : D1EC6E2BEB27746252279028FFAC4A14
Editor               : -
Tamanho              : 3650560
Versão               : 2.5.1.0
Detecção             : Malware:Win32/Nevoros.B!Ekat
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %systemroot%\autorearm\autorearm.exe
 
miniEngineStudio.exe
Status               : Falhou
Objeto               : %userprofile%\documents\lapse pi\minienginestudio-master\minienginestudio-master\installer\application files\minienginestudio_1_0_1_0\minienginestudio.exe
MD5                  : 9BC734B4959502C29DDDA95E29F5534D
Editor               : -
Tamanho              : 1114112
Versão               : 1.0.0.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %userprofile%\documents\lapse pi\minienginestudio-master\minienginestudio-master\installer\application files\minienginestudio_1_0_1_0\minienginestudio.exe
 
ContextualTabSelectorRules.dll
Status               : Falhou
Objeto               : %appdata%\autodesk\autocad 2016\r20.1\enu\contextualtabselectorrules.dll
MD5                  : E976AEAEB9A38A177281AFD0D9E49D0D
Editor               : -
Tamanho              : 36352
Versão               : 0.0.0.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %appdata%\autodesk\autocad 2016\r20.1\enu\contextualtabselectorrules.dll
 
FormatFactory.exe
Status               : Verificado
Objeto               : %programfiles%\freetime\formatfactory\formatfactory.exe
MD5                  : 6846DDE18CE756134DE298DC9D51DDE8
Editor               : chen jun hao
Tamanho              : 3977568
Versão               : 3.3.5.0
Detecção             : PUA:Win32/FormatFactory!Ep
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\freetime\formatfactory\formatfactory.exe
                Referência - C:\Users\Aleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk
                Referência - C:\Users\Aleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk
                Referência - C:\Users\Aleh\AppData\Roaming\Microsoft\Windows\SendTo\Format Factory.lnk
 
RMEncoder.exe
Status               : Verificado
Objeto               : %programfiles%\freetime\formatfactory\ffmodules\rmencoder.exe
MD5                  : C880C534BE8D99F920BD5BAC5586EF2E
Editor               : chen jun hao
Tamanho              : 208224
Versão               : 2.0.0.0
Detecção             : PUA:Win32/FormatFactory!Ep
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\freetime\formatfactory\ffmodules\rmencoder.exe
 
AskPIP_FF_.exe
Status               : Verificado
Objeto               : %programfiles%\freetime\formatfactory\ffmodules\package\ask\askpip_ff_.exe
MD5                  : 47E1FBC3AA8B4439B60D7633EB355A8E
Editor               : Ask.com
Tamanho              : 1048504
Versão               : 2.9.1.0
Detecção             : Adware:Win32/AskBrowserHijack!Ep
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\freetime\formatfactory\ffmodules\package\ask\askpip_ff_.exe
 
ffmpeg.exe
Status               : Verificado
Objeto               : %programfiles%\freetime\formatfactory\ffmodules\encoder\ffmpeg.exe
MD5                  : 205B120F579E82B5CB19D20C954E1B49
Editor               : chen jun hao
Tamanho              : 16844800
Versão               : -
Detecção             : PUA:Win32/FormatFactory!Ep
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\freetime\formatfactory\ffmodules\encoder\ffmpeg.exe
 
FFInst.exe
Status               : Verificado
Objeto               : %programfiles%\freetime\formatfactory\ffinst.exe
MD5                  : D62CFA1D191905B65D8855F01D400CF6
Editor               : chen jun hao
Tamanho              : 91488
Versão               : 1.1.0.0
Detecção             : PUA:Win32/FormatFactory!Ep
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\freetime\formatfactory\ffinst.exe
 
xf-adsk2015_x64.exe
Status               : Verificado
Objeto               : %programw6432%\autodesk\autodesk sketchbook pro 2015\xf-adsk2015_x64.exe
MD5                  : 015A355A7890A08DFB38868F8A45610A
Editor               : -
Tamanho              : 329216
Versão               : -
Detecção             : PUA:Win32/SoftCrack.Gen
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\autodesk\autodesk sketchbook pro 2015\xf-adsk2015_x64.exe
 
adobe.photoshop.cc-patch-painter.exe
Status               : Verificado
Objeto               : %programw6432%\adobe\adobe premiere pro cc\adobe.photoshop.cc-patch-painter.exe
MD5                  : 595162E0D11436B3664AA48416283821
Editor               : -
Tamanho              : 342528
Versão               : -
Detecção             : PUA:Win32/SoftCrack.Gen
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\adobe\adobe premiere pro cc\adobe.photoshop.cc-patch-painter.exe
 
