Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack.AutoConfigURL.PrxySvrRST forcing proxy http://ɴ.net/server.pac


  • This topic is locked This topic is locked
21 replies to this topic

#1 doryon

doryon

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 10 May 2016 - 01:55 PM

Hi everyone,

I'm having trouble with this infection.

I've tried several methods already, installed Malwarebytes, removing and reinstalling Google Chrome and it keeps coming back!

 

It's replacing the real Google Search with a fake one, that I identified because the old Google logo and weird fonts and ads in the fake search results. I'm not sure what else it might be faking or doing with my internet traffic.

 

Please help!!!

 

Here are my logs:

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by doryo (administrator) on HARLEY (10-05-2016 15:44:26)
Running from C:\Users\doryo\Desktop
Loaded Profiles: doryo (Available Profiles: doryo)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\OUTLOOK.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\POWERPNT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2015-09-21] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-04-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-4099605528-3097000740-2024150600-1001\...\Run: [AdobeBridge] => [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://xn--koa.net/server.pac
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.2.1
Tcpip\..\Interfaces\{6b2d9f93-b102-47c4-97ca-2a86228c4488}: [DhcpNameServer] 192.168.1.1 192.168.2.1
 
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-09]
CHR Extension: (Google Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-09]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-09]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-09]
CHR Extension: (Google Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-09]
CHR Extension: (Earthy) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-09]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-09-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-04-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [297744 2016-02-20] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-09-21] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-08] ()
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-02-10] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-10 15:44 - 2016-05-10 15:44 - 00016269 _____ C:\Users\doryo\Desktop\FRST.txt
2016-05-10 15:43 - 2016-05-10 15:43 - 02381312 _____ (Farbar) C:\Users\doryo\Desktop\FRST64.exe
2016-05-10 10:41 - 2016-05-10 10:41 - 00000000 ____D C:\ProgramData\Synaptics
2016-05-09 22:00 - 2016-05-09 22:00 - 00010697 _____ C:\Users\doryo\Desktop\IIBB JAZ ABRIL 2016.xlsx
2016-05-09 22:00 - 2016-05-09 22:00 - 00000000 ____D C:\Users\doryo\Documents\Custom Office Templates
2016-05-09 21:50 - 2016-05-09 21:50 - 00010691 _____ C:\Users\doryo\Desktop\IIBB JAZ MARZO 2016.xlsx
2016-05-09 10:50 - 2016-05-10 14:55 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-09 10:50 - 2016-05-10 10:55 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-09 10:50 - 2016-05-09 10:50 - 00004170 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-09 10:50 - 2016-05-09 10:50 - 00003938 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-09 10:50 - 2016-05-09 10:50 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-09 10:50 - 2016-05-09 10:50 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-09 10:49 - 2016-05-09 10:50 - 00987728 _____ (Google Inc.) C:\Users\doryo\Downloads\ChromeSetup.exe
2016-05-08 10:26 - 2016-05-08 19:26 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-08 10:26 - 2016-05-08 10:44 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-08 10:24 - 2016-05-08 10:24 - 00003180 _____ C:\Windows\System32\Tasks\AVG-SSU_0516avz
2016-05-07 03:56 - 2016-05-08 19:25 - 00000000 ____D C:\AdwCleaner
2016-05-07 03:44 - 2016-05-07 04:04 - 47116504 _____ (Microsoft Corporation) C:\Users\doryo\Downloads\Windows-KB890830-x64-V5.35.exe
2016-05-07 03:28 - 2016-05-10 15:44 - 00000000 ____D C:\FRST
2016-05-07 03:16 - 2016-05-08 19:14 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-07 03:15 - 2016-05-07 03:15 - 00000000 ____D C:\Windows\pss
2016-05-06 17:45 - 2016-05-10 14:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-06 17:45 - 2016-05-06 17:45 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-06 17:45 - 2016-05-06 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-06 17:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-06 17:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-06 17:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-06 16:19 - 2016-05-06 17:08 - 00000000 ____D C:\Users\doryo\AppData\Local\CrashDumps
2016-05-06 11:26 - 2016-05-06 17:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-06 11:25 - 2016-05-06 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-06 11:25 - 2016-05-06 11:26 - 00000000 ____D C:\Users\doryo\AppData\Roaming\Malwarebytes
2016-05-06 10:34 - 2016-05-06 16:44 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-05-06 10:34 - 2016-05-06 16:44 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-05-06 10:34 - 2016-05-06 10:36 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-05-05 10:53 - 2016-05-06 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-05-05 10:53 - 2016-05-06 17:12 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-05-05 10:53 - 2016-05-05 11:28 - 00000000 ____D C:\Users\doryo\AppData\Roaming\FileZilla
2016-05-05 10:05 - 2016-05-05 10:05 - 00000132 _____ C:\Users\doryo\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-05-04 15:46 - 2016-05-04 15:46 - 00000000 ____D C:\Users\doryo\AppData\Roaming\ACD Systems
2016-05-04 15:45 - 2016-05-06 17:11 - 00000000 ____D C:\ProgramData\ACD Systems
2016-05-04 15:45 - 2016-05-06 17:06 - 00000000 ____D C:\Users\doryo\AppData\Local\ACD Systems
2016-05-04 15:44 - 2016-05-06 17:11 - 00000000 ____D C:\Users\doryo\AppData\Local\Downloaded Installations
2016-05-04 14:28 - 2016-05-04 14:28 - 00000000 ____D C:\Users\doryo\AppData\LocalLow\Temp
2016-05-02 13:21 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-02 13:15 - 2016-05-02 13:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-05-02 13:15 - 2016-05-02 13:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-05-02 12:05 - 2016-05-02 12:06 - 00019170 _____ C:\Windows\ntbtlog.txt
2016-05-02 10:05 - 2016-05-10 15:40 - 00000000 ____D C:\Users\doryo\Documents\Outlook Files
2016-05-02 09:43 - 2016-05-02 09:43 - 00000000 ____D C:\Users\doryo\Tracing
2016-05-02 09:41 - 2016-05-10 15:37 - 00000000 ____D C:\Users\doryo\AppData\Roaming\Skype
2016-05-02 09:40 - 2016-05-06 17:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-02 09:40 - 2016-05-06 17:11 - 00000000 ____D C:\ProgramData\Skype
2016-05-02 09:40 - 2016-05-02 09:40 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-02 09:40 - 2016-05-02 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-02 09:17 - 2016-05-02 09:17 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-02 09:16 - 2016-05-02 09:16 - 00001619 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-02 09:16 - 2016-05-02 09:16 - 00001607 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-05-02 09:12 - 2016-05-02 09:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-02 09:12 - 2016-05-02 09:12 - 00002096 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-05-02 09:08 - 2016-05-02 09:13 - 00000000 ____D C:\Users\doryo\AppData\LocalLow\Adobe
2016-05-01 12:34 - 2016-05-06 17:11 - 00000000 ____D C:\Users\doryo\AppData\Roaming\PowerISO
2016-05-01 12:24 - 2016-05-01 12:24 - 00003652 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-doryon2004@outlook.com
2016-05-01 12:23 - 2016-05-01 12:23 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2016-05-01 12:23 - 2016-05-01 12:23 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-01 12:22 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files\Adobe
2016-05-01 12:22 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-01 12:22 - 2016-05-01 12:22 - 00001600 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-05-01 12:22 - 2016-05-01 12:22 - 00001430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-05-01 12:22 - 2016-05-01 12:22 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-05-01 12:21 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-01 12:20 - 2016-05-01 12:20 - 00000000 ____D C:\Users\doryo\AppData\Roaming\Macromedia
2016-05-01 12:19 - 2016-05-10 08:47 - 00000000 ____D C:\Users\doryo\AppData\Local\Adobe
2016-05-01 12:19 - 2016-05-06 17:11 - 00000000 ____D C:\ProgramData\Adobe
2016-05-01 12:11 - 2016-05-01 12:11 - 00017744 _____ C:\Windows\system32\results.xml
2016-05-01 12:10 - 2016-05-01 12:10 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2016-05-01 12:10 - 2016-05-01 12:10 - 00000716 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-05-01 12:01 - 2012-06-10 18:43 - 00024280 _____ (Sony Corporation) C:\Windows\system32\Drivers\sows.sys
2016-05-01 11:53 - 2016-05-06 17:11 - 00000000 ____D C:\ProgramData\Sony Corporation
2016-05-01 11:53 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files\DIFX
2016-05-01 11:53 - 2016-05-01 12:01 - 00000023 _____ C:\Windows\Model.txt
2016-05-01 11:53 - 2012-07-11 04:33 - 00014336 _____ (Sony Corporation) C:\Windows\system32\Drivers\SFEP.sys
2016-05-01 08:13 - 2016-05-01 08:13 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-04-30 19:06 - 2016-04-30 19:06 - 00002427 _____ C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 14 Suite.lnk
2016-04-30 19:06 - 2016-04-30 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 14 Suite
2016-04-30 19:06 - 2016-04-30 19:06 - 00000000 ____D C:\ProgramData\launcher
2016-04-30 19:06 - 2016-04-30 19:06 - 00000000 ____D C:\ProgramData\explauncher
2016-04-30 19:05 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files\Paragon Software
2016-04-30 13:45 - 2016-05-06 17:17 - 00003808 _____ C:\Windows\System32\Tasks\AutoKMS
2016-04-30 13:44 - 2016-05-07 03:12 - 00000000 ____D C:\Windows\AutoKMS
2016-04-30 13:44 - 2016-04-30 13:44 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-04-30 13:42 - 2016-04-30 13:42 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00002662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-04-30 13:42 - 2016-04-30 13:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-04-30 13:41 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-04-30 13:41 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-04-30 13:41 - 2016-04-30 13:41 - 00000000 ____D C:\Windows\PCHEALTH
2016-04-30 13:41 - 2016-04-30 13:41 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-04-30 13:38 - 2016-05-06 17:11 - 00000000 __RHD C:\MSOCache
2016-04-30 13:38 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files\Microsoft Office
2016-04-30 13:38 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-04-30 13:38 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-30 13:38 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-04-30 13:37 - 2016-04-30 13:37 - 00000000 ____D C:\Users\doryo\AppData\Roaming\WinRAR
2016-04-30 13:36 - 2016-05-06 17:12 - 00000000 ____D C:\Program Files\WinRAR
2016-04-30 13:36 - 2016-04-30 13:36 - 00000000 ____D C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-30 13:36 - 2016-04-30 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-30 11:51 - 2016-05-08 18:47 - 00000000 ____D C:\Users\doryo\AppData\Roaming\uTorrent
2016-04-30 11:21 - 2016-04-30 11:21 - 00000000 ____D C:\Users\doryo\AppData\Local\Microsoft Help
2016-04-30 11:20 - 2016-04-30 11:23 - 00003512 _____ C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler
2016-04-30 09:59 - 2016-04-30 09:59 - 00000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2016-04-30 09:58 - 2016-04-30 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-04-30 09:58 - 2016-04-30 09:59 - 00000000 ____D C:\Program Files\CPUID
2016-04-30 09:58 - 2016-04-30 09:58 - 00000914 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-04-30 09:57 - 2016-04-30 09:57 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-30 09:57 - 2016-04-30 09:57 - 00001278 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2016-04-30 09:57 - 2016-04-30 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-04-30 09:57 - 2016-04-30 09:57 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-04-30 09:57 - 2015-12-18 06:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2016-04-30 09:57 - 2015-12-18 06:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll
2016-04-30 09:57 - 2015-12-18 06:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2016-04-30 09:57 - 2015-12-18 06:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-04-30 09:57 - 2015-10-24 13:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2016-04-30 09:57 - 2015-02-28 12:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2016-04-30 09:57 - 2015-02-28 12:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2016-04-30 09:57 - 2012-07-21 07:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2016-04-30 09:57 - 2012-07-21 07:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2016-04-30 09:57 - 2011-12-07 14:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2016-04-30 09:57 - 2011-12-07 14:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2016-04-30 09:51 - 2016-04-30 09:51 - 00000000 ____D C:\Users\doryo\AppData\Local\ElevatedDiagnostics
2016-04-30 09:43 - 2016-05-07 03:55 - 00000000 ____D C:\00000 nuevos installs
