Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy hijack to http://ɴ.net/server.pac and google redirects


  • This topic is locked This topic is locked
22 replies to this topic

#1 bfsreis

bfsreis

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 17 May 2016 - 04:22 AM

5 days ago I noticed that my google homepage was replaced with an "ancient and od looking" google page.

I ran malwarebyte's free and it found "Hijack.AutoConfigURL.PrxySvrRST" and to registry entries establishing a proxy redirect to this site hxxp://xn--koa.net/server.pac.

Malwarebyte's deleted the entries and google in all the browsers appeared to be normal again. When I searched the registry I couldn't find the hxxp://xn--koa.net/server.pac related entries. All was fine.

Next day I noticed my google was funny again. I ran Malwarebyte's and again it found the same entries. So I started to think it was not be so simple to get rid of that nasty thing.

I reseted all the browser's, cleaned temps and ran ccleaner.

I then ran Kaspersky, AdwCleaner, Junkware Removal Tool, RKill, Full scan in avast with complete rootkit scan, configure malwarebyte's to include rootkit's, eset online scanner, mcfee stinger, hitman pro... and they found nothing. I also installed winpatrol.

In bleepingcomputer I found one help request to a similar (same?) problem but it lead to nothing because it ended in formating the computer, solution I am really trying to avoid.

Tonight I found the "when" it appears. I now have to find "WHAT" is causing it. I noticed that the problem appears at night. This morning I changed my PC time to 20:59 and watched what happened. A dos box appeared informing nslookup.exe is running. I noticed that the 2 malicious entries were added to the registry. They were not there early. And google changed to an old funny version. So it happens at 20:59:45 everyday, not matter what I do.

Thank you.

Attached Files


Edited by Platypus, 17 May 2016 - 06:42 AM.
Deleted duplicate


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 17 May 2016 - 06:03 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.

Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***

:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Copy FRST / FSRT64.exe to your desktop!

Log on to all your user accounts now - without restarting !

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
C:\WINDOWS\SECOH-QAD.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://xn--koa.net/server.pac
ManualProxies: 
SearchScopes: HKU\S-1-5-21-1747157547-3349743972-2654819378-1000 -> {864AA6F9-89DA-4220-BE76-9951EA7FFF11} URL = hxxps://www.google.com/search?q={searchTerms}
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin HKU\S-1-5-21-1747157547-3349743972-2654819378-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]
U3 idsvc; no ImagePath
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Task: {1129E0C9-AD79-44A1-8D4A-C0A70B17B1D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {233C0471-DC57-40A4-8D36-B2C87FEE4D82} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {32D1A082-86C9-469F-9763-9365FCE8A8EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3EC5F996-E742-4E0B-A6F7-7649CD5944FC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {749472C5-FBB1-488D-A3F6-955350326649} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7DB0A5EC-28CF-4178-97E7-FAFF27556F05} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8DFE0259-E708-4013-812D-7199911F3162} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A1C78F50-E6B1-465A-A3D2-C208F6202216} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CDECBDD9-3082-41B6-9215-1C518B6B8A4B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D32DB918-18E3-4108-A408-BF0D9DA6B8E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F35A36B2-8D38-4E6C-80C7-F82D4E1E09FE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\B\Desktop\ScreenOff.exe:com.dropbox.attributes [168]
EmptyTemp:
RemoveProxy:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 bfsreis

bfsreis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 17 May 2016 - 06:36 AM

First of all let me thank you.