AcLivePreviewContext.dll
Status               : Falhou
Objeto               : %appdata%\autodesk\autocad 2016\r20.1\enu\aclivepreviewcontext.dll
MD5                  : 676A10B81715D39F338F8ACAF3B495E5
Editor               : -
Tamanho              : 9216
Versão               : 0.0.0.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %appdata%\autodesk\autocad 2016\r20.1\enu\aclivepreviewcontext.dll
 
contents.html
Status               : Falhou
Objeto               : %programfiles%\wacom sign pro pdf\help\help_pt_br\contents.html
MD5                  : 05A6962BDD478EB8124511FEEAFB7602
Editor               : -
Tamanho              : 9775
Versão               : -
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\wacom sign pro pdf\help\help_pt_br\contents.html
                Referência - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom sign pro PDF\Manual do usuário.lnk
 
CalMAN_Studio.exe
Status               : Falhou
Objeto               : %allusersprofile%\package cache\{9d98dd8b-5ef8-4943-a690-423c8ce4c185}\calman_studio.exe
MD5                  : 72E974EC8D28BD48FBD6E3F81785E6EA
Editor               : SpectraCal, LLC
Tamanho              : 621384
Versão               : 5.6.1.2207
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %allusersprofile%\package cache\{9d98dd8b-5ef8-4943-a690-423c8ce4c185}\calman_studio.exe
 
MBR_HardDisk0.mbr
Status               : Falhou
Objeto               : %homedrive%\qoobox\quarantine\mbr_harddisk0.mbr
MD5                  : 8B74B960485FCCCBB3F7F0748E135755
Editor               : -
Tamanho              : 512
Versão               : -
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %homedrive%\qoobox\quarantine\mbr_harddisk0.mbr
 
Assembly-CSharp.dll
Status               : Falhou
Objeto               : %programfiles%\steam\steamapps\common\knights of pen and paper 2\kopp2_data\managed\assembly-csharp.dll
MD5                  : 31E8CDF3008241D72A7C9A56643E19E6
Editor               : -
Tamanho              : 4867584
Versão               : 0.0.0.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\steam\steamapps\common\knights of pen and paper 2\kopp2_data\managed\assembly-csharp.dll
 
miniEngineStudio.exe
Status               : Falhou
Objeto               : %userprofile%\documents\lapse pi\minienginestudio-master\minienginestudio-master\minienginestudio.exe
MD5                  : 9BC734B4959502C29DDDA95E29F5534D
Editor               : -
Tamanho              : 1114112
Versão               : 1.0.0.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %userprofile%\documents\lapse pi\minienginestudio-master\minienginestudio-master\minienginestudio.exe
 
miniEngineStudio.exe
Status               : Falhou
Objeto               : %userprofile%\documents\lapse pi\minienginestudio-master\minienginestudio.exe
MD5                  : 9BC734B4959502C29DDDA95E29F5534D
Editor               : -
Tamanho              : 1114112
Versão               : 1.0.0.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %userprofile%\documents\lapse pi\minienginestudio-master\minienginestudio.exe
 
miniEngineStudio.exe
Status               : Falhou
Objeto               : %localappdata%\apps\2.0\xrkq6jvh.j2h\xz40zt8h.owe\mini..tion_ae99854c4f75f805_0001.0000_4383cdbf62ccf627\minienginestudio.exe
MD5                  : 9BC734B4959502C29DDDA95E29F5534D
Editor               : -
Tamanho              : 1114112
Versão               : 1.0.0.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %localappdata%\apps\2.0\xrkq6jvh.j2h\xz40zt8h.owe\mini..tion_ae99854c4f75f805_0001.0000_4383cdbf62ccf627\minienginestudio.exe
 
kopp2.exe
Status               : Falhou
Objeto               : %programfiles%\steam\steamapps\common\knights of pen and paper 2\kopp2.exe
MD5                  : CA42388A34893F1BB6E16FB67225B089
Editor               : -
Tamanho              : 11632128
Versão               : 4.7.0.29693
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programfiles%\steam\steamapps\common\knights of pen and paper 2\kopp2.exe
 
