Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think i have been infected by a worm from using an infected pendrive, need hel


  • This topic is locked This topic is locked
11 replies to this topic

#1 imdeepster

imdeepster

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 05 May 2016 - 08:33 AM

Today, I used a pendrive of a friend on my computer, I had auto folder open on. the folder opened and later to find nothing on the pendrive but only a E:\ folder inside the pendrive, then when i clicked hidden items viewable, i saw the pendrive logo I went inside transferred my important document since it needed an immediate printing. My computer has turned very slow following that and there are various hidden documents now on my desktop like $w_microsoft.docx which are of names of files i had deleted long ago and several other files which i had created and used long back but never used in the near history. 

 

Please help me fix this , remove the virus and get back to my old computer speed.

 

 

Thanks alot for help in advance

 
 
 
----FRST LOG-------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016
Ran by ASRLAPTOP (administrator) on DEEPAK (05-05-2016 18:57:15)
Running from C:\Users\ASRLAPTOP\Downloads
Loaded Profiles: ASRLAPTOP & Administrator & Guest (Available Profiles: ASRLAPTOP & Administrator & Guest)
Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898768 2012-07-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6570688 2015-06-22] (SoftPerfect)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKU\S-1-5-21-1087666087-1086935167-1185774660-1001\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9862184 2016-03-17] ()
HKU\S-1-5-21-1087666087-1086935167-1185774660-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-16] (Piriform Ltd)
HKU\S-1-5-21-1087666087-1086935167-1185774660-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1087666087-1086935167-1185774660-1001\...\RunOnce: [Uninstall C:\Users\ASRLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASRLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1087666087-1086935167-1185774660-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-1087666087-1086935167-1185774660-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-07]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1d58323f-b141-45f0-aa96-f0c291d4c3b4}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1087666087-1086935167-1185774660-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1087666087-1086935167-1185774660-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
URLSearchHook: [S-1-5-21-1087666087-1086935167-1185774660-500_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-1087666087-1086935167-1185774660-501_classes] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1087666087-1086935167-1185774660-1001 -> DefaultScope {97AE6AE4-7939-4195-B293-042E1F8DC714} URL = 
SearchScopes: HKU\S-1-5-21-1087666087-1086935167-1185774660-1001 -> {97AE6AE4-7939-4195-B293-042E1F8DC714} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ASRLAPTOP\AppData\Roaming\Mozilla\Firefox\Profiles\ai9s2ml9.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-08-27] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1087666087-1086935167-1185774660-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ASRLAPTOP\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-1087666087-1086935167-1185774660-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Garena Talk Plugin) - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-04-19]
CHR Extension: (YouTube) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-04-26]
CHR Extension: (Google Docs Offline) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16]
CHR Extension: (PowerPoint Online) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2015-03-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\ASRLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-06-18] (Intel® Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
R2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
S2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-11] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [1102848 2012-03-26] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-05-05] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [316120 2014-03-19] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40808 2015-07-19] (Google Inc)
S3 athur; C:\Windows\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-05-05] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-05] ()
R3 gkernel; C:\Users\ASRLAPTOP\AppData\Local\Temp\gkernel.sys [50888 2016-05-01] ()
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [70120 2015-06-15] (NetFilterSDK.com)
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [103824 2015-07-17] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211352 2015-07-17] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [120216 2015-07-17] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [120208 2015-07-17] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [112536 2015-07-17] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [89472 2015-09-01] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [133528 2015-07-17] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [309648 2015-07-17] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [179608 2015-07-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [122776 2015-07-17] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [267160 2015-07-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [115600 2015-07-17] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [173464 2015-07-22] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [130968 2015-07-22] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207256 2015-07-22] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133528 2015-07-22] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [143768 2015-07-22] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117144 2015-07-22] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-05 18:57 - 2016-05-05 18:57 - 00023065 _____ C:\Users\ASRLAPTOP\Downloads\FRST.txt
2016-05-05 18:57 - 2016-05-05 18:57 - 00000000 ____D C:\FRST
2016-05-05 18:56 - 2016-05-05 18:56 - 02379776 _____ (Farbar) C:\Users\ASRLAPTOP\Downloads\FRST64.exe
2016-05-05 18:42 - 2016-05-05 18:42 - 00003608 _____ C:\WINDOWS\System32\Tasks\Garena+ Plugin Host Service
2016-05-05 07:53 - 2016-05-05 07:53 - 00001134 _____ C:\Users\ASRLAPTOP\Desktop\SpyHunter.lnk
2016-05-05 07:53 - 2016-05-05 07:53 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-05-05 07:53 - 2016-05-05 07:53 - 00000000 ____D C:\sh4ldr
2016-05-05 07:52 - 2016-05-05 07:52 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-05-05 07:52 - 2016-05-05 07:52 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-05 07:51 - 2016-05-05 07:52 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\ASRLAPTOP\Downloads\SpyHunter-Installer.exe
2016-05-05 07:49 - 2016-05-05 07:50 - 05658358 _____ (Swearware) C:\Users\ASRLAPTOP\Downloads\ComboFix.exe
2016-05-05 06:50 - 2016-05-05 06:50 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-05 06:48 - 2016-05-05 07:17 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-05 06:48 - 2016-05-05 06:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ASRLAPTOP\Downloads\rkill (1).com
2016-05-05 06:47 - 2016-05-05 06:48 - 24017992 _____ C:\Users\ASRLAPTOP\Downloads\RogueKillerX64.exe
2016-05-05 06:45 - 2016-05-05 06:47 - 00002960 _____ C:\Users\ASRLAPTOP\Desktop\Rkill.txt
2016-05-05 06:45 - 2016-05-05 06:45 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ASRLAPTOP\Downloads\rkill.com
2016-05-04 14:05 - 2016-05-04 14:05 - 00000000 ____D C:\Users\ASRLAPTOP\Desktop\desktop 2
2016-05-01 17:43 - 2016-05-01 17:46 - 124352792 _____ (Microsoft Corporation) C:\Users\ASRLAPTOP\Downloads\msert.exe
2016-05-01 17:24 - 2016-05-01 17:24 - 00798417 _____ C:\Users\ASRLAPTOP\AppData\Local\census.cache
2016-05-01 17:23 - 2016-05-01 17:23 - 00428630 _____ C:\Users\ASRLAPTOP\AppData\Local\ars.cache
2016-05-01 16:49 - 2016-05-01 16:49 - 00000010 _____ C:\Users\ASRLAPTOP\AppData\Local\sponge.last.runtime.cache
2016-05-01 16:48 - 2016-05-01 16:48 - 00000000 ____D C:\SUPERDelete
2016-05-01 16:46 - 2016-05-05 08:46 - 00000532 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 85ddfa9d-3931-4989-84fc-44a6b6fc0871.job
2016-05-01 16:46 - 2016-05-05 02:00 - 00000532 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e13fed11-e0e5-444d-ac9d-a5d052452114.job
2016-05-01 16:46 - 2016-05-01 16:46 - 00003762 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e13fed11-e0e5-444d-ac9d-a5d052452114
2016-05-01 16:46 - 2016-05-01 16:46 - 00003680 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 85ddfa9d-3931-4989-84fc-44a6b6fc0871
2016-05-01 16:46 - 2016-05-01 16:46 - 00001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-05-01 16:46 - 2016-05-01 16:46 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Roaming\SUPERAntiSpyware.com
2016-05-01 16:46 - 2016-05-01 16:46 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-05-01 16:46 - 2016-05-01 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-05-01 16:46 - 2016-05-01 16:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-01 16:45 - 2016-05-01 16:45 - 00000000 ____D C:\ProgramData\Trend Micro
2016-05-01 16:40 - 2016-05-01 16:40 - 00000036 _____ C:\Users\ASRLAPTOP\AppData\Local\housecall.guid.cache
2016-05-01 16:40 - 2015-12-24 18:33 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-05-01 16:39 - 2016-05-01 16:40 - 02527376 _____ (Trend Micro Inc.) C:\Users\ASRLAPTOP\Downloads\HousecallLauncher64.exe
2016-04-28 22:12 - 2016-04-28 22:12 - 00337830 _____ C:\Users\ASRLAPTOP\Documents\cc_20160428_221219.reg
2016-04-28 22:03 - 2016-04-28 22:03 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-04-28 22:02 - 2016-04-28 22:04 - 00000000 ____D C:\Program Files\CCleaner
2016-04-23 17:23 - 2016-04-23 17:23 - 00100469 _____ C:\Users\ASRLAPTOP\Desktop\Free RSVP Online _ Track RSVP’s and Sell Tickets for your events and recurring meetings_.pdf
2016-04-22 17:41 - 2016-04-22 17:41 - 01799457 _____ C:\Users\ASRLAPTOP\Desktop\petitionform.pdf
2016-04-22 17:41 - 2016-04-22 17:41 - 01795874 _____ C:\Users\ASRLAPTOP\Downloads\images(1).pdf
2016-04-22 17:38 - 2016-04-22 17:38 - 04538240 _____ C:\Users\ASRLAPTOP\Desktop\7thsemtranscript.pdf
2016-04-22 17:37 - 2016-04-22 17:37 - 04533708 _____ C:\Users\ASRLAPTOP\Downloads\7thsemtranscript.pdf