 

Now:

 

1. Security check:

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 WinPatrol 
 Java 8 Update 91  
 Java version 32-bit out of Date! 
 Adobe Flash Player 21.0.0.213  
 Mozilla Firefox (45.0.2) 
 Google Chrome (50.0.2661.102) 
 Google Chrome (50.0.2661.94) 
 Google Chrome (Plugins...) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae64.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

2. malwarebyte´s antirootkit:

no malware

 

3. attached

 

 

Attached Files



#4 Jo*

Jo*

  • Malware Response Team
  • 3,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 17 May 2016 - 06:47 AM

Scan with SystemLook
  • Please download SystemLook (32-bit) by jpshortstuff and save it to your desktop
  • Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop For 64-bit users
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:reg 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

:regfind
koa.net
server.pac

:filefind
*koa*
*koa.net*
*server.pac*
  • Click the Look button to start the scan (may take 10 ... 20 min.)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 bfsreis

bfsreis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 17 May 2016 - 07:13 AM

System Look: 

gs:SystemLook 30.07.11 by jpshortstuff
Log created at 12:49 on 17/05/2016 by B
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 "
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"BoxSync"=""C:\Program Files\Box\Box Sync\BoxSync.exe" -m"
 
 
========== regfind ==========
 
Searching for "koa.net"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{15FD0F78-9BA4-4F97-ACC1-5CD5006F4760}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{4850C0BE-00EE-422E-9628-7FACE6812D77}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{5B736BEE-60D3-44DB-AF53-844FF99E8D10}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{15FD0F78-9BA4-4F97-ACC1-5CD5006F4760}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{4850C0BE-00EE-422E-9628-7FACE6812D77}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{5B736BEE-60D3-44DB-AF53-844FF99E8D10}]
 
Searching for "server.pac"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{15FD0F78-9BA4-4F97-ACC1-5CD5006F4760}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{4850C0BE-00EE-422E-9628-7FACE6812D77}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{5B736BEE-60D3-44DB-AF53-844FF99E8D10}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{15FD0F78-9BA4-4F97-ACC1-5CD5006F4760}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{4850C0BE-00EE-422E-9628-7FACE6812D77}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{5B736BEE-60D3-44DB-AF53-844FF99E8D10}]
 
========== filefind ==========
 
Searching for "*koa*"
No files found.
 
Searching for "*koa.net*"
No files found.
 
Searching for "*server.pac*"
No files found.
 
-= EOF =-

 

FRST logs:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016

Ran by B (administrator) on B-PC (17-05-2016 12:54:15)
Running from C:\Users\B\Desktop
Loaded Profiles: B & UpdatusUser &  (Available Profiles: B & UpdatusUser & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
() C:\Users\B\Downloads\Temp\SystemLook_x64.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\rdrleakdiag.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\msoia.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2014-07-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2014-07-16] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2014-07-16] (Alcor Micro Corp.)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6159848 2016-03-04] (Box, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2014-07-16] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-13] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\Run: [Spotify Web Helper] => C:\Users\B\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-08-15] (Spotify Ltd)
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\B\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-08-15] (Spotify Ltd)
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-1747157547-3349743972-2654819378-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-1747157547-3349743972-2654819378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {ce96c976-1bdf-305a-a5bc-d3d65a25e273} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {95c8ce6c-97c8-3561-95ee-8eb750210dff} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {ab5725f7-3efb-38f0-8277-0b79fd221bd4} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {907d4895-c97c-39f6-b8b0-6668088ac4a4} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {93a7b96a-0520-3fc7-868c-95447c3f3b30} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-11] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{ba4e3afc-645b-4147-a0f2-1a0cc3bfa7b6}: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?pc=UE03&ocid=UE03DHP
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?pc=UE03&ocid=UE03DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1747157547-3349743972-2654819378-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1747157547-3349743972-2654819378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1747157547-3349743972-2654819378-1000 -> hxxp://www.google.pt/
 