Particles.plugin
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\particles.plugin
MD5                  : A57D3C0745650E8870061A2AC7D797B2
Editor               : -
Tamanho              : 1397760
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\particles.plugin
 
ARRIRAW_SDK.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\arriraw_sdk.dll
MD5                  : 90D6355342CDE466C3D0745FB6551485
Editor               : -
Tamanho              : 12564480
Versão               : -
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\arriraw_sdk.dll
 
CinemaRaw.plugin
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\cinemaraw.plugin
MD5                  : F6EDF4AE7FA104E97F8FFA778CB2C209
Editor               : -
Tamanho              : 521728
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\cinemaraw.plugin
 
CrmSdk.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\crmsdk.dll
MD5                  : 1472AF2891F4A44DEB43133659AF6849
Editor               : -
Tamanho              : 6660096
Versão               : 1.0.1.35
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\crmsdk.dll
 
cudart64_41_28.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\cudart64_41_28.dll
MD5                  : 4A3F139749A0DC2E067B6A99F0DB6EFC
Editor               : -
Tamanho              : 602112
Versão               : 6.14.11.4010
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\cudart64_41_28.dll
 
PhCon.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phcon.dll
MD5                  : F0D4A51F0F319CAF76DBC23EF9A99A9F
Editor               : -
Tamanho              : 726528
Versão               : 12.0.717.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phcon.dll
 
PhFile.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phfile.dll
MD5                  : 8821EB9DF42630BDAD18A5CD117C67E7
Editor               : -
Tamanho              : 1717760
Versão               : 12.0.717.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phfile.dll
 
PhInt.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phint.dll
MD5                  : D39B8775BEBD0ED9EDB410DA1109709E
Editor               : -
Tamanho              : 5669888
Versão               : 12.0.717.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phint.dll
 
PhSharp.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phsharp.dll
MD5                  : BFB4F72DD4691695638CA247C20798BD
Editor               : -
Tamanho              : 1569792
Versão               : 2.0.717.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phsharp.dll
 
PhSig.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phsig.dll
MD5                  : 2467F880995CCDD6714FB9F43A4E4E5E
Editor               : -
Tamanho              : 100864
Versão               : 12.0.717.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phsig.dll
 
PhSigV.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phsigv.dll
MD5                  : DD37947429A365DB47BCFE6B7ADC5091
Editor               : -
Tamanho              : 116736
Versão               : 12.0.717.0
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\phsigv.dll
 
R3DProxy.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\r3dproxy.dll
MD5                  : B66297D92CF87ADBB5940D67720F1F9F
Editor               : -
Tamanho              : 2626048
Versão               : -
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\cinemaraw\r3dproxy.dll
 
DDS.plugin
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\dds.plugin
MD5                  : 2C5CD1FB58AECF9FF62CF1A61CF9A45C
Editor               : -
Tamanho              : 56320
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\dds.plugin
 
DirectShow.plugin
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\directshow.plugin
MD5                  : 8BB43501A25A93BB136976AF788CDE64
Editor               : -
Tamanho              : 155648
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\plugins\blackmagic\directshow.plugin
 
FuScript.exe
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\fuscript.exe
MD5                  : D21A24AA6F7BA7559FD4788F87EB8F4F
Editor               : -
Tamanho              : 53248
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\fuscript.exe
 
Fusion.exe
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\fusion.exe
MD5                  : 9723CD73F8734FA63DC2EA4C97717964
Editor               : -
Tamanho              : 2194944
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\fusion.exe
 
FusionControls.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\fusioncontrols.dll
MD5                  : 9FB30983DA1A051566F7580E99E37459
Editor               : -
Tamanho              : 3065344
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\fusioncontrols.dll
 
FusionFormats.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\fusionformats.dll
MD5                  : EB4B1BE45EC8CE4A75DEDD3042B8D2B5
Editor               : -
Tamanho              : 4730368
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\fusionformats.dll
 