2016-04-30 09:43 - 2016-04-30 09:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-04-30 08:15 - 2016-05-09 11:29 - 00000000 ____D C:\Users\doryo\AppData\Local\Google
2016-04-30 08:15 - 2016-05-09 10:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-30 08:11 - 2016-04-30 08:11 - 00000000 ___HD C:\$AVG
2016-04-30 08:11 - 2016-04-30 08:11 - 00000000 ____D C:\Users\doryo\AppData\Roaming\TuneUp Software
2016-04-30 08:11 - 2016-04-30 08:11 - 00000000 ____D C:\Users\doryo\AppData\Roaming\AVG
2016-04-30 08:11 - 2016-04-30 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-30 08:10 - 2016-05-10 08:44 - 00000000 ____D C:\ProgramData\MFAData
2016-04-30 08:10 - 2016-04-30 08:10 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-04-30 08:10 - 2016-04-30 08:10 - 00000000 ____D C:\Users\doryo\AppData\Local\MFAData
2016-04-30 08:10 - 2016-04-30 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-04-30 08:09 - 2016-04-30 08:11 - 00000000 ____D C:\ProgramData\Avg
2016-04-30 08:09 - 2016-04-30 08:11 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-30 08:08 - 2016-04-30 08:11 - 00000000 ____D C:\Users\doryo\AppData\Local\Avg
2016-04-30 08:08 - 2016-04-30 08:10 - 00000000 ____D C:\Users\doryo\AppData\Local\AvgSetupLog
2016-04-30 08:08 - 2016-04-30 08:08 - 03079776 _____ (AVG Technologies CZ, s.r.o.) C:\Users\doryo\Downloads\AVG_Protection_Free_698.exe
2016-04-30 08:06 - 2016-04-30 08:06 - 00000000 ____D C:\Users\doryo\AppData\Local\MicrosoftEdge
2016-04-30 02:01 - 2016-04-29 21:05 - 00000000 ____D C:\Windows\Panther
2016-04-29 21:41 - 2016-04-29 21:41 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-29 21:34 - 2016-05-09 11:37 - 00000000 __SHD C:\Users\doryo\IntelGraphicsProfiles
2016-04-29 21:34 - 2016-05-01 12:11 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-04-29 21:31 - 2016-04-22 04:57 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-29 21:28 - 2016-05-08 19:11 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-29 21:28 - 2016-04-29 21:29 - 00000000 ____D C:\Windows\system32\MRT
2016-04-29 21:28 - 2016-04-29 21:28 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-04-29 21:27 - 2016-05-06 17:12 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-04-29 21:27 - 2016-05-06 17:12 - 00000000 ____D C:\Windows\system32\DAX2
2016-04-29 21:27 - 2016-05-06 17:11 - 00000000 ____D C:\Program Files\Realtek
2016-04-29 21:27 - 2016-04-29 21:27 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-04-29 21:26 - 2016-04-02 01:13 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-04-29 21:26 - 2016-04-02 01:10 - 00770640 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2016-04-29 21:26 - 2016-04-02 01:10 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-04-29 21:26 - 2016-04-02 01:10 - 00374008 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-04-29 21:26 - 2016-04-02 00:30 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-04-29 21:26 - 2016-04-02 00:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-04-29 21:26 - 2016-04-02 00:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-04-29 21:26 - 2016-04-02 00:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-04-29 21:26 - 2016-04-02 00:25 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2016-04-29 21:26 - 2016-04-02 00:25 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2016-04-29 21:26 - 2016-04-02 00:23 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-04-29 21:26 - 2016-04-02 00:23 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-04-29 21:26 - 2016-04-02 00:21 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-04-29 21:26 - 2016-04-02 00:19 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-04-29 21:26 - 2016-04-02 00:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-04-29 21:26 - 2016-04-02 00:15 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-04-29 21:26 - 2016-04-02 00:14 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-04-29 21:26 - 2016-04-02 00:09 - 01832448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-04-29 21:26 - 2016-04-02 00:08 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-04-29 21:26 - 2016-04-02 00:07 - 03575296 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-29 21:26 - 2016-04-02 00:07 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-04-29 21:26 - 2016-04-02 00:03 - 04774912 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-04-29 21:26 - 2016-04-02 00:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-04-29 21:26 - 2016-03-29 07:23 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-04-29 21:26 - 2016-03-29 07:22 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-29 21:26 - 2016-03-29 07:22 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-04-29 21:26 - 2016-03-29 07:20 - 07474016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-29 21:26 - 2016-03-29 07:20 - 02656952 _____ C:\Windows\system32\CoreUIComponents.dll
2016-04-29 21:26 - 2016-03-29 07:20 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-29 21:26 - 2016-03-29 07:20 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-04-29 21:26 - 2016-03-29 07:18 - 02152280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-04-29 21:26 - 2016-03-29 07:15 - 00100232 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2016-04-29 21:26 - 2016-03-29 07:11 - 00686976 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-04-29 21:26 - 2016-03-29 07:05 - 01152864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-29 21:26 - 2016-03-29 07:02 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-04-29 21:26 - 2016-03-29 07:02 - 00334736 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-04-29 21:26 - 2016-03-29 06:56 - 01297752 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-04-29 21:26 - 2016-03-29 06:37 - 01862008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-04-29 21:26 - 2016-03-29 06:28 - 00696664 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-04-29 21:26 - 2016-03-29 06:28 - 00535080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-04-29 21:26 - 2016-03-29 06:28 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-04-29 21:26 - 2016-03-29 06:25 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-04-29 21:26 - 2016-03-29 06:25 - 00058400 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-04-29 21:26 - 2016-03-29 06:19 - 00296488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-04-29 21:26 - 2016-03-29 06:18 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-04-29 21:26 - 2016-03-29 06:17 - 00300104 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-04-29 21:26 - 2016-03-29 06:13 - 00986976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-04-29 21:26 - 2016-03-29 06:11 - 00605440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-29 21:26 - 2016-03-29 06:11 - 00074424 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2016-04-29 21:26 - 2016-03-29 06:10 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2016-04-29 21:26 - 2016-03-29 06:09 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2016-04-29 21:26 - 2016-03-29 06:08 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-29 21:26 - 2016-03-29 06:08 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2016-04-29 21:26 - 2016-03-29 06:07 - 00081144 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-04-29 21:26 - 2016-03-29 05:44 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-04-29 21:26 - 2016-03-29 05:44 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-04-29 21:26 - 2016-03-29 05:41 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-04-29 21:26 - 2016-03-29 05:41 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-04-29 21:26 - 2016-03-29 05:32 - 00253088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-04-29 21:26 - 2016-03-29 05:26 - 02403680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-04-29 21:26 - 2016-03-29 05:26 - 01089888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-04-29 21:26 - 2016-03-29 05:26 - 00073872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2016-04-29 21:26 - 2016-03-29 05:25 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2016-04-29 21:26 - 2016-03-29 05:24 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-29 21:26 - 2016-03-29 05:23 - 00069744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2016-04-29 21:26 - 2016-03-29 05:21 - 00378208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-04-29 21:26 - 2016-03-29 05:17 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-04-29 21:26 - 2016-03-29 05:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys
2016-04-29 21:26 - 2016-03-29 05:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2016-04-29 21:26 - 2016-03-29 05:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2016-04-29 21:26 - 2016-03-29 05:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-29 21:26 - 2016-03-29 05:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2016-04-29 21:26 - 2016-03-29 05:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2016-04-29 21:26 - 2016-03-29 05:06 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-29 21:26 - 2016-03-29 05:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\oleacchooks.dll
2016-04-29 21:26 - 2016-03-29 05:02 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-29 21:26 - 2016-03-29 05:01 - 00541304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-04-29 21:26 - 2016-03-29 05:00 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2016-04-29 21:26 - 2016-03-29 05:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2016-04-29 21:26 - 2016-03-29 05:00 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-04-29 21:26 - 2016-03-29 04:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2016-04-29 21:26 - 2016-03-29 04:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-04-29 21:26 - 2016-03-29 04:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-29 21:26 - 2016-03-29 04:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-04-29 21:26 - 2016-03-29 04:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-29 21:26 - 2016-03-29 04:57 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-04-29 21:26 - 2016-03-29 04:57 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-04-29 21:26 - 2016-03-29 04:55 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-04-29 21:26 - 2016-03-29 04:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-04-29 21:26 - 2016-03-29 04:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2016-04-29 21:26 - 2016-03-29 04:54 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-29 21:26 - 2016-03-29 04:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-04-29 21:26 - 2016-03-29 04:53 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2016-04-29 21:26 - 2016-03-29 04:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2016-04-29 21:26 - 2016-03-29 04:51 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2016-04-29 21:26 - 2016-03-29 04:51 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-04-29 21:26 - 2016-03-29 04:51 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2016-04-29 21:26 - 2016-03-29 04:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-04-29 21:26 - 2016-03-29 04:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-04-29 21:26 - 2016-03-29 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-04-29 21:26 - 2016-03-29 04:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2016-04-29 21:26 - 2016-03-29 04:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2016-04-29 21:26 - 2016-03-29 04:49 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthLEEnum.sys
2016-04-29 21:26 - 2016-03-29 04:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-04-29 21:26 - 2016-03-29 04:48 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2016-04-29 21:26 - 2016-03-29 04:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-04-29 21:26 - 2016-03-29 04:46 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-29 21:26 - 2016-03-29 04:46 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-04-29 21:26 - 2016-03-29 04:44 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2016-04-29 21:26 - 2016-03-29 04:42 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-04-29 21:26 - 2016-03-29 04:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-04-29 21:26 - 2016-03-29 04:38 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-04-29 21:26 - 2016-03-29 04:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-04-29 21:26 - 2016-03-29 04:36 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-04-29 21:26 - 2016-03-29 04:36 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-04-29 21:26 - 2016-03-29 04:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2016-04-29 21:26 - 2016-03-29 04:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2016-04-29 21:26 - 2016-03-29 04:34 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-04-29 21:26 - 2016-03-29 04:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-04-29 21:26 - 2016-03-29 04:34 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-29 21:26 - 2016-03-29 04:34 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-04-29 21:26 - 2016-03-29 04:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-04-29 21:26 - 2016-03-29 04:32 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-04-29 21:26 - 2016-03-29 04:32 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-04-29 21:26 - 2016-03-29 04:30 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-04-29 21:26 - 2016-03-29 04:30 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-29 21:26 - 2016-03-29 04:28 - 00460288 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-04-29 21:26 - 2016-03-29 04:27 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-04-29 21:26 - 2016-03-29 04:26 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-04-29 21:26 - 2016-03-29 04:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2016-04-29 21:26 - 2016-03-29 04:23 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-04-29 21:26 - 2016-03-29 04:23 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-04-29 21:26 - 2016-03-29 04:22 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2016-04-29 21:26 - 2016-03-29 04:21 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-29 21:26 - 2016-03-29 04:20 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-04-29 21:26 - 2016-03-29 04:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-04-29 21:26 - 2016-03-29 04:20 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2016-04-29 21:26 - 2016-03-29 04:20 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2016-04-29 21:26 - 2016-03-29 04:19 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-04-29 21:26 - 2016-03-29 04:19 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-29 21:26 - 2016-03-29 04:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacchooks.dll