2016-04-22 16:58 - 2016-04-22 16:58 - 06329243 _____ C:\Users\ASRLAPTOP\Downloads\images.pdf
2016-04-22 16:29 - 2016-04-22 16:29 - 00106394 _____ C:\Users\ASRLAPTOP\Desktop\coursework.pdf
2016-04-22 16:12 - 2016-04-22 16:12 - 00000000 ____D C:\Users\ASRLAPTOP\Documents\Snagit
2016-04-22 16:09 - 2016-05-05 18:55 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Local\CrashDumps
2016-04-22 16:09 - 2016-04-24 11:17 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Local\TechSmith
2016-04-22 16:08 - 2016-04-24 11:17 - 00000000 ____D C:\ProgramData\TechSmith
2016-04-22 16:08 - 2016-04-22 16:08 - 00000000 ____D C:\Program Files (x86)\TechSmith
2016-04-21 22:09 - 2016-04-21 22:10 - 01150777 _____ C:\Users\ASRLAPTOP\Downloads\project report.pdf
2016-04-20 13:52 - 2016-04-20 13:52 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Roaming\MiKTeX
2016-04-20 13:48 - 2016-05-05 08:55 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Roaming\texstudio
2016-04-20 13:48 - 2016-04-20 13:48 - 00001094 _____ C:\Users\Public\Desktop\TeXstudio.lnk
2016-04-20 13:48 - 2016-04-20 13:48 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Local\MiKTeX
2016-04-20 13:48 - 2016-04-20 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio
2016-04-20 13:47 - 2016-04-20 13:48 - 00000000 ____D C:\Program Files (x86)\TeXstudio
2016-04-20 13:45 - 2016-04-20 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2016-04-20 13:41 - 2016-04-20 13:41 - 00000000 ____D C:\ProgramData\MiKTeX
2016-04-20 13:22 - 2016-04-20 13:35 - 00000000 ____D C:\Program Files (x86)\MiKTeX 2.9
2016-04-18 06:44 - 2016-04-18 06:44 - 00092440 _____ C:\Users\ASRLAPTOP\Downloads\2016-04-17-15-07-10-510_1460885830510_XXXPS2669X_ITRV.pdf
2016-04-18 06:43 - 2016-04-18 06:43 - 00131334 _____ C:\Users\ASRLAPTOP\Downloads\2016-04-17-14-58-25-966_AAZPS2669E_2014_.pdf
2016-04-17 22:33 - 2016-04-17 22:33 - 00124796 _____ C:\Users\ASRLAPTOP\Desktop\finalsemfeespaid.pdf
2016-04-15 13:04 - 2016-04-15 13:04 - 00143118 _____ C:\Users\ASRLAPTOP\Desktop\Buffalo i20 Paid.pdf
2016-04-13 21:53 - 2016-04-13 21:53 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-04-13 18:47 - 2016-04-02 08:44 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 18:47 - 2016-03-29 15:50 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 18:47 - 2016-03-29 15:50 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 18:47 - 2016-03-29 15:48 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 18:47 - 2016-03-29 15:07 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 18:47 - 2016-03-29 14:11 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 18:47 - 2016-03-29 13:36 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 18:47 - 2016-03-29 13:32 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 18:47 - 2016-03-29 13:31 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 18:47 - 2016-03-29 13:28 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 18:47 - 2016-03-29 13:28 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 18:47 - 2016-03-29 13:16 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 18:47 - 2016-03-29 13:06 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 18:47 - 2016-03-29 12:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 18:47 - 2016-03-29 12:45 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 18:47 - 2016-03-29 12:45 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 18:47 - 2016-03-29 12:44 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 18:47 - 2016-03-29 12:42 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 18:47 - 2016-03-29 12:42 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 18:47 - 2016-03-29 12:40 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 18:47 - 2016-03-29 12:37 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 18:47 - 2016-03-29 12:32 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 18:47 - 2016-03-29 12:32 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 18:47 - 2016-03-29 12:30 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 18:47 - 2016-03-29 12:12 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 18:47 - 2016-03-29 12:07 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 18:47 - 2016-03-29 12:07 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 18:47 - 2016-03-29 12:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 18:47 - 2016-03-29 12:02 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 18:47 - 2016-03-29 12:01 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 18:47 - 2016-03-29 11:58 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 18:47 - 2016-03-29 11:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 18:47 - 2016-03-29 11:56 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 18:47 - 2016-03-29 11:35 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 18:47 - 2016-03-29 11:35 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 18:47 - 2016-03-29 11:32 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 18:47 - 2016-03-29 11:31 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 18:47 - 2016-03-29 11:26 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 18:47 - 2016-03-29 11:22 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 18:47 - 2016-03-29 11:21 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 18:47 - 2016-03-29 11:21 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 18:47 - 2016-03-29 11:13 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 18:47 - 2016-03-29 11:11 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 18:47 - 2016-03-29 11:11 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 18:47 - 2016-03-29 11:09 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 18:47 - 2016-03-29 11:08 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 18:47 - 2016-03-29 11:07 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 18:47 - 2016-03-29 10:57 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 18:47 - 2016-03-29 10:57 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 18:46 - 2016-04-02 09:43 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 18:46 - 2016-04-02 09:40 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 18:46 - 2016-04-02 09:40 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 18:46 - 2016-04-02 09:40 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 18:46 - 2016-04-02 09:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 18:46 - 2016-04-02 08:59 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 18:46 - 2016-04-02 08:59 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 18:46 - 2016-04-02 08:56 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 18:46 - 2016-04-02 08:55 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 18:46 - 2016-04-02 08:55 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 18:46 - 2016-04-02 08:53 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 18:46 - 2016-04-02 08:53 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 18:46 - 2016-04-02 08:51 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 18:46 - 2016-04-02 08:49 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 18:46 - 2016-04-02 08:48 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 18:46 - 2016-04-02 08:45 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 18:46 - 2016-04-02 08:39 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 18:46 - 2016-04-02 08:37 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 18:46 - 2016-04-02 08:37 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 18:46 - 2016-04-02 08:30 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 18:46 - 2016-03-29 15:53 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 18:46 - 2016-03-29 15:52 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 18:46 - 2016-03-29 15:52 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 18:46 - 2016-03-29 15:50 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 18:46 - 2016-03-29 15:50 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 18:46 - 2016-03-29 15:45 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 18:46 - 2016-03-29 15:41 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 18:46 - 2016-03-29 15:35 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 18:46 - 2016-03-29 15:32 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 18:46 - 2016-03-29 15:32 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 18:46 - 2016-03-29 15:26 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 18:46 - 2016-03-29 14:58 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 18:46 - 2016-03-29 14:58 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 18:46 - 2016-03-29 14:58 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 18:46 - 2016-03-29 14:55 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 18:46 - 2016-03-29 14:55 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 18:46 - 2016-03-29 14:49 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 18:46 - 2016-03-29 14:48 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 18:46 - 2016-03-29 14:47 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 18:46 - 2016-03-29 14:43 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 18:46 - 2016-03-29 14:41 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 18:46 - 2016-03-29 14:41 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 18:46 - 2016-03-29 14:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 18:46 - 2016-03-29 14:39 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 18:46 - 2016-03-29 14:38 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 18:46 - 2016-03-29 14:38 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 18:46 - 2016-03-29 14:37 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 18:46 - 2016-03-29 14:14 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 18:46 - 2016-03-29 14:14 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 18:46 - 2016-03-29 14:11 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 18:46 - 2016-03-29 14:02 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 18:46 - 2016-03-29 13:56 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 18:46 - 2016-03-29 13:56 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 18:46 - 2016-03-29 13:56 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 18:46 - 2016-03-29 13:55 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 18:46 - 2016-03-29 13:54 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 18:46 - 2016-03-29 13:53 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 