FusionGraphics.dll
Status               : Cancelado
Objeto               : %programw6432%\blackmagic design\fusion 8\fusiongraphics.dll
MD5                  : 58940A15854FA199EBBDA6B7FFFAD51F
Editor               : -
Tamanho              : 4902912
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\fusiongraphics.dll
 
FusionOperators.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\fusionoperators.dll
MD5                  : 7C2E8714DC007267FCB7B2C994F13659
Editor               : -
Tamanho              : 6741504
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\fusionoperators.dll
 
FusionScript.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\fusionscript.dll
MD5                  : 520CC6DA692D4AF9021A2A66332B2B57
Editor               : -
Tamanho              : 2314752
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\fusionscript.dll
 
FusionShaders.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\fusionshaders.dll
MD5                  : 21F0864499A844DFAE0E089161B0668A
Editor               : -
Tamanho              : 38400
Versão               : 8.0.0.33
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\fusionshaders.dll
 
iup3.10.dll
Status               : Falhou
Objeto               : %programw6432%\blackmagic design\fusion 8\iup3.10.dll
MD5                  : 0A294CE0E5D041D68BC9C4D1BB8511D9
Editor               : -
Tamanho              : 8526336
Versão               : -
Detecção             : 
Ação da Limpeza      : Quarentena
Traços               :
                Arquivo - %programw6432%\blackmagic design\fusion 8\iup3.10.dll

Edited by AlehCemy, 05 April 2016 - 07:52 PM.


#6 AlehCemy

AlehCemy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:28 AM

Posted 05 April 2016 - 07:57 PM

Oh wait. Now I realized a mistake I did. I did the deep scan instead of smart scan. I'm sorry about that.

 

The log for the smart scan (again, if necessary, I can translate):

 

Zemana AntiMalware 2.20.2.100 (Instalado)
 
-------------------------------------------------------
Resultado da Verificação : Concluído
Data da Verificação      : 2016/4/5
Sistema Operacional      : Windows 10 64-bit
Processador              : 8X Intel® Core™ i7-4790 CPU @ 3.60GHz
Modo da BIOS             : Legacy
CUID                     : 000230A8F642BD4899F14F
Tipo da Verificação      : Verificação Inteligente
Duração                  : 1m 50s
Objetos Verificados      : 14499
Objetos Detectados       : 3
Objetos Excluídos        : 0
Nível da Leitura         : SCSI
Envio Automático         : Sim
Incluir Todas Extensões  : Não
Verificar Documentos     : Não
Informações do Domínio   : WORKGROUP,0,2
 