FireFox:
========
FF ProfilePath: C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno
FF Homepage: hxxps://www.google.pt/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-13] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-03-20] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\B\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-20] (Cisco WebEx LLC)
FF Extension: OpenDownload² - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2016-03-01]
FF Extension: Youtube MP3 Podcaster - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2016-03-15]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-04-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-02-02]
FF Extension: GKeep Panel - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\gkeeppanel@alejandrobrizuela.com.ar.xpi [2016-02-02]
FF Extension: Private Tab - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\privateTab@infocatcher.xpi [2016-02-03]
FF Extension: Undo Closed Tabs Button - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-02-21]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-01-06]
FF Extension: Youtube MP3 Podcaster - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2016-02-21]
FF Extension: OpenDownload² - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2016-02-12]
FF Extension: YouTube High Definition - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-02-26]
FF Extension: FXChrome - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2016-01-27]
FF Extension: Adblock Plus - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\qdswri4w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\Extensions\adblockpopups@jessehakanen.net.xpi [2016-05-13]
FF Extension: YouTube Video and Audio Downloader - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-05-13]
FF Extension: GKeep Panel - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\Extensions\gkeeppanel@alejandrobrizuela.com.ar.xpi [2016-03-01]
FF Extension: Private Tab - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\Extensions\privateTab@infocatcher.xpi [2016-03-01]
FF Extension: Undo Closed Tabs Button - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-03-01]
FF Extension: YouTube High Definition - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-05-13]
FF Extension: FXChrome - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2016-03-21]
FF Extension: Adblock Plus - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\2ytjvj9a.Bruno\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.pt/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.pt/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\B\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\B\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (YouTube) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
CHR Extension: (Google Search) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Portal - WiFi file transfers) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdalmglpnhhkcpgcggdcnlapeonfkhna [2016-04-24]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
CHR Extension: (Gmail) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-30]
CHR HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-11]
 