2016-04-29 21:26 - 2016-03-29 04:18 - 00676352 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-04-29 21:26 - 2016-03-29 04:17 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-04-29 21:26 - 2016-03-29 04:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-29 21:26 - 2016-03-29 04:17 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-04-29 21:26 - 2016-03-29 04:16 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-04-29 21:26 - 2016-03-29 04:16 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-29 21:26 - 2016-03-29 04:15 - 01714688 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-04-29 21:26 - 2016-03-29 04:15 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-29 21:26 - 2016-03-29 04:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-04-29 21:26 - 2016-03-29 04:14 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-04-29 21:26 - 2016-03-29 04:14 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-04-29 21:26 - 2016-03-29 04:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-04-29 21:26 - 2016-03-29 04:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-04-29 21:26 - 2016-03-29 04:12 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-04-29 21:26 - 2016-03-29 04:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-04-29 21:26 - 2016-03-29 04:12 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-29 21:26 - 2016-03-29 04:11 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-04-29 21:26 - 2016-03-29 04:11 - 00881664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-04-29 21:26 - 2016-03-29 04:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-04-29 21:26 - 2016-03-29 04:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-29 21:26 - 2016-03-29 04:11 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-04-29 21:26 - 2016-03-29 04:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2016-04-29 21:26 - 2016-03-29 04:10 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-04-29 21:26 - 2016-03-29 04:10 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-04-29 21:26 - 2016-03-29 04:09 - 01239552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-04-29 21:26 - 2016-03-29 04:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-04-29 21:26 - 2016-03-29 04:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2016-04-29 21:26 - 2016-03-29 04:08 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-04-29 21:26 - 2016-03-29 04:08 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-04-29 21:26 - 2016-03-29 04:08 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-29 21:26 - 2016-03-29 04:07 - 01902592 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-29 21:26 - 2016-03-29 04:07 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-04-29 21:26 - 2016-03-29 04:06 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-04-29 21:26 - 2016-03-29 04:06 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-29 21:26 - 2016-03-29 04:06 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2016-04-29 21:26 - 2016-03-29 04:05 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-04-29 21:26 - 2016-03-29 04:05 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-29 21:26 - 2016-03-29 04:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2016-04-29 21:26 - 2016-03-29 04:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-04-29 21:26 - 2016-03-29 04:02 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-04-29 21:26 - 2016-03-29 04:02 - 01211904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2016-04-29 21:26 - 2016-03-29 04:02 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-29 21:26 - 2016-03-29 04:00 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-04-29 21:26 - 2016-03-29 04:00 - 00235008 _____ C:\Windows\system32\MTF.dll
2016-04-29 21:26 - 2016-03-29 04:00 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-29 21:26 - 2016-03-29 04:00 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-04-29 21:26 - 2016-03-29 03:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-29 21:26 - 2016-03-29 03:59 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-04-29 21:26 - 2016-03-29 03:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-04-29 21:26 - 2016-03-29 03:56 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-04-29 21:26 - 2016-03-29 03:56 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-04-29 21:26 - 2016-03-29 03:55 - 01052160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-04-29 21:26 - 2016-03-29 03:53 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-04-29 21:26 - 2016-03-29 03:53 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2016-04-29 21:26 - 2016-03-29 03:52 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-04-29 21:26 - 2016-03-29 03:52 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2016-04-29 21:26 - 2016-03-29 03:49 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2016-04-29 21:26 - 2016-03-29 03:48 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-04-29 21:26 - 2016-03-29 03:44 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-04-29 21:26 - 2016-03-29 03:43 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AccountsRt.dll
2016-04-29 21:26 - 2016-03-29 03:42 - 03592704 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-04-29 21:26 - 2016-03-29 03:42 - 01410560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-04-29 21:26 - 2016-03-29 03:42 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-29 21:26 - 2016-03-29 03:41 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-04-29 21:26 - 2016-03-29 03:40 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-04-29 21:26 - 2016-03-29 03:39 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-04-29 21:26 - 2016-03-29 03:39 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-29 21:26 - 2016-03-29 03:39 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-04-29 21:26 - 2016-03-29 03:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-04-29 21:26 - 2016-03-29 03:37 - 01444352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-04-29 21:26 - 2016-03-29 03:37 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-04-29 21:26 - 2016-03-29 03:37 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-29 21:26 - 2016-03-29 03:36 - 03351040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-29 21:26 - 2016-03-29 03:36 - 00649728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-29 21:26 - 2016-03-29 03:35 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-04-29 21:26 - 2016-03-29 03:34 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-04-29 21:26 - 2016-03-29 03:34 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-04-29 21:26 - 2016-03-29 03:34 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-29 21:26 - 2016-03-29 03:34 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-04-29 21:26 - 2016-03-29 03:32 - 01731584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-29 21:26 - 2016-03-29 03:32 - 01588224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-29 21:26 - 2016-03-29 03:32 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-04-29 21:26 - 2016-03-29 03:32 - 00854528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-29 21:26 - 2016-03-29 03:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-04-29 21:26 - 2016-03-29 03:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-04-29 21:26 - 2016-03-29 03:32 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-04-29 21:26 - 2016-03-29 03:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2016-04-29 21:26 - 2016-03-29 03:31 - 02275328 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-29 21:26 - 2016-03-29 03:31 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-04-29 21:26 - 2016-03-29 03:31 - 01117184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-04-29 21:26 - 2016-03-29 03:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-29 21:26 - 2016-03-29 03:30 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-04-29 21:26 - 2016-03-29 03:29 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-04-29 21:26 - 2016-03-29 03:29 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-04-29 21:26 - 2016-03-29 03:28 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-04-29 21:26 - 2016-03-29 03:28 - 00764928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2016-04-29 21:26 - 2016-03-29 03:27 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-04-29 21:26 - 2016-03-29 03:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-04-29 21:26 - 2016-03-29 03:27 - 00162816 _____ C:\Windows\SysWOW64\MTF.dll
2016-04-29 21:26 - 2016-03-29 03:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-29 21:26 - 2016-03-29 03:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-04-29 21:26 - 2016-03-29 03:26 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-29 21:26 - 2016-03-29 03:23 - 00777728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-04-29 21:26 - 2016-03-29 03:22 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-04-29 21:26 - 2016-03-29 03:19 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-04-29 21:26 - 2016-03-29 03:17 - 00765952 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-29 21:26 - 2016-03-29 03:14 - 01072128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-04-29 21:26 - 2016-03-29 03:13 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-04-29 21:26 - 2016-03-29 03:10 - 03671040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-29 21:26 - 2016-03-29 03:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-04-29 21:26 - 2016-03-29 03:05 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-04-29 21:26 - 2016-03-29 03:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-04-29 21:26 - 2016-03-29 03:05 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-29 21:26 - 2016-03-29 03:05 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-29 21:26 - 2016-03-29 03:05 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-04-29 21:26 - 2016-03-29 03:05 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-04-29 21:26 - 2016-03-29 03:04 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-29 21:26 - 2016-03-29 03:04 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-04-29 21:26 - 2016-03-29 03:02 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-29 21:26 - 2016-03-29 03:01 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-04-29 21:26 - 2016-03-29 03:01 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-04-29 21:26 - 2016-03-29 03:00 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-04-29 21:26 - 2016-03-29 02:58 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-04-29 21:26 - 2016-03-29 02:56 - 16985600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-04-29 21:26 - 2016-03-29 02:52 - 11545600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-04-29 21:26 - 2016-03-29 02:51 - 22378496 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-04-29 21:26 - 2016-03-29 02:51 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-04-29 21:26 - 2016-03-29 02:49 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-04-29 21:26 - 2016-03-29 02:45 - 03078144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-04-29 21:26 - 2016-03-29 02:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2016-04-29 21:26 - 2016-03-29 02:43 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-04-29 21:26 - 2016-03-29 02:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-29 21:26 - 2016-03-29 02:41 - 24602112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-29 21:26 - 2016-03-29 02:41 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-29 21:26 - 2016-03-29 02:39 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-29 21:26 - 2016-03-29 02:38 - 18673664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-04-29 21:26 - 2016-03-29 02:38 - 02798080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-04-29 21:26 - 2016-03-29 02:37 - 19340800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-29 21:26 - 2016-03-29 02:36 - 02722816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-04-29 21:26 - 2016-03-29 02:35 - 00821248 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2016-04-29 21:26 - 2016-03-29 02:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-04-29 21:26 - 2016-03-29 02:27 - 07836160 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-04-29 21:26 - 2016-03-29 02:27 - 05662208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-04-29 21:26 - 2016-03-29 02:27 