18:46 - 2016-03-29 13:51 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 18:46 - 2016-03-29 13:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 18:46 - 2016-03-29 13:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 18:46 - 2016-03-29 13:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 18:46 - 2016-03-29 13:27 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 18:46 - 2016-03-29 13:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 18:46 - 2016-03-29 13:21 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 18:46 - 2016-03-29 13:20 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 18:46 - 2016-03-29 13:20 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 18:46 - 2016-03-29 13:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 18:46 - 2016-03-29 13:18 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 18:46 - 2016-03-29 13:14 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 18:46 - 2016-03-29 13:12 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 18:46 - 2016-03-29 13:09 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 18:46 - 2016-03-29 13:08 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 18:46 - 2016-03-29 13:07 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 18:46 - 2016-03-29 13:06 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 18:46 - 2016-03-29 13:05 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 18:46 - 2016-03-29 13:05 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 18:46 - 2016-03-29 13:04 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 18:46 - 2016-03-29 13:04 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 18:46 - 2016-03-29 13:04 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 18:46 - 2016-03-29 13:03 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 18:46 - 2016-03-29 13:00 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 18:46 - 2016-03-29 13:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 18:46 - 2016-03-29 12:58 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 18:46 - 2016-03-29 12:57 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 18:46 - 2016-03-29 12:56 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 18:46 - 2016-03-29 12:53 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 18:46 - 2016-03-29 12:53 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 18:46 - 2016-03-29 12:53 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 18:46 - 2016-03-29 12:52 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 18:46 - 2016-03-29 12:51 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 18:46 - 2016-03-29 12:50 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 18:46 - 2016-03-29 12:50 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 18:46 - 2016-03-29 12:50 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 18:46 - 2016-03-29 12:49 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 18:46 - 2016-03-29 12:48 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 18:46 - 2016-03-29 12:47 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 18:46 - 2016-03-29 12:47 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 18:46 - 2016-03-29 12:47 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 18:46 - 2016-03-29 12:46 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 18:46 - 2016-03-29 12:46 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 18:46 - 2016-03-29 12:44 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 18:46 - 2016-03-29 12:44 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 18:46 - 2016-03-29 12:43 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 18:46 - 2016-03-29 12:42 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 18:46 - 2016-03-29 12:41 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 18:46 - 2016-03-29 12:41 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 18:46 - 2016-03-29 12:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 18:46 - 2016-03-29 12:40 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 18:46 - 2016-03-29 12:39 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 18:46 - 2016-03-29 12:38 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 18:46 - 2016-03-29 12:38 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 18:46 - 2016-03-29 12:37 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 18:46 - 2016-03-29 12:36 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 18:46 - 2016-03-29 12:36 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 18:46 - 2016-03-29 12:35 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 18:46 - 2016-03-29 12:34 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 18:46 - 2016-03-29 12:33 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 18:46 - 2016-03-29 12:32 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 18:46 - 2016-03-29 12:30 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 18:46 - 2016-03-29 12:29 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 18:46 - 2016-03-29 12:29 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 18:46 - 2016-03-29 12:26 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 18:46 - 2016-03-29 12:26 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 18:46 - 2016-03-29 12:25 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 18:46 - 2016-03-29 12:23 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 18:46 - 2016-03-29 12:23 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 18:46 - 2016-03-29 12:22 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 18:46 - 2016-03-29 12:19 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 18:46 - 2016-03-29 12:18 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 18:46 - 2016-03-29 12:14 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 18:46 - 2016-03-29 12:13 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 18:46 - 2016-03-29 12:12 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 18:46 - 2016-03-29 12:12 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 18:46 - 2016-03-29 12:11 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 18:46 - 2016-03-29 12:10 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 18:46 - 2016-03-29 12:09 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 18:46 - 2016-03-29 12:09 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 18:46 - 2016-03-29 12:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 18:46 - 2016-03-29 12:06 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 18:46 - 2016-03-29 12:06 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 18:46 - 2016-03-29 12:05 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 18:46 - 2016-03-29 12:04 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 18:46 - 2016-03-29 12:04 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 18:46 - 2016-03-29 12:04 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 18:46 - 2016-03-29 12:02 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 18:46 - 2016-03-29 12:02 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 18:46 - 2016-03-29 12:02 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 18:46 - 2016-03-29 12:02 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 18:46 - 2016-03-29 12:02 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 18:46 - 2016-03-29 12:02 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 18:46 - 2016-03-29 12:02 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 18:46 - 2016-03-29 12:01 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 18:46 - 2016-03-29 12:01 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 18:46 - 2016-03-29 12:01 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 18:46 - 2016-03-29 12:00 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 18:46 - 2016-03-29 11:59 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 18:46 - 2016-03-29 11:59 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 18:46 - 2016-03-29 11:58 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 18:46 - 2016-03-29 11:57 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 18:46 - 2016-03-29 11:57 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 18:46 - 2016-03-29 11:53 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 18:46 - 2016-03-29 11:52 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 18:46 - 2016-03-29 11:49 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 18:46 - 2016-03-29 11:47 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 18:46 - 2016-03-29 11:44 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 18:46 - 2016-03-29 11:43 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 18:46 - 2016-03-29 11:40 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 18:46 - 2016-03-29 11:36 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 18:46 - 2016-03-29 11:35 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 18:46 - 2016-03-29 11:35 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 18:46 - 2016-03-29 11:35 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 18:46 - 2016-03-29 11:34 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 18:46 - 2016-03-29 11:34 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 18:46 - 2016-03-29 11:31 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 18:46 - 2016-03-29 11:28 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 18:46 - 2016-03-29 11:19 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 18:46 - 2016-03-29 11:15 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 18:46 - 2016-03-29 11:15 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 18:46 - 2016-03-29 11:13 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 18:46 - 2016-03-29 11:08 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 18:46 - 2016-03-29 11:06 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 18:46 - 2016-03-29 10:56 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 18:46 - 2016-03-29 10:55 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 18:45 - 2016-04-02 08:38 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 18:45 - 2016-04-02 08:33 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 18:45 - 2016-03-29 13:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 18:45 - 2016-03-29 13:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 18:45 - 2016-03-29 13:37 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 18:45 - 2016-03-29 13:37 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 18:45 - 2016-03-29 13:36 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 