Opera: 
=======
OPR Session Restore: -> is enabled.
OPR Extension: (AdBlock for YouTube™) - C:\Users\B\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgdogbijachehheddakopmfjahhgmmma [2016-05-16]
OPR Extension: (FVD Video Downloader) - C:\Users\B\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2016-05-16]
OPR Extension: (Magic Actions for YouTube™) - C:\Users\B\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlffnljnicbkfhnlomjhjlebndachaka [2016-05-16]
OPR Extension: (SaveFrom.net helper) - C:\Users\B\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2016-05-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-11] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36240 2016-03-04] (Box, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-20] (Dropbox, Inc.)
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-13] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 meo; C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [144056 2014-07-16] (PT Comunicacoes SA)
S4 meom; C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [144056 2014-07-16] (PT Comunicacoes SA)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [250672 2016-05-16] (McAfee, Inc.)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2016-03-28] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-11] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-08-31] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-09-23] (ASUS Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2016-05-16] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2016-05-16] (McAfee, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-05-14] ()
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wfpcapture; C:\WINDOWS\System32\Drivers\wfpcapture.sys [64728 2016-03-22] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-10-12] (Basil Projects)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15768 2006-11-15] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-18 21:08 - 2016-05-18 21:08 - 02382336 _____ (Farbar) C:\Users\B\Desktop\FRST64.exe
2016-05-17 12:53 - 2016-05-17 12:54 - 00031370 _____ C:\Users\B\Desktop\FRST.txt
2016-05-17 11:38 - 2016-05-17 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-05-17 11:38 - 2016-05-17 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-17 11:38 - 2016-05-17 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-05-17 11:36 - 2016-05-17 12:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-17 11:35 - 2016-05-17 12:05 - 00000000 ____D C:\Users\B\Desktop\mbar
2016-05-16 22:56 - 2016-05-17 07:37 - 00000000 ____D C:\Users\B\AppData\Roaming\WinPatrol
2016-05-16 22:56 - 2016-05-16 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-05-16 22:56 - 2016-05-16 22:56 - 00000000 ____D C:\ProgramData\InstallMate
2016-05-16 22:56 - 2016-05-16 22:56 - 00000000 ____D C:\Program Files (x86)\Ruiware
2016-05-16 22:00 - 2016-05-17 12:53 - 00000000 ____D C:\FRST
2016-05-16 14:18 - 2016-05-16 14:18 - 00864072 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfehidk.sys
2016-05-16 14:18 - 2016-05-16 14:18 - 00250672 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2016-05-16 14:18 - 2016-05-16 14:18 - 00106120 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mferkdet.sys
2016-05-16 13:37 - 2016-05-16 13:37 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-05-16 13:37 - 2016-05-16 13:37 - 00002209 _____ C:\Users\Public\Desktop\Vivaldi.lnk
2016-05-16 13:37 - 2016-05-16 13:37 - 00000000 ____D C:\Users\B\AppData\Local\Vivaldi
2016-05-16 13:37 - 2016-05-16 13:37 - 00000000 ____D C:\Program Files (x86)\Vivaldi
2016-05-16 12:07 - 2016-05-16 12:07 - 00003938 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1463396817
2016-05-16 12:07 - 2016-05-16 12:07 - 00000000 ____D C:\Users\B\AppData\Roaming\Opera Software
2016-05-16 12:07 - 2016-05-16 12:07 - 00000000 ____D C:\Users\B\AppData\Local\Opera Software
2016-05-16 12:06 - 2016-05-16 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-16 12:06 - 2016-05-16 12:06 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-05-15 15:19 - 2016-05-15 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio
2016-05-15 15:09 - 2016-05-15 15:09 - 00000000 ____D C:\Users\B\AppData\Local\IsolatedStorage
2016-05-15 15:08 - 2016-05-15 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Message Analyzer
2016-05-15 15:05 - 2016-05-15 15:10 - 00000000 ____D C:\Users\B\Documents\MessageAnalyzer
2016-05-15 15:05 - 2016-05-15 15:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_wfpcapture_01011.Wdf
2016-05-15 15:04 - 2016-05-15 15:05 - 00000000 ____D C:\Program Files\Microsoft Message Analyzer
2016-05-15 11:28 - 2016-05-15 00:14 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts - Cópia.bak
2016-05-15 00:56 - 2016-05-15 00:56 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-05-15 00:01 - 2016-05-15 11:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-05-14 23:13 - 2016-05-14 23:13 - 00002840 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-14 23:13 - 2016-05-14 23:13 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-14 23:13 - 2016-05-14 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-14 23:13 - 2016-05-14 23:13 - 00000000 ____D C:\Program Files\CCleaner
2016-05-14 22:47 - 2016-05-14 22:47 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-05-14 22:46 - 2016-05-14 23:53 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-14 22:13 - 2016-05-14 22:13 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-14 22:11 - 2016-05-14 22:11 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-14 12:10 - 2016-05-14 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-13 21:13 - 2016-05-13 21:13 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-13 18:09 - 2016-05-13 18:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-05-13 18:09 - 2016-04-25 17:07 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2016-05-11 22:42 - 2016-05-11 22:42 - 00004006 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458682667