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-04-29 21:26 - 2016-03-29 02:26 - 00958976 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-04-29 21:26 - 2016-03-29 02:26 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-04-29 21:26 - 2016-03-29 02:25 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-04-29 21:26 - 2016-03-29 02:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-04-29 21:26 - 2016-03-29 02:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-29 21:26 - 2016-03-01 02:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-04-29 21:26 - 2016-03-01 02:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-04-29 21:26 - 2016-02-24 06:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-29 21:26 - 2016-02-24 06:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-29 21:26 - 2016-02-24 06:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-29 21:26 - 2016-02-24 06:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-29 21:26 - 2016-02-24 06:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-04-29 21:26 - 2016-02-24 06:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-04-29 21:26 - 2016-02-24 06:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-29 21:26 - 2016-02-24 05:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-04-29 21:26 - 2016-02-24 05:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-04-29 21:26 - 2016-02-24 05:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-29 21:26 - 2016-02-24 05:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-04-29 21:26 - 2016-02-24 05:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-04-29 21:26 - 2016-02-24 05:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-04-29 21:26 - 2016-02-24 05:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-04-29 21:26 - 2016-02-24 05:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-04-29 21:26 - 2016-02-24 05:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-04-29 21:26 - 2016-02-24 05:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-04-29 21:26 - 2016-02-24 05:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-29 21:26 - 2016-02-24 05:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-04-29 21:26 - 2016-02-24 05:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-04-29 21:26 - 2016-02-24 05:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-04-29 21:26 - 2016-02-24 05:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-04-29 21:26 - 2016-02-24 05:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-04-29 21:26 - 2016-02-24 05:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-04-29 21:26 - 2016-02-24 05:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-04-29 21:26 - 2016-02-24 05:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-04-29 21:26 - 2016-02-24 04:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll
2016-04-29 21:26 - 2016-02-24 04:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll
2016-04-29 21:26 - 2016-02-24 04:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-04-29 21:26 - 2016-02-24 04:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-04-29 21:26 - 2016-02-24 04:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll
2016-04-29 21:26 - 2016-02-24 04:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
2016-04-29 21:26 - 2016-02-24 04:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-04-29 21:26 - 2016-02-24 04:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-04-29 21:26 - 2016-02-24 04:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-04-29 21:26 - 2016-02-24 04:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-04-29 21:26 - 2016-02-24 04:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-04-29 21:26 - 2016-02-24 04:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll
2016-04-29 21:26 - 2016-02-24 04:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-04-29 21:26 - 2016-02-24 04:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll
2016-04-29 21:26 - 2016-02-24 04:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2016-04-29 21:26 - 2016-02-24 04:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2016-04-29 21:26 - 2016-02-24 04:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-04-29 21:26 - 2016-02-24 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-29 21:26 - 2016-02-24 04:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll
2016-04-29 21:26 - 2016-02-24 04:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2016-04-29 21:26 - 2016-02-24 04:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll
2016-04-29 21:26 - 2016-02-24 04:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-04-29 21:26 - 2016-02-24 04:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2016-04-29 21:26 - 2016-02-24 04:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-04-29 21:26 - 2016-02-24 04:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2016-04-29 21:26 - 2016-02-24 04:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-04-29 21:26 - 2016-02-24 04:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-04-29 21:26 - 2016-02-24 04:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-04-29 21:26 - 2016-02-24 04:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-04-29 21:26 - 2016-02-24 04:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-04-29 21:26 - 2016-02-24 04:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-04-29 21:26 - 2016-02-24 03:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-04-29 21:26 - 2016-02-24 03:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-04-29 21:26 - 2016-02-24 03:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-04-29 21:26 - 2016-02-24 03:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-04-29 21:26 - 2016-02-24 03:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-04-29 21:26 - 2016-02-24 03:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-04-29 21:26 - 2016-02-24 03:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-04-29 21:26 - 2016-02-24 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-04-29 21:26 - 2016-02-24 03:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-04-29 21:26 - 2016-02-24 03:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-04-29 21:26 - 2016-02-24 03:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-29 21:26 - 2016-02-24 03:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-04-29 21:26 - 2016-02-24 03:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-04-29 21:26 - 2016-02-24 03:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-04-29 21:26 - 2016-02-24 03:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-29 21:26 - 2016-02-24 03:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-04-29 21:26 - 2016-02-24 03:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-04-29 21:26 - 2016-02-24 03:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-04-29 21:26 - 2016-02-24 03:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-04-29 21:26 - 2016-02-24 03:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-04-29 21:26 - 2016-02-24 03:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-04-29 21:26 - 2016-02-24 03:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-04-29 21:26 - 2016-02-24 03:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-04-29 21:26 - 2016-02-24 03:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-04-29 21:26 - 2016-02-24 03:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-04-29 21:26 - 2016-02-24 03:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-29 21:26 - 2016-02-24 03:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-04-29 21:26 - 2016-02-24 03:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-04-29 21:26 - 2016-02-24 03:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-04-29 21:26 - 2016-02-24 03:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-04-29 21:26 - 2016-02-24 03:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-04-29 21:26 - 2016-02-24 03:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-04-29 21:26 - 2016-02-24 03:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-04-29 21:26 - 2016-02-24 03:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-04-29 21:26 - 2016-02-24 03:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-04-29 21:26 - 2016-02-24 03:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-04-29 21:26 - 2016-02-24 03:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-04-29 21:26 - 2016-02-24 03:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-04-29 21:26 - 2016-02-24 03:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-04-29 21:26 - 2016-02-24 03:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-04-29 21:26 - 2016-02-24 03:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-04-29 21:26 - 2016-02-24 03:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-04-29 21:26 - 2016-02-24 03:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-04-29 21:26 - 2016-02-24 03:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-04-29 21:26 - 2016-02-24 03:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-04-29 21:26 - 2016-02-24 03:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-04-29 21:26 - 2016-02-24 03:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-04-29 21:26 - 2016-02-24 03:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-04-29 21:26 - 2016-02-24 03:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-04-29 21:26 - 2016-02-24 03:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-04-29 21:26 - 2016-02-24 03:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-04-29 21:26 - 2016-02-24 03:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-04-29 21:26 - 2016-02-24 03:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-04-29 21:26 - 2016-02-24 03:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-04-29 21:26 - 2016-02-24 03:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-04-29 21:26 - 2016-02-24 02:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-04-29 21:26 - 2016-02-24 02:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2016-04-29 21:26 - 2016-02-24 02:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-04-29 21:26 - 2016-02-24 02:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-04-29 21:26 - 2016-02-24 02:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-04-29 21:26 - 2016-02-24 02:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-04-29 21:26 - 2016-02-24 02:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-04-29 21:26 - 2016-02-24 02:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-04-29 21:26 - 2016-02-23 08:25 - 01818696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-29 21:26 - 2016-02-23 08:25 - 00563552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2016-04-29 21:26 - 2016-02-23 08:15 - 00779384 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2016-04-29 21:26 - 2016-02-23 07:34 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-29 21:26 - 2016-02-23 07:33 - 00389992 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-04-29 21:26 - 2016-02-23 07:32 - 08705672 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-04-29 21:26 - 2016-02-23 07:32 - 02544264 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-04-29 21:26 - 2016-02-23 07:32 - 01152328 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-04-29 21:26 - 2016-02-23 07:32 - 01062480 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-04-29 21:26 - 2016-02-23 07:32 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-04-29 21:26 - 2016-02-23 07:31 - 01017032 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2016-04-29 21:26 - 2016-02-23 07:31 - 00819648 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-04-29 21:26 - 2016-02-23 07:31 - 00536256 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-04-29 21:26 - 2016-02-23 07:31 - 00476728 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2016-04-29 21:26 - 2016-02-23 07:31 - 00408120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-04-29 21:26 - 2016-02-23 07:25 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-29 21:26 - 2016-02-23 07:22 - 00572272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2016-04-29 21:26 - 2016-02-23 07:21 - 22564328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-04-29 21:26 - 2016-02-23 07:17 - 00146272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-29 21:26 - 2016-02-23 06:45 - 02773096 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-04-29 21:26 - 2016-02-23 06:40 - 00430944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-29 21:26 - 2016-02-23 06:38 - 06952088 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-04-29 21:26 - 2016-02-23 06:38 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-04-29 21:26 - 2016-02-23 06:38 - 00980352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2016-04-29 21:26 - 2016-02-23 06:38 - 00895080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2016-04-29 21:26 - 2016-02-23 06:38 - 00882720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-04-29 21:26 - 2016-02-23 06:38 - 00450912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-04-29 21:26 - 2016-02-23 06:38 - 00420928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2016-04-29 21:26 - 2016-02-23 06:37 - 00713824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-04-29 21:26 - 2016-02-23 06:32 - 00791744 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-29 21:26 - 2016-02-23 06:30 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-29 21:26 - 2016-02-23 06:27 - 21124344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-04-29 21:26 - 2016-02-23 06:27 - 00376536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2016-04-29 21:26 - 2016-02-23 06:25 - 00534368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-04-29 21:26 - 2016-02-23 06:20 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\XblGameSave.dll