Objetos Detectados
-------------------------------------------------------
 
SumRando SSL Verifier CA
Status               : Verificado
Objeto               : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFE5E1C8C8671C7B624D34AC31BA784B1B5057D\Blob
MD5                  : -
Editor               : -
Tamanho              : -
Versão               : -
Detecção             : Root CA Suspeito
Ação da Limpeza      : Deletar
Traços               :
                Entrada do Registro - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFE5E1C8C8671C7B624D34AC31BA784B1B5057D\Blob = 5C000000010000000400000000080000030000000100000014000000DDFE5E1C8C8671C7B624D34AC31BA784B1B5057D19000000010000001000000000A18C965FB28A6BAAD64095DF48F3F41400000001000000140000005F9DD098BFD8EF95BEFAD8B34FC673C11F9EBEDF0F0000000100000014000000F4C6FCED9476700E94554B668584A9BD27AFB51A04000000010000001000000006D3E36464C959B29524F7AF361F0EC02000000001000000FB030000308203F7308202DFA003020102020A00ABCDEF11122233344B300D06092A864886F70D01010505003081A6310B3009060355040613025A41311530130603550408130C5765737465726E20436170653112301006035504071309436C6172656D6F6E7431233021060355040B131A53756D52616E646F20496E7465726E65742053657276696365733121301F0603550403131853756D52616E646F2053534C2056657269666965722043413124302206092A864886F70D010901161573656375726974794073756D72616E646F2E636F6D301E170D3133313030313137353130305A170D3138303933303137353130305A3081A6310B3009060355040613025A41311530130603550408130C5765737465726E20436170653112301006035504071309436C6172656D6F6E7431233021060355040B131A53756D52616E646F20496E7465726E65742053657276696365733121301F0603550403131853756D52616E646F2053534C2056657269666965722043413124302206092A864886F70D010901161573656375726974794073756D72616E646F2E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100A8DDEBE7F36ABD7CD4A02EB15F8A30D848E4D6E097DA15F41EE27717C26459D61FE1C7BA4D8999C382661C8F7BCEF3ADA5A33E06158DD1FEF7D25E050E6FC7CD11306F026BDDD2AAF673C67BFDAF5B1945438226FF4CEA6F9E4453C00C33672D4D708C5B3A29A0386C4E1452668664EA38E526E0AD2D1314D00E8ED4F09492C9163DA460FDEEE9043DC81CA5149356F4C5B342BE9DCDB5A895F5AC2A92096C5201231527A06D92645A9B56CD5AA0A0995223E218841F079A5FD73046B4C3FB297B0F76CE66C8F2EBE7BCA6D86BC92605D40A3C1DFF3239506906585E499268D03DEE6C23A41CB509CAC02B2DF346F3ACAB6AEA1DCC201B5B6757801616918E050203010001A325302330130603551D25040C300A06082B06010505070301300C0603551D13040530030101FF300D06092A864886F70D010105050003820101008B5D8AA398D5B44826D41B6C01121CF42962881FCE558D97F87BD64DCA7A1C346CFC4002AE09BA702166DFDA5A8F94937684E75ADA4BC049F9EC4076AE2B1CBCB23ED26954D536B6DEBB82F8FB3EB3956AE46A68E9E28EB0F1B0AB376E1B519DC49F8A8E653D19BD13DC44EFC242B931717FBB45AFDA656E5CDC445B7A34F87100A87919CBC2E63A603DB7A23AAE3A999A40BB14C08D04F82996FE4787DB27D1FEFB99A6117F00086DE03152AC1DAC96AE4C350733DD4E174A1D1F29A9DB1EDFAD4422C97BD10536B8A17CF3E83A04FAE0027921332ABFAA580D2EFDD1166DDE9240A69FD2F0A35F864168BB0C2EF3EE4D321D8BB8FB2EA387942FCDF1D6CFD1
 
Lansweeper Secure Website
Status               : Verificado
Objeto               : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AE9C1CDF57DBF4D62E5E369266A550D519B31E88\Blob
MD5                  : -
Editor               : -
Tamanho              : -
Versão               : -
Detecção             : Root CA Suspeito
Ação da Limpeza      : Deletar
Traços               :
                Entrada do Registro - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AE9C1CDF57DBF4D62E5E369266A550D519B31E88\Blob = 190000000100000010000000511821DB9F42CC73966F89523C6AB4FC0F00000001000000200000000AC47C85E8445D6283E310A22A77885D19849AB64D7067370EC9FA06A70D4D80030000000100000014000000AE9C1CDF57DBF4D62E5E369266A550D519B31E880200000001000000C40000001C000000740000000100000000000000000000000000000001000000500076006B0054006D0070003A00650064006200650066003900330034002D0031003700620036002D0034003800650064002D0039003800340036002D0033003000660061003900310064006300360035006300340000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072000000140000000100000014000000A66BE1FDF2D4EBE4E547D5AD80C68C1E93E2798820000000010000002C0200003082022830820191A00302010202109EC070CA048B47AC4DCB68833CF4D969300D06092A864886F70D01010B0500302431223020060355040313194C616E737765657065722053656375726520576562736974653020170D3939313233313232303030305A180F32303939313233313232303030305A302431223020060355040313194C616E7377656570657220536563757265205765627369746530819F300D06092A864886F70D010101050003818D00308189028181009AE78D654D38FD24822CD7C2FDE45529D5506029B70594C456AF8C8981DE12F166C61965478A5E8696073D677FCDE5F65E701916EED6F3BA91D7CC7237E8B9C593B7A49518A465DA62ABB386B57F8ED41E94E0FB30E050074080E516EBFA91B6CC883CD316A470FD9DF40ABCBC6FD83E72902F8C540B48FB882CE8CF87513B470203010001A359305730550603551D01044E304C8010CFE15797FFE25F30A7E7F15ED219B653A126302431223020060355040313194C616E7377656570657220536563757265205765627369746582109EC070CA048B47AC4DCB68833CF4D969300D06092A864886F70D01010B05000381810017C5E5828D4DB536B56122628FE3394844DA13926DFCC998A130263562BC0C2E43B52FDCE5E204C3CF13B2EE96C725F433A71DBACC7112CC3531932D860E57B7D3DC9D647A5806AE658FDDDC134C8FCB7C7AD80E55EF1F53540F909AFBA1BC6A0F8ECE822707851BE4904F86BB6E3D069013F52C80EC5D3E4ABC07CAE2C6F4DC
 