18:45 - 2016-03-29 13:30 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 18:45 - 2016-03-29 13:30 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 18:45 - 2016-03-29 13:30 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 18:45 - 2016-03-29 13:29 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 18:45 - 2016-03-29 13:27 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 18:45 - 2016-03-29 13:27 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 18:45 - 2016-03-29 13:27 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 18:45 - 2016-03-29 13:25 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 18:45 - 2016-03-29 13:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 18:45 - 2016-03-29 13:25 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 18:45 - 2016-03-29 13:24 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 18:45 - 2016-03-29 13:24 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 18:45 - 2016-03-29 13:23 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 18:45 - 2016-03-29 13:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 18:45 - 2016-03-29 13:20 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 18:45 - 2016-03-29 13:20 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 18:45 - 2016-03-29 13:20 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 18:45 - 2016-03-29 13:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 18:45 - 2016-03-29 13:16 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 18:45 - 2016-03-29 13:04 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 18:45 - 2016-03-29 13:02 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 18:45 - 2016-03-29 13:02 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 18:45 - 2016-03-29 12:50 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 18:45 - 2016-03-29 12:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 18:45 - 2016-03-29 12:44 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 18:45 - 2016-03-29 12:41 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 18:45 - 2016-03-29 12:41 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 18:45 - 2016-03-29 12:41 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 18:45 - 2016-03-29 12:39 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 18:45 - 2016-03-29 12:39 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 18:45 - 2016-03-29 12:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 18:45 - 2016-03-29 12:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 18:45 - 2016-03-29 12:35 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 18:45 - 2016-03-29 12:30 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 18:45 - 2016-03-29 12:30 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 18:45 - 2016-03-29 12:29 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 18:45 - 2016-03-29 12:22 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 18:45 - 2016-03-29 12:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 18:45 - 2016-03-29 12:04 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 18:45 - 2016-03-29 11:57 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 18:45 - 2016-03-29 11:57 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 18:45 - 2016-03-29 11:35 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 18:45 - 2016-03-29 11:30 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 18:45 - 2016-03-29 11:05 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 18:45 - 2016-03-29 10:58 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 18:45 - 2016-03-29 10:57 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 18:45 - 2016-03-29 10:56 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 18:45 - 2016-03-29 10:55 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 18:45 - 2016-03-29 10:51 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 17:49 - 2008-05-15 02:28 - 00026624 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\jswpslwfx.sys
2016-04-13 17:48 - 2016-04-13 17:48 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2016-04-13 17:48 - 2013-11-20 11:43 - 02702336 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athuwbx.sys
2016-04-13 17:45 - 2016-04-13 17:47 - 84403991 _____ C:\Users\ASRLAPTOP\Downloads\WNA1100_Setup-V2.2.0.1-1_signed.zip
2016-04-08 07:01 - 2016-04-08 07:01 - 00096458 _____ C:\Users\ASRLAPTOP\Desktop\ASU i20 paid.pdf
2016-04-07 07:48 - 2016-04-07 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-04-06 19:46 - 2016-04-06 19:46 - 00361226 _____ C:\Users\ASRLAPTOP\Downloads\SD passport.pdf
2016-04-06 18:44 - 2016-04-06 18:44 - 00265216 _____ C:\Users\ASRLAPTOP\Desktop\2016-2017_grad_fgf.pdf
2016-04-05 16:05 - 2016-04-05 16:06 - 00865928 _____ C:\Users\ASRLAPTOP\Downloads\drivedetect.exe
2016-04-05 15:28 - 2016-04-05 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-04-05 15:27 - 2016-04-05 15:27 - 00000000 ____D C:\Program Files (x86)\Seagate
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-05 18:50 - 2015-01-14 22:59 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-05 18:44 - 2015-04-07 17:32 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1AE3BE9F-AC44-4DA5-88F4-2FE5FA406CF0}
2016-05-05 18:41 - 2015-12-09 14:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-05 18:41 - 2015-02-04 18:53 - 00000000 __SHD C:\Users\ASRLAPTOP\IntelGraphicsProfiles
2016-05-05 18:41 - 2015-01-14 22:59 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-05 05:47 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-05 04:51 - 2015-10-30 12:54 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-04 14:55 - 2015-10-30 12:51 - 00000000 ____D C:\WINDOWS\INF
2016-05-04 14:55 - 2015-08-04 17:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-03 05:53 - 2015-01-14 23:03 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-03 05:53 - 2015-01-14 23:03 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-03 05:14 - 2012-12-08 10:11 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Local\Packages
2016-05-02 14:44 - 2015-01-13 22:38 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Roaming\vlc
2016-05-02 13:59 - 2016-03-05 10:01 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Roaming\uTorrent
2016-05-02 13:50 - 2013-03-16 13:02 - 00000000 ____D C:\Users\ASRLAPTOP\Documents\Vuze Downloads
2016-05-01 17:30 - 2016-03-18 00:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-01 17:29 - 2015-10-30 11:58 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-01 11:37 - 2016-02-28 19:03 - 00000000 ____D C:\Users\ASRLAPTOP\Downloads\textbook
2016-04-30 09:07 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-30 08:21 - 2016-02-08 18:03 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Local\ElevatedDiagnostics
2016-04-29 06:46 - 2016-03-17 23:34 - 00395896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-28 22:11 - 2015-05-14 20:25 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Roaming\TS3Client
2016-04-28 22:09 - 2016-03-18 13:03 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-26 18:39 - 2015-12-09 14:30 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-26 18:39 - 2015-12-09 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-26 18:39 - 2015-12-09 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-25 17:47 - 2016-02-24 11:02 - 00000000 ____D C:\Users\ASRLAPTOP\Desktop\Project
2016-04-24 11:17 - 2016-03-17 23:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-22 16:05 - 2015-01-17 20:08 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Local\Windows Live
2016-04-19 16:23 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 22:01 - 2016-03-17 23:46 - 00000000 ____D C:\Users\ASRLAPTOP
2016-04-15 09:56 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 09:56 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-15 09:56 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-15 09:56 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-14 11:45 - 2015-10-30 12:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 11:39 - 2015-01-20 18:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 21:53 - 2015-01-20 18:37 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 17:50 - 2012-10-25 01:40 - 00000000 ____D C:\Temp
2016-04-13 17:48 - 2012-10-25 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-08 07:46 - 2015-09-16 16:38 - 00000000 ____D C:\Users\ASRLAPTOP\AppData\Roaming\GarenaPlus
2016-04-08 07:46 - 2015-09-16 16:37 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-04-07 07:48 - 2016-02-18 07:13 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-04-07 07:48 - 2015-11-19 09:23 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-04-07 00:02 - 2015-10-30 12:56 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-07 00:02 - 2015-10-30 12:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-04-27 22:27 - 2015-04-27 22:27 - 0000046 _____ () C:\Users\ASRLAPTOP\AppData\Roaming\Camdata.ini
2015-04-27 22:27 - 2015-04-27 22:27 - 0000408 _____ () C:\Users\ASRLAPTOP\AppData\Roaming\CamLayout.ini
2015-04-27 22:27 - 2015-04-27 22:27 - 0000408 _____ () C:\Users\ASRLAPTOP\AppData\Roaming\CamShapes.ini
2015-04-27 22:12 - 2015-04-27 22:27 - 0004546 _____ () C:\Users\ASRLAPTOP\AppData\Roaming\CamStudio.cfg
2015-04-27 22:07 - 2015-04-27 22:46 - 0000096 _____ () C:\Users\ASRLAPTOP\AppData\Roaming\version2.xml
2016-05-01 17:23 - 2016-05-01 17:23 - 0428630 _____ () C:\Users\ASRLAPTOP\AppData\Local\ars.cache
2016-05-01 17:24 - 2016-05-01 17:24 - 0798417 _____ () C:\Users\ASRLAPTOP\AppData\Local\census.cache
2016-05-01 16:40 - 2016-05-01 16:40 - 0000036 _____ () C:\Users\ASRLAPTOP\AppData\Local\housecall.guid.cache
2015-01-23 15:33 - 2015-03-24 16:17 - 0007608 _____ () C:\Users\ASRLAPTOP\AppData\Local\Resmon.ResmonCfg
2016-05-01 16:49 - 2016-05-01 16:49 - 0000010 _____ () C:\Users\ASRLAPTOP\AppData\Local\sponge.last.runtime.cache
2015-04-02 07:41 - 2015-04-02 07:41 - 0000000 _____ () C:\Users\ASRLAPTOP\AppData\Local\{D2615C72-1542-495E-A663-DA9CEA2161B6}
2012-10-25 01:36 - 2012-10-25 01:36 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-25 01:31 - 2012-10-25 01:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-25 01:33 - 2012-10-25 01:34 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-25 01:31 - 2012-10-25 01:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-25 01:34 - 2012-10-25 01:36 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-03 05:47
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
I have attached addition.txt herewith