2016-04-29 21:26 - 2016-02-23 06:20 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2016-04-29 21:26 - 2016-02-23 06:17 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-04-29 21:26 - 2016-02-23 06:12 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\provpackageapidll.dll
2016-04-29 21:26 - 2016-02-23 06:10 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2016-04-29 21:26 - 2016-02-23 06:07 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-04-29 21:26 - 2016-02-23 06:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2016-04-29 21:26 - 2016-02-23 06:06 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2016-04-29 21:26 - 2016-02-23 06:01 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-04-29 21:26 - 2016-02-23 06:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-04-29 21:26 - 2016-02-23 06:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2016-04-29 21:26 - 2016-02-23 05:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\irmon.dll
2016-04-29 21:26 - 2016-02-23 05:56 - 02186864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-04-29 21:26 - 2016-02-23 05:55 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2016-04-29 21:26 - 2016-02-23 05:53 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2016-04-29 21:26 - 2016-02-23 05:53 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-04-29 21:26 - 2016-02-23 05:52 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-04-29 21:26 - 2016-02-23 05:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-04-29 21:26 - 2016-02-23 05:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerClient.dll
2016-04-29 21:26 - 2016-02-23 05:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll
2016-04-29 21:26 - 2016-02-23 05:39 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-04-29 21:26 - 2016-02-23 05:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2016-04-29 21:26 - 2016-02-23 05:38 - 00287712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2016-04-29 21:26 - 2016-02-23 05:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-04-29 21:26 - 2016-02-23 05:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\QuickActionsDataModel.dll
2016-04-29 21:26 - 2016-02-23 05:34 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\wifiprofilessettinghandler.dll
2016-04-29 21:26 - 2016-02-23 05:34 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-04-29 21:26 - 2016-02-23 05:33 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-04-29 21:26 - 2016-02-23 05:31 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2016-04-29 21:26 - 2016-02-23 05:29 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2016-04-29 21:26 - 2016-02-23 05:28 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-04-29 21:26 - 2016-02-23 05:27 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2016-04-29 21:26 - 2016-02-23 05:26 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-04-29 21:26 - 2016-02-23 05:23 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2016-04-29 21:26 - 2016-02-23 05:22 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2016-04-29 21:26 - 2016-02-23 05:20 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-04-29 21:26 - 2016-02-23 05:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-04-29 21:26 - 2016-02-23 05:20 - 00493568 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-04-29 21:26 - 2016-02-23 05:19 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-04-29 21:26 - 2016-02-23 05:14 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2016-04-29 21:26 - 2016-02-23 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-04-29 21:26 - 2016-02-23 05:10 - 00997376 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-04-29 21:26 - 2016-02-23 05:09 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-04-29 21:26 - 2016-02-23 05:04 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-04-29 21:26 - 2016-02-23 05:04 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-04-29 21:26 - 2016-02-23 05:04 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-04-29 21:26 - 2016-02-23 05:02 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-04-29 21:26 - 2016-02-23 05:02 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-04-29 21:26 - 2016-02-23 05:02 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-29 21:26 - 2016-02-23 04:58 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2016-04-29 21:26 - 2016-02-23 04:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeBrokerClient.dll
2016-04-29 21:26 - 2016-02-23 04:52 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-04-29 21:26 - 2016-02-23 04:50 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2016-04-29 21:26 - 2016-02-23 04:49 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-04-29 21:26 - 2016-02-23 04:48 - 00838144 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2016-04-29 21:26 - 2016-02-23 04:47 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll
2016-04-29 21:26 - 2016-02-23 04:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2016-04-29 21:26 - 2016-02-23 04:37 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-04-29 21:26 - 2016-02-23 04:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-04-29 21:26 - 2016-02-23 04:36 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-04-29 21:26 - 2016-02-23 04:36 - 00379392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-04-29 21:26 - 2016-02-23 04:35 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-04-29 21:26 - 2016-02-23 04:31 - 00585216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2016-04-29 21:26 - 2016-02-23 04:24 - 04827136 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-04-29 21:26 - 2016-02-23 04:24 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-04-29 21:26 - 2016-02-23 04:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-04-29 21:26 - 2016-02-23 04:14 - 00990720 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-04-29 21:26 - 2016-02-23 04:05 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-04-29 21:26 - 2016-02-23 04:01 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-04-29 21:26 - 2016-02-23 03:56 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-04-29 21:26 - 2016-02-23 03:55 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-29 21:26 - 2016-02-23 03:51 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-04-29 21:26 - 2016-02-23 03:41 - 02912256 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-04-29 21:26 - 2016-02-23 03:39 - 02581504 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-04-29 21:26 - 2016-02-23 03:36 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-29 21:26 - 2016-02-23 03:35 - 07533568 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-04-29 21:26 - 2016-02-23 03:33 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-04-29 21:26 - 2016-02-23 03:30 - 02061312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-04-29 21:26 - 2016-02-23 03:28 - 06740992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-04-29 21:26 - 2016-02-09 00:18 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2016-04-29 21:26 - 2016-02-09 00:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2016-04-29 21:26 - 2016-02-09 00:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-04-29 21:25 - 2016-05-05 11:41 - 00000000 ____D C:\Intel
2016-04-29 21:25 - 2016-05-01 12:10 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-29 21:25 - 2016-04-29 21:25 - 00000000 ____D C:\Program Files\Intel
2016-04-29 21:25 - 2015-12-21 11:39 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-04-29 21:25 - 2015-12-21 11:39 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2016-04-29 21:16 - 2016-04-29 21:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-04-29 21:16 - 2016-04-29 21:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-04-29 21:16 - 2015-09-21 22:24 - 00051392 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2016-04-29 21:15 - 2016-04-29 21:15 - 00000000 ____D C:\Users\doryo\AppData\Local\NetworkTiles
2016-04-29 21:15 - 2016-04-29 21:15 - 00000000 ____D C:\Program Files\Synaptics
2016-04-29 21:14 - 2016-04-30 11:29 - 00000000 ____D C:\Users\doryo\AppData\Local\Comms
2016-04-29 21:14 - 2016-04-29 21:15 - 00002367 _____ C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-29 21:14 - 2016-04-29 21:15 - 00000000 ___RD C:\Users\doryo\OneDrive
2016-04-29 21:14 - 2016-04-29 21:14 - 00000000 ____D C:\Users\doryo\AppData\Local\ActiveSync
2016-04-29 21:13 - 2016-04-29 21:13 - 00001051 _____ C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-04-29 21:13 - 2016-04-29 21:13 - 00000000 ____D C:\Users\doryo\AppData\Local\Publishers
2016-04-29 21:13 - 2015-10-29 19:43 - 09893888 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons000a.dll
2016-04-29 21:13 - 2015-10-29 19:42 - 09893888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons000a.dll
2016-04-29 21:13 - 2015-10-29 19:26 - 09687552 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000a.dll
2016-04-29 21:13 - 2015-10-29 19:24 - 09566208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData000a.dll
2016-04-29 21:12 - 2016-05-10 12:05 - 00000000 ____D C:\Users\doryo\AppData\Local\Packages
2016-04-29 21:12 - 2016-05-06 17:13 - 00000000 ____D C:\Users\doryo
2016-04-29 21:12 - 2016-05-02 09:13 - 00000000 ____D C:\Users\doryo\AppData\Roaming\Adobe
2016-04-29 21:12 - 2016-04-30 08:01 - 00000000 ____D C:\Users\doryo\AppData\Local\PackageStaging
2016-04-29 21:12 - 2016-04-29 21:12 - 00000020 ___SH C:\Users\doryo\ntuser.ini
2016-04-29 21:12 - 2016-04-29 21:12 - 00000000 _SHDL C:\Users\doryo\My Documents
2016-04-29 21:12 - 2016-04-29 21:12 - 00000000 _SHDL C:\Users\doryo\Documents\My Videos
2016-04-29 21:12 - 2016-04-29 21:12 - 00000000 _SHDL C:\Users\doryo\Documents\My Pictures
2016-04-29 21:12 - 2016-04-29 21:12 - 00000000 _SHDL C:\Users\doryo\Documents\My Music
2016-04-29 21:12 - 2016-04-29 21:12 - 00000000 ____D C:\Users\doryo\AppData\Local\VirtualStore
2016-04-29 21:12 - 2016-04-29 21:12 - 00000000 ____D C:\Users\doryo\AppData\Local\TileDataLayer
2016-04-29 21:10 - 2016-05-09 21:45 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Default\My Documents
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-04-29 21:06 - 2016-04-29 21:06 - 00000000 _SHDL C:\Documents and Settings
2016-04-20 14:17 - 2016-04-20 14:17 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2016-04-18 09:04 - 2016-04-18 09:04 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys
2016-04-14 10:54 - 2016-04-14 10:54 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-09 21:45 - 2015-10-30 04:21 - 00000000 ____D C:\Windows\INF
2016-05-09 11:37 - 2016-02-13 10:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-09 11:36 - 2015-10-30 03:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-05-08 21:49 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\system32\NDF
2016-05-07 18:05 - 2015-10-30 03:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-05-07 18:03 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\AppReadiness
2016-05-07 03:25 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\addins
2016-05-07 03:14 - 2015-10-30 04:11 - 00000000 ____D C:\Windows\CbsTemp
2016-05-06 17:28 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-06 17:13 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\system32\WinMetadata
2016-05-06 17:13 - 2015-10-30 03:28 - 00000000 ____D C:\Windows\servicing
2016-05-06 17:12 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\security
2016-05-06 17:12 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\registration
2016-05-06 16:01 - 2015-10-30 03:28 - 00524288 ___SH C:\Windows\system32\config\BBI(5033)
2016-05-04 16:48 - 2015-10-30 03:28 - 00524288 ___SH C:\Windows\system32\config\BBI(4892)
2016-05-03 09:45 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\rescache
2016-05-02 14:42 - 2015-10-30 03:28 - 00262144 ___SH C:\Windows\system32\config\BBI(1017)
2016-05-02 12:05 - 2016-02-13 10:11 - 04957608 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-30 19:06 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-30 13:42 - 2016-02-13 10:03 - 00000000 ____D C:\Windows\ShellNew
2016-04-30 13:42 - 2015-10-30 04:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-30 13:38 - 2015-10-30 04:24 - 00000167 _____ C:\Windows\win.ini
2016-04-30 13:38 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-30 08:11 - 2015-10-30 04:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-04-30 07:58 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\appcompat
2016-04-30 02:01 - 2015-10-30 04:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-29 21:34 - 2016-02-13 10:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-29 21:32 - 2016-02-13 10:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 __RSD C:\Windows\Media
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\bcastdvr
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-29 21:32 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-29 21:32 - 2015-10-30 03:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-04-29 21:32 - 2015-10-30 03:28 - 00000000 ____D C:\Windows\system32\Dism
2016-04-29 21:13 - 2016-02-13 09:55 - 00000000 ____D C:\Windows\OCR
2016-04-29 21:12 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-04-29 21:05 - 2015-10-30 03:28 - 00000000 ____D C:\Windows\system32\Sysprep
 