Warsaw Personal CA
Status               : Verificado
Objeto               : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6BE927D3C182E0D7D689BEC9B36AE9C5FED1C65F\Blob
MD5                  : -
Editor               : -
Tamanho              : -
Versão               : -
Detecção             : Root CA Suspeito
Ação da Limpeza      : Deletar
Traços               :
                Entrada do Registro - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6BE927D3C182E0D7D689BEC9B36AE9C5FED1C65F\Blob = 1900000001000000100000003749FA89957A0D5AD18C0F1E82D866AA14000000010000001400000052DC4EEC606598C5E870896E61F5FD8CCAC13F2A0300000001000000140000006BE927D3C182E0D7D689BEC9B36AE9C5FED1C65F0F0000000100000020000000B22113711520CFFB1258108FBAD5B2E248EAFF11C56D94D8F968FBA01FEBCE3D2000000001000000D6040000308204D2308202BAA0030201000209008E49D07228AF515C300D06092A864886F70D01010B0500301D311B301906035504030C1257617273617720506572736F6E616C204341301E170D3135313132373138303333315A170D3235313132343138303333315A301D311B301906035504030C1257617273617720506572736F6E616C20434130820222300D06092A864886F70D01010105000382020F003082020A0282020100D5E7CF4EE1E9AA7C5AC04AD6F32C5C07F7B04B7E732065896D00A788E35452C6163761CC979976885907C4AD8F6916D36C11C2C5ADA91D69EDE4F3F7A7C61FCEF58C90CB98D9D60A9942448A7A38C485B263ADA5DE93BBAF91EA0528C6B9F93ADD159A7B61E1B32A24C870BF04F4FF35E0158C454954CDC5CD0E1A512A9AB0003F6250F2113FAC4CF9397D5678F6E4B9DD7952166360A2480E4CA389458E2CA944F8973D64C665F0ADD636C8B41C0175387E6E8B9D557B0C2DEC08FF260D5BA8F7DC28FF1D9BA7A85BBE432B52F978CA2F0813364731DF54CEA9906158D50814AEB5BDE4B1D3D19F668491E6692E3F4338F7CFB1B53154C7AF8428B2174A4B84C8D6C8A978451D07F43BE08D34F80273A162DC5452F23E633C71CC95404DB82D3B5169AD746A39A3741A36957679F13B9AF305C4472D57367C50C2D35C17E690E7013CDA6D154033EF39D1C267D9FFBB6494F55A5C54760082BB8F75015F428C87C2700174B5D9DBD3AB513FF183A5F913D4FE9C907C095C84F883F54B10307BD60CAE4B422D3442DE4579F20DCC46A075E617202F6C45CB71E74A4860F547DC5ED2702E044486F336DEA53035F967EA46F48BB66A1AD5BA22198C17BD9A58AAA4587521AAA788AD1BE437B0D1D19D3F6F3A95DE60FA2F38DFA71B87F9395226A754F6EFD8603357AAC4C73E9C2D631DA0EF4B72864FE53EC221842EF12098950203010001A3153013301106096086480186F8420101040403020204300D06092A864886F70D01010B0500038202010067A9FABDDD94D3AEE936CF229DD5C87FC564965EF4C9CD0940CDFC1FFA818DA829AED352966F9820F2ADDCE182499A0EA32344223DDA33507B7B317EB29C77259892D206ED14A074DF0CC472DA2D0792DE17A90BF0776B2B943735AA313048B06610BD6CECEF4E5ADDC7750FC633BFB0BF10D9A9229360AC4B4A8535AAC5E4219A6CD014D9622B7B253D54A31EC02E07F34F20B36123998D616CA866FDE686613C9093444BE630693A93330A2846697BE7CB7A0045B71115F0CA0E2AD914370224ED0AC7863AAFF998E507413A12F97C76909DB1E85B08CFC21DDB799025DA6EB9686EECF47FD4AF04C7C4615AB448565B60CA74727E7B3F473719FE7B73A659342516DE6E38E8D30E4449DF21F372629DD02E19792A7AC99893498505921153036DFE23EC048A62C024E9DD77501D1BBF620BA6388B5AFBADABACDFDDDF3A79056129D12D78EC92031AF72420BF35D474DD99CD200C0C9B779E3861F9D478A573642FFD7396FBF2E2096D8CD05DA73C80C41E65F1C592CFED5F018D53835EE56339C49C9C63844464A6F2E26DB53910086919DA21064F6FBF8E5A08ECF7DBF94731F1FA5688209A104ADDC721EA1F863447A00AF27DD5A066AB9C304CBC4F7176531E5769AF6620D97805CC8FDD7E7D4BBE31B9B9DD3AE54A9EED948412A36C541DB06950A4E98EBEE73E2F079CA3E0F6A8285E65F78526E408A833636F0427