 

Attached Files


Edited by imdeepster, 05 May 2016 - 08:35 AM.


BC AdBot (Login to Remove)

 


#2 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 05 May 2016 - 09:51 AM

Hello imdeepster
 

I am Marie Curie and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
--------------------------------------------------------------
 
 
Please read the following warnings before you proceed.
 
 
goGMWSt.gifComboFix Warning
------------------------------
 
I see you have run ComboFix, a powerful first-responder malware removal tool, designed to remove some of the toughest malware; including bootkits, rootkits and backdoors. As stated in the disclaimer, the tool should not be used by someone untrained in its usage. Doing so may cause unforeseen circumstances, and could render your machine unbootable. For more information on why you should not run ComboFix without supervision, please read the following article.



goGMWSt.gifBackdoor Warning
------------------------------
 
One or more of the identified malware is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal system, financial & personal information.
 
If your computer has been used for online banking, has credit card information or other sensitive data, using a non-compromised computer/device you should immediately change all account information (including those used for Email, eBay, Paypal, online forums, etc).
 
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified malware can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your hard drive and reinstall your Operating System. This is due to the nature of the malware, which allows a remote attacker to make any kind of modification. Many experts in the security community believe that once compromised with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.You now have the choice between cleaning the malware present or reformatting your computer. Ultimately, the decision is yours, and what you're most comfortable with. Once you've read the articles linked above, let me know if you have any questions, and how you wish to proceed.

#3 imdeepster

imdeepster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 05 May 2016 - 10:35 AM

Hi curie, thanks for the reply. I think we should proceed with cleaning the malware present and I hope the malware can be cleared. 