==================== Files in the root of some directories =======
 
2016-05-05 10:05 - 2016-05-05 10:05 - 0000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-04-29 21:27 - 2016-04-29 21:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\doryo\AppData\Local\Temp\dllnt_dump.dll
C:\Users\doryo\AppData\Local\Temp\GLF116A.EXE
C:\Users\doryo\AppData\Local\Temp\GLF5192.EXE
C:\Users\doryo\AppData\Local\Temp\GLF53C6.EXE
C:\Users\doryo\AppData\Local\Temp\GLFF08.EXE
C:\Users\doryo\AppData\Local\Temp\_setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-10 09:03
 
 
 
Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 10 May 2016 - 02:57 PM

Hello doryon and Welcome to the BleepingComputer. :welcome:  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following.

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

============================================================================
How are your PC and browsers  and are there still septoms ?
 
Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 doryon

doryon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 11 May 2016 - 09:24 AM

Hi Yılmaz, 

Great to meet you.

So, now it is removed and everything is working normal again, but please don't close this yet and give me a day or two because it happened before that I got it out and got back again. I'll hopefully confirm that it is definitely gone later.

Here you have the report:

 

Zemana AntiMalware 2.20.2.613 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/11
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-3337U CPU @ 1.80GHz
BIOS Mode              : Legacy
CUID                   : 00F36056A371A448D66A82
Scan Type              : Smart Scan
Duration               : 1m 4s
Scanned Objects        : 13878
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Proxy Settings (System)
Status             : Scanned
Object             : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser = disabled
 
Internet Settings (System)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 46000000340000000500000000000000000000001D000000687474703A2F2F786E2D2D6B6F612E6E65742F7365727665722E7061630500000000000000000000000000000000000000000000000000000000000000
 
Internet Settings (System)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 46000000150000000500000000000000000000001D000000687474703A2F2F786E2D2D6B6F612E6E65742F7365727665722E7061630500000000000000000000000000000000000000000000000000000000000000
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 
 
Let me know if you need any additional information.
Thanks a lot!


#4 doryon

doryon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 11 May 2016 - 01:47 PM

Hi,

Well, it's back.

Please let me know how to proceed.

Thanks!



#5 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 11 May 2016 - 01:58 PM

How is the PC now running and are there still septoms ? Please let me information.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 doryon

doryon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 11 May 2016 - 02:52 PM

Yes, it's still the same as before.

That http://ɴ.net/server.pac proxy is being forced again and it can't be turned off.