2016-05-11 14:35 - 2016-04-23 06:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 14:35 - 2016-04-23 06:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 14:35 - 2016-04-23 05:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 14:35 - 2016-04-23 05:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 14:35 - 2016-04-23 05:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 14:35 - 2016-04-23 05:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 14:35 - 2016-04-23 05:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 14:35 - 2016-04-23 05:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 14:35 - 2016-04-23 05:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 14:35 - 2016-04-23 05:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 14:35 - 2016-04-23 05:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 14:35 - 2016-04-23 05:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 14:35 - 2016-04-23 05:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 14:35 - 2016-04-23 05:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 14:34 - 2016-05-06 05:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 14:34 - 2016-05-06 05:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 14:34 - 2016-05-06 05:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 14:34 - 2016-05-06 04:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 14:34 - 2016-05-06 04:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 14:34 - 2016-05-06 04:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 14:34 - 2016-05-06 04:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 14:34 - 2016-05-06 04:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 14:34 - 2016-04-30 07:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 14:34 - 2016-04-30 07:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 14:34 - 2016-04-23 07:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 14:34 - 2016-04-23 07:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 14:34 - 2016-04-23 07:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 14:34 - 2016-04-23 07:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 14:34 - 2016-04-23 07:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 14:34 - 2016-04-23 07:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 14:34 - 2016-04-23 07:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 14:34 - 2016-04-23 07:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 14:34 - 2016-04-23 06:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 14:34 - 2016-04-23 06:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 14:34 - 2016-04-23 06:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 14:34 - 2016-04-23 06:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 14:34 - 2016-04-23 06:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 14:34 - 2016-04-23 06:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 14:34 - 2016-04-23 06:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 14:34 - 2016-04-23 06:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 14:34 - 2016-04-23 06:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 14:34 - 2016-04-23 06:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 14:34 - 2016-04-23 06:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 14:34 - 2016-04-23 06:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 14:34 - 2016-04-23 06:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 14:34 - 2016-04-23 06:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 14:34 - 2016-04-23 06:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 14:34 - 2016-04-23 06:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 14:34 - 2016-04-23 06:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 14:34 - 2016-04-23 06:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 14:34 - 2016-04-23 06:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 14:34 - 2016-04-23 06:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 14:34 - 2016-04-23 06:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 14:34 - 2016-04-23 06:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 14:34 - 2016-04-23 06:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 14:34 - 2016-04-23 06:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 14:34 - 2016-04-23 06:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 14:34 - 2016-04-23 06:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 14:34 - 2016-04-23 06:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 14:34 - 2016-04-23 06:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 14:34 - 2016-04-23 06:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 14:34 - 2016-04-23 06:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 14:34 - 2016-04-23 06:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 14:34 - 2016-04-23 06:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 14:34 - 2016-04-23 06:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 14:34 - 2016-04-23 06:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 14:34 - 2016-04-23 06:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 14:34 - 2016-04-23 06:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 14:34 - 2016-04-23 06:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 14:34 - 2016-04-23 06:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 14:34 - 2016-04-23 06:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 14:34 - 2016-04-23 06:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 14:34 - 2016-04-23 06:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 14:34 - 2016-04-23 06:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 14:34 - 2016-04-23 06:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 14:34 - 2016-04-23 06:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 14:34 - 2016-04-23 06:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 14:34 - 2016-04-23 06:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 14:34 - 2016-04-23 06:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 14:34 - 2016-04-23 06:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 14:34 - 2016-04-23 06:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 14:34 - 2016-04-23 06:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 14:34 - 2016-04-23 06:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 14:34 - 2016-04-23 06:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 14:34 - 2016-04-23 05:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 14:34 - 2016-04-23 05:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 14:34 - 2016-04-23 05:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 14:34 - 2016-04-23 05:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 14:34 - 2016-04-23 05:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 14:34 - 2016-04-23 05:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 14:34 - 2016-04-23 05:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 14:34 - 2016-04-23 05:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 14:34 - 2016-04-23 05:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 14:34 - 2016-04-23 05:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 14:34 - 2016-04-23 05:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 14:34 - 2016-04-23 05:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 14:34 - 2016-04-23 05:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 14:34 - 2016-04-23 05:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 14:34 - 2016-04-23 05:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 14:34 - 2016-04-23 05:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 14:34 - 2016-04-23 05:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 14:34 - 2016-04-23 05:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 14:34 - 2016-04-23 05:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 14:34 - 2016-04-23 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 14:34 - 2016-04-23 05:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 14:34 - 2016-04-23 05:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 14:34 - 2016-04-23 05:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 14:34 - 2016-04-23 05:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 14:34 - 2016-04-23 05:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 14:34 - 2016-04-23 05:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 14:34 - 2016-04-23 05:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 14:34 - 2016-04-23 05:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 14:34 - 2016-04-23 05:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 14:34 - 2016-04-23 05:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 14:34 - 2016-04-23 05:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 14:34 - 2016-04-23 05:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 14:34 - 2016-04-23 05:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 14:34 - 2016-04-23 05:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 14:34 - 2016-04-23 05:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 14:34 - 2016-04-23 05:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 14:34 - 2016-04-23 05:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 14:34 - 2016-04-23 05:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 14:34 - 2016-04-23 05:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 14:34 - 2016-04-23 05:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 14:34 - 2016-04-23 05:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 14:34 - 2016-04-23 05:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 14:34 - 2016-04-23 05:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 14:34 - 2016-04-23 05:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 14:34 - 2016-04-23 05:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 14:34 - 2016-04-23 05:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 14:34 - 2016-04-23 05:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 14:34 - 2016-04-23 05:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 14:34 - 2016-04-23 05:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 14:34 - 2016-04-23 05:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 14:34 - 2016-04-23 05:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 14:34 - 2016-04-23 05:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 14:34 - 2016-04-23 05:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 14:34 - 2016-04-23 05:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 14:34 - 2016-04-23 05:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 14:34 - 2016-04-23 05:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 14:34 - 2016-04-23 05:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 14:34 - 2016-04-23 05:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 14:34 - 2016-04-23 05:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 14:34 - 2016-04-23 05:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 14:34 - 2016-04-23 05:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 14:34 - 2016-04-23 05:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 14:34 - 2016-04-23 05:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 14:34 - 2016-04-23 05:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 14:34 - 2016-04-23 05:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 14:34 - 2016-04-23 05:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 14:34 - 2016-04-23 05:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 14:34 - 2016-04-23 05:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 14:34 - 2016-04-23 05:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 14:34 - 2016-04-23 05:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 14:34 - 2016-04-23 05:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 14:34 - 2016-04-23 05:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 14:34 - 2016-04-23 05:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 14:34 - 2016-04-23 05:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 14:34 - 2016-04-23 05:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 14:34 - 2016-04-23 05:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 14:34 - 2016-04-23 05:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 14:34 - 2016-04-23 05:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 14:34 - 2016-04-23 05:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 14:34 - 2016-04-23 05:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 14:34 - 2016-04-23 05:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 14:34 - 2016-04-23 05:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 14:34 - 2016-04-23 05:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 14:34 - 2016-04-23 05:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 14:34 - 2016-04-23 05:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 14:34 - 2016-04-23 05:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 14:34 - 2016-04-23 05:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 14:34 - 2016-04-23 05:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 14:34 - 2016-04-23 05:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 14:34 - 2016-04-23 05:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 14:34 - 2016-04-23 05:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 