As for the combofix, I have just downloaded it and never used it as it wasnt compatible with windows 10. I know i got ahead of time , I will wait for your instructions and follow them properly.

 

Thanks, 



#4 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 05 May 2016 - 12:07 PM

STEP 1
xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Search
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.
    D2615C72-1542-495E-A663-DA9CEA2161B6;javascript
  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.
STEP 2
aA7bkRO.pngaswMBR
  • Please download aswMBR and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.

======================================================

STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.
  • Search.txt
  • aswMBR log


#5 imdeepster

imdeepster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 05 May 2016 - 11:33 PM

Farbar Recovery Scan Tool (x64) Version:06-05-2016
Ran by ASRLAPTOP (2016-05-06 06:42:59)
Running from C:\Users\ASRLAPTOP\Downloads
Boot Mode: Normal
 
================== Search Registry: "D2615C72-1542-495E-A663-DA9CEA2161B6;javascript" ===========
 
 
===================== Search result for "javascript" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}]
""="Microsoft HTML Javascript Pluggable Protocol"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{e5b35059-a1be-4977-9bee-5c44226340f7}]
""="IJavascriptDispatchRemoteProxy"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript Author]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.1 Author]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.2 Author]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaScript1.3 Author]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\javascript]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20ED5C4-0A2E-4F66-9BE2-86A1C823DD68}]
""="IJavascriptDispatchRemoteProxy"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\PROTOCOLS\Handler\javascript]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4210D39FE9C0D214DA66C66F9C686753]
"68AB67CA7DA73301B744CAF070E41400"="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\3]
"javascript"="0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms]
"tSchemePerms"="version:2|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3|javascript:4|data:3|jar:3|vbscript:3"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\3]
"javascript"="0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}]
""="Microsoft HTML Javascript Pluggable Protocol"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{e5b35059-a1be-4977-9bee-5c44226340f7}]
""="IJavascriptDispatchRemoteProxy"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms]
"tSchemePerms"="version:2|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3|javascript:4|data:3|jar:3|vbscript:3"
 
[HKEY_USERS\S-1-5-21-1087666087-1086935167-1185774660-1001\SOFTWARE\Classes\Interface\{42459A23-ED0E-54B4-87B6-2540CECE6040}]
""="IFBComJavascriptObject"
 
[HKEY_USERS\S-1-5-21-1087666087-1086935167-1185774660-1001\SOFTWARE\Classes\Local Settings\MuiCache\33\52C64B7E]
"@%SystemRoot%\system32\mshtml.dll,-2402"="JavaScript Timer Frequency"
 
[HKEY_USERS\S-1-5-21-1087666087-1086935167-1185774660-1001_Classes\Interface\{42459A23-ED0E-54B4-87B6-2540CECE6040}]
""="IFBComJavascriptObject"
 
[HKEY_USERS\S-1-5-21-1087666087-1086935167-1185774660-1001_Classes\Local Settings\MuiCache\33\52C64B7E]
"@%SystemRoot%\system32\mshtml.dll,-2402"="JavaScript Timer Frequency"
 
[HKEY_USERS\S-1-5-21-1087666087-1086935167-1185774660-500_classes\Wow6432Node\Interface\{42459A23-ED0E-54B4-87B6-2540CECE6040}]
""="IFBComJavascriptObject"
 
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\33\52C64B7E]
"@C:\WINDOWS\System32\wshext.dll,-4804"="JavaScript File"
====== End of Search ======
 
 
 
 
 
 
 
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-05-06 06:44:43
-----------------------------
06:44:43.785    OS Version: Windows x64 6.2.9200 
06:44:43.800    Number of processors: 4 586 0x3A09
06:44:43.800    ComputerName: DEEPAK  UserName: 
06:44:47.329    Initialize success
06:44:47.438    VM: initialized successfully
06:44:47.438    VM: Intel CPU supported 
06:53:00.461    VM: disk I/O iaStorA.sys
06:53:29.465    AVAST engine defs: 16050501
06:53:41.686    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000001d
06:53:41.686    Disk 0 Vendor: WDC_WD10JPVT-75A1YT0 01.01A01 Size: 953869MB BusType: 11
06:53:41.811    Disk 0 MBR read successfully
06:53:41.811    Disk 0 MBR scan
06:53:41.827    Disk 0 unknown MBR code
06:53:41.827    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
06:53:41.874    Disk 0 scanning C:\WINDOWS\system32\drivers
06:53:52.618    Service scanning
06:54:16.930    Modules scanning
06:54:16.942    Disk 0 trace - called modules:
06:54:16.964    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
06:54:16.980    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001e5d9f060]
06:54:16.980    3 CLASSPNP.SYS[fffff8013fae7d95] -> nt!IofCallDriver -> \Device\0000001d[0xffffe001e5dc7400]
06:54:19.398    AVAST engine scan C:\
09:44:05.726    File: C:\Windows.old(1)\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui **HIDDEN**
09:44:05.928    File: C:\Windows.old(1)\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui **HIDDEN**
09:44:06.029    File: C:\Windows.old(1)\Program Files\Windows Defender\en-US\MsMpRes.dll.mui **HIDDEN**
09:44:06.051    Disk 0 statistics 11349336/0/0 @ 1102.38 MB/s
09:44:06.092    Scan finished successfully
09:49:34.034    Disk 0 MBR has been saved successfully to "C:\Users\ASRLAPTOP\Desktop\MBR.dat"
09:49:34.040    The log file has been saved successfully to "C:\Users\ASRLAPTOP\Desktop\aswMBR.txt"
 
 

 



#6 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 06 May 2016 - 04:39 AM

STEP 1
xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Script
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
     
    CloseProcesses:
     
    HKU\S-1-5-21-1087666087-1086935167-1185774660-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
    HKU\S-1-5-21-1087666087-1086935167-1185774660-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
    C:\Program Files\Windows Mail\wab.exe
    Folder: C:\Program Files\Windows Mail
     
    Folder: C:\Users\ASRLAPTOP\AppData\Local\{D2615C72-1542-495E-A663-DA9CEA2161B6}
    2015-04-02 07:41 - 2015-04-02 07:41 - 0000000 _____ () C:\Users\ASRLAPTOP\AppData\Local\{D2615C72-1542-495E-A663-DA9CEA2161B6}
     