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 05 April 2016 - 08:56 PM

Please delete İOBit folder with RevoUninstaller. I see still them


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 AlehCemy

AlehCemy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:28 AM

Posted 06 April 2016 - 08:00 AM

Please delete İOBit folder with RevoUninstaller. I see still them

 

I don't see anything related to IOBit in the RevoUninstaller. I uninstalled everything related that appeared on it. How can I delete the folder?



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 April 2016 - 09:06 AM

 

Please delete İOBit folder with RevoUninstaller. I see still them

 

I don't see anything related to IOBit in the RevoUninstaller. I uninstalled everything related that appeared on it. How can I delete the folder?

 

Please see;

 

Revouninstal to remove the files and folders

  • Double click on the RevoUninstaller and your open.
Ashampoo_Snap_20140419_18h17m51s_001_Rev
  • Press Tools button. ''1''
Ashampoo_Snap_20140419_18h27m23s_002_Rev
  • Click on the Tracks cleaner ''2''
Ashampoo_Snap_20140419_18h32m44s_003_Rev
  • Click twice an small arrow. ''3''
Ashampoo_Snap_20140419_18h40m54s_004_Rev
  • Click ''unrecoverable delete'' the folder. ''4''
Ashampoo_Snap_20140419_18h45m03s_005_Rev
  • Now you can select files and folders.
  • Select the files or folder and press on the ''DELETE FOREVER'' button.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 AlehCemy

AlehCemy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:28 AM

Posted 06 April 2016 - 09:19 AM

Okay, just did it. 

 

 

EDIT: What should I do now? 


Edited by AlehCemy, 06 April 2016 - 09:43 AM.


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 April 2016 - 10:04 AM

Okay, just did it. 

 

EDIT: What should I do now? 

Did you do the deletion ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 AlehCemy

AlehCemy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:28 AM

Posted 06 April 2016 - 10:22 AM

Yes, I did.

 

EDIT: Wait, just checked my Program files (x86) and there are two stubborn folders inside the IOBit folder that Revo isn't deleting even using the method you posted above.

 

EDIT 2: Managed to delete one of those folders. But one still remain, and it's the LiveUpdate. 


Edited by AlehCemy, 06 April 2016 - 10:38 AM.


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 April 2016 - 11:59 AM

Hi again,

 

Okay. Thank you. No issue.

 

Please uninstall Popcorn Time and blackmagic design with RevoUninstall

C:\program files\blackmagic design

C:\Program Files (x86)\Popcorn Time

 

And PC reboot.

======================================================================

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   29.6KB   2 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 AlehCemy

AlehCemy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:28 AM

Posted 06 April 2016 - 12:20 PM

Blackmagic Design is actually DaVinci Resolve, a color correction program (which is a essential program in my work field). Should I uninstall it? 

 

Popcorn is already unistalled. 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 April 2016 - 01:09 PM

Blackmagic Design is actually DaVinci Resolve, a color correction program (which is a essential program in my work field). Should I uninstall it? 

I do not know this software. I've never used. But it seems to have made blocking firewal. If you think you clean and legal, you can use


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users