#7 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 11 May 2016 - 03:56 PM

Hi doryon,
 

Hi Yılmaz, 
Great to meet you.
So, now it is removed and everything is working normal again, but please don't close this yet and give me a day or two because it happened before that I got it out and got back again. I'll hopefully confirm that it is definitely gone later.

I also,great to meet you.
No problem, you don't have to worry
====================================
Please uninstall:
TuneUp Software
AVG-Secure-Search

And PC restart.
============================================
Step 1:
FRST Fixlist scan:
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

Task: {5B7B3CB4-3E97-4732-96E2-2E7473A2AE4D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {D439639A-595F-42F2-BC0F-83D79C7790CA} - System32\Tasks\AVG-SSU_0516avz => C:\ProgramData\Avg_Update_0516avz\AVG-Secure-Search-Update_0516avz.exe
HKU\S-1-5-21-4099605528-3097000740-2024150600-1001\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://xn--koa.net/server.pac
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-30 13:45 - 2016-05-06 17:17 - 00003808 _____ C:\Windows\System32\Tasks\AutoKMS
2016-04-30 13:44 - 2016-05-07 03:12 - 00000000 ____D C:\Windows\AutoKMS
C:\Users\doryo\AppData\Roaming\TuneUp Software
C:\ProgramData\DP45977C.lfl
C:\Users\doryo\AppData\Local\Temp\dllnt_dump.dll
C:\Users\doryo\AppData\Local\Temp\GLF116A.EXE
C:\Users\doryo\AppData\Local\Temp\GLF5192.EXE
C:\Users\doryo\AppData\Local\Temp\GLF53C6.EXE
C:\Users\doryo\AppData\Local\Temp\GLFF08.EXE
C:\Users\doryo\AppData\Local\Temp\_setup.exe
cmd: dir /s C:\Windows\system32\config\BBI(5033)
cmd: dir /s C:\Windows\system32\config\BBI(4892)
cmd: dir /s C:\Windows\system32\config\BBI(1017)
RemoveProxy:

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.
 
Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 doryon

doryon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 11 May 2016 - 05:43 PM

Hi,

Here are the logs:

 

FRST

Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by doryo (2016-05-11 19:21:32) Run:1
Running from C:\Users\doryo\Desktop
Loaded Profiles: doryo (Available Profiles: doryo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {5B7B3CB4-3E97-4732-96E2-2E7473A2AE4D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {D439639A-595F-42F2-BC0F-83D79C7790CA} - System32\Tasks\AVG-SSU_0516avz => C:\ProgramData\Avg_Update_0516avz\AVG-Secure-Search-Update_0516avz.exe
HKU\S-1-5-21-4099605528-3097000740-2024150600-1001\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://xn--koa.net/server.pac
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-30 13:45 - 2016-05-06 17:17 - 00003808 _____ C:\Windows\System32\Tasks\AutoKMS
2016-04-30 13:44 - 2016-05-07 03:12 - 00000000 ____D C:\Windows\AutoKMS
C:\Users\doryo\AppData\Roaming\TuneUp Software
C:\ProgramData\DP45977C.lfl
C:\Users\doryo\AppData\Local\Temp\dllnt_dump.dll
C:\Users\doryo\AppData\Local\Temp\GLF116A.EXE
C:\Users\doryo\AppData\Local\Temp\GLF5192.EXE
C:\Users\doryo\AppData\Local\Temp\GLF53C6.EXE
C:\Users\doryo\AppData\Local\Temp\GLFF08.EXE
C:\Users\doryo\AppData\Local\Temp\_setup.exe
cmd: dir /s C:\Windows\system32\config\BBI(5033)
cmd: dir /s C:\Windows\system32\config\BBI(4892)
cmd: dir /s C:\Windows\system32\config\BBI(1017)
RemoveProxy:
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5B7B3CB4-3E97-4732-96E2-2E7473A2AE4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B7B3CB4-3E97-4732-96E2-2E7473A2AE4D}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D439639A-595F-42F2-BC0F-83D79C7790CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D439639A-595F-42F2-BC0F-83D79C7790CA}" => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_0516avz => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0516avz" => key removed successfully
HKU\S-1-5-21-4099605528-3097000740-2024150600-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
"C:\Windows\System32\Tasks\AutoKMS" => not found.
C:\Windows\AutoKMS => moved successfully
C:\Users\doryo\AppData\Roaming\TuneUp Software => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\doryo\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\doryo\AppData\Local\Temp\GLF116A.EXE => moved successfully
C:\Users\doryo\AppData\Local\Temp\GLF5192.EXE => moved successfully
C:\Users\doryo\AppData\Local\Temp\GLF53C6.EXE => moved successfully
C:\Users\doryo\AppData\Local\Temp\GLFF08.EXE => moved successfully
C:\Users\doryo\AppData\Local\Temp\_setup.exe => moved successfully
 
=========  dir /s C:\Windows\system32\config\BBI(5033) =========
 
 Volume in drive C has no label.
 Volume Serial Number is AEF7-32D4
File Not Found
 
========= End of CMD: =========
 
 
=========  dir /s C:\Windows\system32\config\BBI(4892) =========
 
 Volume in drive C has no label.
 Volume Serial Number is AEF7-32D4
File Not Found
 
========= End of CMD: =========
 
 
=========  dir /s C:\Windows\system32\config\BBI(1017) =========
 
 Volume in drive C has no label.
 Volume Serial Number is AEF7-32D4
File Not Found
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4099605528-3097000740-2024150600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4099605528-3097000740-2024150600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
==== End of Fixlog 19:21:34 ====
 
 
AdwCleaner
 

# AdwCleaner v5.115 - Logfile created 07/05/2016 at 03:56:43
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : doryo - HARLEY
# Running from : C:\Users\doryo\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : shutterstock.com
[C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : pricegrabber.com
[C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : autoblog.com
[C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : professional-tournament-organizer.softonic.com
[C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : srs-audio-sandbox.en.softonic.com
[C:\Users\doryo\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : shutterstock.com
[C:\Users\doryo\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : pricegrabber.com
[C:\Users\doryo\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\doryo\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : autoblog.com
[C:\Users\doryo\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : professional-tournament-organizer.softonic.com
[C:\Users\doryo\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\doryo\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Found : srs-audio-sandbox.en.softonic.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [2317 bytes] - [07/05/2016 03:56:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2390 bytes] ##########
 
 
Junkware Removal Tool
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by doryo (Administrator) on mi‚. 11/05/2016 at 19:27:47,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on mi‚. 11/05/2016 at 19:29:25,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
ZHPCleaner
 

~ ZHPCleaner v2016.5.9.64 by Nicolas Coolman (2016/05/09)
~ Run by doryo (Administrator)  (11/05/2016 19:37:37)
~ State version : 
~ Type : Repair
~ Report : C:\Users\doryo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\doryo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (1)
MOVED folder: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
 
 
---\\  Registry ( Key, Value, Data) (8)
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\beta.speedtest.net []  =>PUP.Optional.ScriptHost
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\speedtest.net []  =>PUP.Optional.ScriptHost
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.speedtest.net []  =>PUP.Optional.ScriptHost
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\beta.speedtest.net [58]  =>PUP.Optional.ScriptHost
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\speedtest.net []  =>PUP.Optional.ScriptHost
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.speedtest.net [58]  =>PUP.Optional.ScriptHost
DELETED key*: [X64] HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [OCComSDK 1.0 Type Library]  =>PUP.Optional.OpenCandy
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [OCComSDK 1.0 Type Library]  =>PUP.Optional.OpenCandy
 
 
---\\  Summary of the elements found (3)
http://www.nicolascoolman.fr/?p=1120  =>PUP.Optional.ScriptHost
http://www.nicolascoolman.fr/?p=197  =>PUP.Optional.OpenCandy
 
 
---\\  Other deletions. (9)
~ Registry Keys Tracing deleted (9)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 237
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 9
 
 
~ End of clean in 00h00mn10s
~====================
ZHPCleaner-[R]-11052016-19_37_47.txt
ZHPCleaner-[S]-11052016-19_36_24.txt
 
 
 
Again, it seems gone for now.
Please give me a while again to see if it comes back.
Thanks!
 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 11 May 2016 - 06:13 PM

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://xn--koa.net/server.pac

it does not come anymore, because were deleted

=============================================

Step 1:
 Emsisoft Emergency Kit Scan:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Step 2:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 3:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 doryon

doryon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 12 May 2016 - 07:41 AM

Hi,

Just ran everything.

Still no trace of it, but let's give it a couple of hours.