    GroupPolicyScripts-x32: Restriction <======= ATTENTION
    URLSearchHook: [S-1-5-21-1087666087-1086935167-1185774660-500_classes] ATTENTION => Default URLSearchHook is missing
    URLSearchHook: [S-1-5-21-1087666087-1086935167-1185774660-501_classes] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1087666087-1086935167-1185774660-1001 -> DefaultScope {97AE6AE4-7939-4195-B293-042E1F8DC714} URL =
    SearchScopes: HKU\S-1-5-21-1087666087-1086935167-1185774660-1001 -> {97AE6AE4-7939-4195-B293-042E1F8DC714} URL =
    Task: {0D1FB335-5A22-4F71-B88A-3F476C4E853C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {13ACA2E9-03ED-42E4-B557-FFD66304737E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {13EC6497-C176-4393-A836-934F7D4377CB} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {1CACDC8F-2EA7-4E81-9BF4-547F6A10FA71} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {1DB40366-A556-4033-9A5E-CEEDD009ECBF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {36A4A5FE-7F52-4F0E-B07E-710A9FFB97A0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {3A063FE0-282B-4A1D-BEDE-F5F0DFC5B307} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {AFFAAEBA-2A90-4BDB-A7D9-DA8842EFE89A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {B08D9A7E-A4E7-455F-B022-BC6825CFDACB} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {B8C14189-C3D2-4CE3-B612-FFA45D65D08E} - \SpyHunter4Startup -> No File <==== ATTENTION
    Task: {C524E8DC-64AE-460A-9C6A-816AC8904CEE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {857811B3-7A8C-4C96-A051-111A98992408} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {E675C885-D651-4C8D-AAD2-FF1D7A2FC7C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F5356767-A907-4687-8003-5C91C46D6B21} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {FC12279F-ACB8-4102-B2B4-50D4A3A6597B} - \PCDEventLauncher -> No File <==== ATTENTION
    
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    end
    
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.
  • NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
  • Right-click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.
STEP 2
51f8d03670fd5-RogueKiller_icon_Canned_deRogueKiller
  • Download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programs.
  • Right-Click RogueKiller.exe and select Run as administrator to run the program.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the program. Do not fix anything!
  • A log (RKreport.txt) will be open. Attach the log to your next reply.
======================================================

STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.
  • Fixlog.txt
  • RKreport.txt


#7 imdeepster

imdeepster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 May 2016 - 07:53 AM

hi curie, i finished both steps, although in the second step my computer crashed and restarted after which i re ran the roguekill and the scan completed although there is no option as report , it just has remove selected or open report or cancel, I attach the report herewith

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016
Ran by ASRLAPTOP (2016-05-06 17:25:35) Run:1
Running from C:\Users\ASRLAPTOP\Downloads
Loaded Profiles: ASRLAPTOP (Available Profiles: ASRLAPTOP & Administrator & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
 
CloseProcesses:
 
HKU\S-1-5-21-1087666087-1086935167-1185774660-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-1087666087-1086935167-1185774660-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
C:\Program Files\Windows Mail\wab.exe
Folder: C:\Program Files\Windows Mail
 
Folder: C:\Users\ASRLAPTOP\AppData\Local\{D2615C72-1542-495E-A663-DA9CEA2161B6}
2015-04-02 07:41 - 2015-04-02 07:41 - 0000000 _____ () C:\Users\ASRLAPTOP\AppData\Local\{D2615C72-1542-495E-A663-DA9CEA2161B6}
 
GroupPolicyScripts-x32: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-1087666087-1086935167-1185774660-500_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-1087666087-1086935167-1185774660-501_classes] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1087666087-1086935167-1185774660-1001 -> DefaultScope {97AE6AE4-7939-4195-B293-042E1F8DC714} URL =
SearchScopes: HKU\S-1-5-21-1087666087-1086935167-1185774660-1001 -> {97AE6AE4-7939-4195-B293-042E1F8DC714} URL =
Task: {0D1FB335-5A22-4F71-B88A-3F476C4E853C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {13ACA2E9-03ED-42E4-B557-FFD66304737E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {13EC6497-C176-4393-A836-934F7D4377CB} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {1CACDC8F-2EA7-4E81-9BF4-547F6A10FA71} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1DB40366-A556-4033-9A5E-CEEDD009ECBF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {36A4A5FE-7F52-4F0E-B07E-710A9FFB97A0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3A063FE0-282B-4A1D-BEDE-F5F0DFC5B307} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AFFAAEBA-2A90-4BDB-A7D9-DA8842EFE89A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B08D9A7E-A4E7-455F-B022-BC6825CFDACB} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {B8C14189-C3D2-4CE3-B612-FFA45D65D08E} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {C524E8DC-64AE-460A-9C6A-816AC8904CEE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {857811B3-7A8C-4C96-A051-111A98992408} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E675C885-D651-4C8D-AAD2-FF1D7A2FC7C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F5356767-A907-4687-8003-5C91C46D6B21} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FC12279F-ACB8-4102-B2B4-50D4A3A6597B} - \PCDEventLauncher -> No File <==== ATTENTION
 
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1087666087-1086935167-1185774660-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate => value not found.
HKU\S-1-5-21-1087666087-1086935167-1185774660-501\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate => value not found.
C:\Program Files\Windows Mail\wab.exe => moved successfully
 
========================= Folder: C:\Program Files\Windows Mail ========================
 
2015-10-30 12:49 - 2015-10-30 12:49 - 2206720 _____ (Microsoft Corporation) C:\Program Files\Windows Mail\msoe.dll
2015-10-30 12:49 - 2015-10-30 12:49 - 2487808 _____ (Microsoft Corporation) C:\Program Files\Windows Mail\MSOERES.dll
2015-10-30 12:49 - 2015-10-30 12:49 - 0067584 _____ (Microsoft Corporation) C:\Program Files\Windows Mail\oeimport.dll
2015-10-30 12:47 - 2015-10-30 12:47 - 0050688 _____ (Microsoft Corporation) C:\Program Files\Windows Mail\wabimp.dll
2015-10-30 12:47 - 2015-10-30 12:47 - 0068608 _____ (Microsoft Corporation) C:\Program Files\Windows Mail\wabmig.exe
2015-10-30 12:49 - 2015-10-30 12:49 - 0416256 ___SH (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
2015-10-30 14:32 - 2015-10-30 14:32 - 0000000 ____D () C:\Program Files\Windows Mail\en-US
2015-10-30 14:31 - 2015-10-30 14:31 - 0500224 _____ (Microsoft Corporation) C:\Program Files\Windows Mail\en-US\msoeres.dll.mui
2015-10-30 14:31 - 2015-10-30 14:31 - 0006656 _____ (Microsoft Corporation) C:\Program Files\Windows Mail\en-US\WinMail.exe.mui
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\ASRLAPTOP\AppData\Local\{D2615C72-1542-495E-A663-DA9CEA2161B6} ========================
 