 

Here are the logs:

 

Emsisoft Emergency Kit - Version 11.0
Last update: 12/5/2016 09:11:12
User account: HARLEY\doryo
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 12/5/2016 09:12:21
C:\Users\doryo\AppData\Local\Temp\HYD1051.tmp.1462027890\HTA\install.1462027890.zip detected: Application.InstallAd (A)
 
Scanned 74434
Found 1
 
Scan end: 12/5/2016 09:12:50
Scan time: 0:00:29
 
C:\Users\doryo\AppData\Local\Temp\HYD1051.tmp.1462027890\HTA\install.1462027890.zip Application.InstallAd (A)
 
Quarantined 1
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.05.12.04
  rootkit: v2016.05.06.01
 
Windows 10 x64 NTFS
Internet Explorer 11.306.10586.0
doryo :: HARLEY [administrator]
 
12/5/2016 09:15:05
mbar-log-2016-05-12 (09-15-05).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 285468
Time elapsed: 6 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
RogueKiller V12.2.0.0 [May 10 2016] (Free) by Adlice Software
 
Sistema Operativo : Windows 10 (10.0.10586) 64 bits version
Iniciado en : Modo Normal
Usuario : doryo [Administrador]
Started from : C:\Users\doryo\Desktop\RogueKiller.exe
Modo : Escanear -- Fecha : 05/12/2016 09:30:40
 
¤¤¤ Procesos : 0 ¤¤¤
 
¤¤¤ Registro : 0 ¤¤¤
 
¤¤¤ Tareas : 0 ¤¤¤
 
¤¤¤ Archivos : 0 ¤¤¤
 
¤¤¤ Archivo de hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: No cargado [0xc000036b]) ¤¤¤
 
¤¤¤ Navegadores Web : 0 ¤¤¤
 
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++
--- User ---
[MBR] 34c6910b5f77a39df814ecf62e6c9143
[BSP] 315f333cfd8bd8e2a57f8df013353f83 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 237973 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: AXM13S2-24GM-B +++++
--- User ---
[MBR] 05fd58d2bf3a8a838a73c46d39d11fd0
[BSP] c3ccd4df09bdc017ff9b01f18dc7ea3e : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 22901 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Hitachi HTS541075A9E680 +++++
--- User ---
[MBR] 26c4a921050cf48e69e6e96fff1f312f
[BSP] 7bde65ab53959df359584aa5275960c6 : HP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715403 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
Cheers!


#11 doryon

doryon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 12 May 2016 - 01:15 PM

Hi,

Well, it's back again.

Exact same proxy, same symptoms.

It's a hard one it seems :)



#12 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 12 May 2016 - 01:39 PM

I don't see system-log.txt. Please post.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 doryon

doryon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 12 May 2016 - 01:41 PM

Oh, sorry, I missed that one!

 

Here you go:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.306.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 17056505856, free: 14101229568
 
Downloaded database version: v2016.05.12.04
Downloaded database version: v2016.05.06.01
Downloaded database version: v2016.05.11.01
Initializing...
======================
------------ Kernel report ------------
     05/12/2016 09:14:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\System32\drivers\uim_im.sys
\SystemRoot\System32\drivers\UimFIO.SYS
\SystemRoot\System32\drivers\uim_devim.sys
\SystemRoot\System32\drivers\UimBus.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\Netwbw02.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\SFEP.sys
\SystemRoot\System32\drivers\sows.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\monitor.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\EEK\bin64\epp.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.05.12.04
  rootkit: v2016.05.06.01
 
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AE625731
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 487368704
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe00137f50060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00137f50b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00137f50060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00137dc1060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: AB0F1A1C
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 116015360
    GPT Header CurrentLba = 1 BackupLba 46905263
    GPT Header FirstUsableLba 34  LastUsableLba 46905230
    GPT Header Guid dd3e9d2e-a597-408f-85d3-9ffaeba3f63b
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 116015360
    Backup GPT header CurrentLba = 46905263 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 46905230
    Backup GPT header Guid dd3e9d2e-a597-408f-85d3-9ffaeba3f63b
    Backup GPT header Contains 128 partition entries starting at LBA 46905231
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 179eadbe-6928-4ae6-4591-8f63fadb17b
    FirstLBA 2048  Last LBA 46903295
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 24015495168 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffe00137f4f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00137f4fb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00137f4f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00137db6040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00137db7060, DeviceName: \Device\00000033\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DDC4E5CD
 
Partition information:
 
    Partition 0 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1465145344
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 750156374016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Users\doryo\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1026048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-1-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 
Thanks!


#14 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 12 May 2016 - 03:18 PM

Okay,

 

İnternet explorer:

I would suggest you to go through the following steps and check.
 
a ) Under "Tools" in the browser tool bar select "Internet Options".
b ) In the "Internet Options" Window that pops up, click the "Connections" tab at the top.
c ) Click "LAN Settings" near the bottom of the "Connections" section.
d ) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
e ) Click "Ok" to close the "Local Area Network (LAN) Settings" window.
f ) Click "Ok" to close the "Internet Options" Window.

 

Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737

 

Firefox proxy reset:

http://How to reset the proxy infirefox

 

 To check your Firefox proxy settings:

  1. Click the menu button and choose Options

  2. Select the Advanced panel.
  3. Select the Network tab.
  4. In the Connection section, click Settings....
  5. Change your proxy settings:
    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy.
  6. Click OK to close the Connection Settings window.
  7. Click OK to close the Options window

Chrome proxy reset:

  1. Click "Customize and Control Google Chrome" menu.
  2. Click "Options" button.
  3. Under "Google Chrome Options" window select 'Under the Hood" tab
  4. In the 'Network' section, click the "Change proxy settings" button.
  5. Under "Internet Properties" window click "Lan settings" button.
  6. Under "Local Area Network (LAN) Settings" window click on the Proxy server for your LAN"
  7. If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy. (unticked)
  8. Click OK and Apply to save the settings.

===============================================================================

 

To fix this, press the Windows key on your keyboard, and while holding it down, also press the R key on your keyboard. This will open the Run dialog box as shown below.

run-dialog.jpg

 

In the Open: field in the Run dialog box, type the text inetcpl.cpl, as shown in the image above, and then press the OK button. Once you press OK, the Internet Properties screen will open.

 

When the Internet Properties screen is open, click on the Security tab and you will be shown the security settings for Internet Explorer as shown below.

 

inetcpl-control-panel.jpg

Now click on the Reset all zones to default level button as indicated by the blue arrow in the image above. After you press the reset button, click on the Apply button and then the OK button to save your changes and close the Internet Properties screen.

Next >>

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 

Next >>

 

Kovter Removal Tool 64Bit , download the Symantec Kovter Removal Tool and run.

You can now view the log, which will be saved in the same folder that the tool is located, to see what was removed. This logfile will be named after the removal tool name. So if you downloaded FixTool32.exe, it will be called FixTool32.log.

 

next....

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===========================================
How is the PC now running and any issue ??

 

===============================================================================================

Note: Just is for information;

How to check for malicious Proxy Auto-Config files in Windows

http://www.ghacks.net/2014/03/14/check-malicious-proxy-auto-config-files-windows/


Edited by olgun52, 12 May 2016 - 03:26 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 doryon

doryon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 12 May 2016 - 07:00 PM

Well, this time it's still there and didn't got erased at all.

Here are the logs:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/12/2016 05:32:23 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/12/2016 05:32:40 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)
 
 
C:\00000 nuevos installs\PowerISO6.DC.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
D:\Autos\Honda Fit\getfile.php a variant of Win32/Adware.Toolbar.Shopper.AE application cleaned by deleting
D:\Cositas\corel x6 crack.rar a variant of Win32/Keygen.AU potentially unsafe application deleted
D:\Cositas\CorelDRAW.Graphics.Suite.X6.v16.0.0.707.Incl.Keymaker-CORE.rar a variant of Win32/Keygen.AU potentially unsafe application deleted
D:\Cositas\JDownloaderINTSetup_3.zip Win32/OpenCandy potentially unsafe application deleted
D:\Cositas\Microsoft.Office.Professional.Plus.2013.x64-iNDiSO.rar a variant of MSIL/HackKMS.G potentially unsafe application deleted
D:\Cositas\MTKV253.zip a variant of MSIL/HackKMS.G potentially unsafe application deleted
D:\Cositas\MTKV26B5.zip a variant of MSIL/HackKMS.G potentially unsafe application deleted
D:\Cositas\PDFCreator-1_7_2_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application deleted
D:\Cositas\PDFCreator-1_9_1-setup-beta.exe Win32/InstallMonetizer.AQ potentially unwanted application deleted
D:\Cositas\rcsetup142.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
D:\Cositas\Autocad 2009\AACK.rar a variant of Win32/Keygen.BT potentially unsafe application deleted
D:\Cositas\MTKV253\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application deleted
D:\Cositas\MTKV26B5\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application deleted
D:\d'arriens\Marketing\Video\captura\Mirillis Action! 1.19.2.0 Crack V2 only.rar BAT/HostsChanger.A potentially unsafe application deleted
D:\Downloads\Daemon.Tools.Pro.Advanced.v5.2.0.0348.Multilingual.Cracked-BRD.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
D:\Downloads\ddlsource.com_Tonec.Inc.Internet.Download.Manager.v6.12.22.Incl.Keygen.and.Patch-BRD.rar a variant of Win32/Keygen.AS potentially unsafe application deleted
D:\Downloads\Snagit.v10.0.1.58.Incl.Keygen-MESMERiZE.rar a variant of Win32/Keygen.CZ potentially unsafe application deleted
D:\Music\Tunebite.4.1.0.24.patch-SND.rar a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted
 
 
Let me know how to proceed.
Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users