C:\Users\ASRLAPTOP\AppData\Local\{D2615C72-1542-495E-A663-DA9CEA2161B6} => File
 
====== End of Folder: ======
 
C:\Users\ASRLAPTOP\AppData\Local\{D2615C72-1542-495E-A663-DA9CEA2161B6} => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1087666087-1086935167-1185774660-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1087666087-1086935167-1185774660-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97AE6AE4-7939-4195-B293-042E1F8DC714}" => key removed successfully
HKCR\CLSID\{97AE6AE4-7939-4195-B293-042E1F8DC714} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D1FB335-5A22-4F71-B88A-3F476C4E853C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D1FB335-5A22-4F71-B88A-3F476C4E853C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13ACA2E9-03ED-42E4-B557-FFD66304737E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13ACA2E9-03ED-42E4-B557-FFD66304737E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13EC6497-C176-4393-A836-934F7D4377CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13EC6497-C176-4393-A836-934F7D4377CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CACDC8F-2EA7-4E81-9BF4-547F6A10FA71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CACDC8F-2EA7-4E81-9BF4-547F6A10FA71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DB40366-A556-4033-9A5E-CEEDD009ECBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB40366-A556-4033-9A5E-CEEDD009ECBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36A4A5FE-7F52-4F0E-B07E-710A9FFB97A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A4A5FE-7F52-4F0E-B07E-710A9FFB97A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A063FE0-282B-4A1D-BEDE-F5F0DFC5B307}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A063FE0-282B-4A1D-BEDE-F5F0DFC5B307}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFFAAEBA-2A90-4BDB-A7D9-DA8842EFE89A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFFAAEBA-2A90-4BDB-A7D9-DA8842EFE89A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B08D9A7E-A4E7-455F-B022-BC6825CFDACB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B08D9A7E-A4E7-455F-B022-BC6825CFDACB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8C14189-C3D2-4CE3-B612-FFA45D65D08E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8C14189-C3D2-4CE3-B612-FFA45D65D08E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C524E8DC-64AE-460A-9C6A-816AC8904CEE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C524E8DC-64AE-460A-9C6A-816AC8904CEE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{857811B3-7A8C-4C96-A051-111A98992408}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{857811B3-7A8C-4C96-A051-111A98992408}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E675C885-D651-4C8D-AAD2-FF1D7A2FC7C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E675C885-D651-4C8D-AAD2-FF1D7A2FC7C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5356767-A907-4687-8003-5C91C46D6B21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5356767-A907-4687-8003-5C91C46D6B21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC12279F-ACB8-4102-B2B4-50D4A3A6597B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC12279F-ACB8-4102-B2B4-50D4A3A6597B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncher" => key removed successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 239.4 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:26:58 ====
 
 
RogueKiller V12.1.5.0 (x64) [May  2 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : ASRLAPTOP [Administrator]
Started from : C:\Users\ASRLAPTOP\Downloads\RogueKillerX64 (1).exe
Mode : Scan -- Date : 05/06/2016 18:18:06
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gkernel (\??\C:\Users\ASRLAP~1\AppData\Local\Temp\gkernel.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gkernel (\??\C:\Users\ASRLAP~1\AppData\Local\Temp\gkernel.sys) -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVT-75A1YT0 +++++
--- User ---
[MBR] 3b556d3cc0695e927dc761baf64fff78
[BSP] 8c1ca573eb1747f6395ba79e9b18af3a : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
4 - Basic data partition | Offset (sectors): 2394112 | Size: 944963 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1937678336 | Size: 451 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1938601984 | Size: 7285 MB
User = LL1 ... OK
User = LL2 ... OK
 


#8 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 07 May 2016 - 12:45 AM

STEP 1
xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    RestoreQuarantine: C:\FRST\Quarantine\C\Program Files\Windows Mail\wab.exe
    CMD: ipconfig /flushdns
    end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.

 

STEP 2
ypeNg1J.png Panda USB Vaccine

  • Please download Panda USB Vaccine and save the file to your Desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated. 
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

 

======================================================
 
STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.

  • Fixlog.txt
  • Did you successfully vaccinate your computer?
  • Do you have any USB drives or other removable drives that came into contact with your system since the infection? Please collect them and tell me how many there are.

Edited by Curie, 07 May 2016 - 12:46 AM.


#9 imdeepster

imdeepster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 07 May 2016 - 03:59 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
Ran by ASRLAPTOP (2016-05-07 14:24:53) Run:2
Running from C:\Users\ASRLAPTOP\Downloads
Loaded Profiles: ASRLAPTOP (Available Profiles: ASRLAPTOP & Administrator & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
RestoreQuarantine: C:\FRST\Quarantine\C\Program Files\Windows Mail\wab.exe
CMD: ipconfig /flushdns
end
*****************
 
Restore point was successfully created.
"C:\FRST\Quarantine\C\Program Files\Windows Mail\wab.exe"=> path not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:24:54 ====
 
 
 
The Green tick was activated.
 
Also, my antivirus has been cautioning me about the use for FRST as a virus, i had to stop antivirus and use it each time. So, is it a problem?
 
I have used 2 Hard Disks before knowing about this infection but after using the infected USB.


#10 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 08 May 2016 - 01:20 AM

Also, my antivirus has been cautioning me about the use for FRST as a virus, i had to stop antivirus and use it each time. So, is it a problem?

 

 

Disabling the antivirus temporarily is correct. Just take care to turn it back on afterwards. Our tools get sometimes false positive detections, because malware removal software tends to look like malware for other antivirus software.

 

STEP 1

nSymGHK.png Folder Options 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     

STEP 2
nQPbWA9.png USBFix Research

  • Please download USBFix and save the file to your Desktop.
  • Note: The website is in Spanish. Click Descagar to download. 
  • Right-click USBFix and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Options. Place a checkmark next to Listing + and click Apply.
  • Hold the Shift key on your keyboard and insert the affected removable drive into your computer.
  • Click Research
  • A log (C:\UsbFix [Scan 1] username.txt) will be created. Copy the contents of the log and paste in your next reply.
  • Note: username corresponds to the username of your current profile.

STEP 3
nQPbWA9.png USBFix Listing

  • Ensure the affected USB is still inserted in your computer.
  • Click Listing
  • A log (C:\UsbFix [Listing 1] username.txt) will be created. Copy the contents of the log and paste in your next reply.
  • Note: username corresponds to the username of your current profile.

Repeat the steps 2-3 for every other removable drive that needs to be checked.

 

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs.

  • C:\UsbFix [Scan 1] username.txt
  • C:\UsbFix [Listing 1] username.txt

Edited by Curie, 08 May 2016 - 01:21 AM.


#11 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 14 May 2016 - 11:45 PM

Hello imdeepster,
 
I have not heard back from you in a week.

  • Do you still require help?
  • If you require additional time to complete my instructions, please let me know.
  • If after 48 hours you have not replied to this thread it will have to be closed.
     



#12 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 18 May 2016 - 12:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users