14:34 - 2016-04-23 05:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 14:34 - 2016-04-23 05:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 14:34 - 2016-04-23 05:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 14:34 - 2016-04-23 05:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 14:34 - 2016-04-23 05:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 14:34 - 2016-04-23 05:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 14:34 - 2016-04-23 05:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 14:34 - 2016-04-23 05:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 14:34 - 2016-04-23 05:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 14:34 - 2016-04-23 05:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 14:34 - 2016-04-23 05:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 14:34 - 2016-04-23 05:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 14:34 - 2016-04-23 05:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 14:34 - 2016-04-23 05:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 14:34 - 2016-04-23 05:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 14:34 - 2016-04-23 05:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 14:34 - 2016-04-23 05:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 14:34 - 2016-04-23 05:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 14:34 - 2016-04-23 05:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 14:34 - 2016-04-23 05:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 14:34 - 2016-04-23 05:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 14:34 - 2016-04-23 05:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 14:34 - 2016-04-23 05:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 14:34 - 2016-04-23 05:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 14:34 - 2016-04-23 05:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 14:34 - 2016-04-23 05:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 14:34 - 2016-04-23 05:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 14:34 - 2016-04-23 05:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 14:34 - 2016-04-23 05:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 14:34 - 2016-04-23 05:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 14:34 - 2016-04-23 05:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 14:34 - 2016-04-23 05:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 14:34 - 2016-04-23 05:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 14:34 - 2016-04-23 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 14:34 - 2016-04-23 05:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 14:34 - 2016-04-23 04:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 14:34 - 2016-04-23 03:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 14:34 - 2016-04-23 03:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 14:34 - 2016-04-18 23:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 14:19 - 2016-05-17 12:24 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 14:19 - 2016-05-17 12:24 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 14:19 - 2016-05-11 14:19 - 00004084 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 14:19 - 2016-05-11 14:19 - 00003852 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 12:48 - 2016-05-11 12:48 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-05-11 12:48 - 2016-05-11 12:48 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-05-10 23:09 - 2016-05-16 23:06 - 00000000 ____D C:\Users\B\AppData\LocalLow\uTorrent
2016-05-10 09:14 - 2016-05-10 09:14 - 00003628 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2016-05-08 12:52 - 2016-05-12 14:17 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-08 12:52 - 2016-05-10 23:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-08 12:44 - 2016-05-08 12:44 - 00003488 _____ C:\WINDOWS\System32\Tasks\InstallShield® Update Service Scheduler
2016-04-28 16:04 - 2016-04-28 16:04 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-04-28 16:04 - 2016-04-28 16:04 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-04-26 21:26 - 2016-04-26 21:26 - 00000968 _____ C:\Users\Public\Desktop\AIMP.lnk
2016-04-26 21:26 - 2016-04-26 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2016-04-25 17:35 - 2016-04-25 17:35 - 00001875 _____ C:\Users\B\Desktop\Google Drive (2).lnk
2016-04-25 17:08 - 2016-05-13 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-25 17:08 - 2016-04-25 17:07 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-24 00:44 - 2016-04-24 00:44 - 00002959 _____ C:\Users\B\Desktop\Portal - WiFi file transfers.lnk
2016-04-23 22:26 - 2016-05-03 16:55 - 00000000 ___RD C:\Users\B\Google Drive
2016-04-23 22:26 - 2016-04-23 22:26 - 00001788 _____ C:\Users\B\Desktop\Google Drive.lnk
2016-04-23 22:25 - 2016-04-28 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-23 22:23 - 2016-05-17 12:52 - 00000000 ____D C:\Users\B\Downloads\Temp
2016-04-23 18:51 - 2016-04-23 19:37 - 00001820 _____ C:\Users\B\Desktop\Google Chrome.lnk
2016-04-23 18:46 - 2016-04-23 18:46 - 00000000 ____D C:\Users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-18 21:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-18 20:59 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-18 20:59 - 2015-08-31 20:59 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5610EDFD-B20E-4249-A266-FC2A4CB69A6A}
2016-05-17 12:29 - 2015-12-27 21:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-17 12:24 - 2015-10-10 15:02 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-05-17 12:24 - 2015-08-31 10:33 - 00000000 __SHD C:\Users\B\IntelGraphicsProfiles
2016-05-17 12:23 - 2016-01-19 00:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-17 12:22 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-17 12:22 - 2015-03-20 18:27 - 00000000 ____D C:\Users\B\AppData\LocalLow\Temp
2016-05-17 11:35 - 2015-12-27 21:56 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-17 11:11 - 2015-09-09 08:27 - 00000000 ____D C:\Users\B\AppData\Local\CrashDumps
2016-05-17 09:17 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-05-17 07:36 - 2014-09-06 22:02 - 00000000 ____D C:\WINDOWS\AutoKMS
2016-05-16 23:06 - 2015-09-14 21:13 - 00000000 ____D C:\Users\B\AppData\Roaming\uTorrent
2016-05-16 22:51 - 2015-09-01 13:48 - 00000000 ____D C:\Program Files\KMSpico
2016-05-16 22:32 - 2016-02-14 22:57 - 00000000 ____D C:\Users\B\AppData\Roaming\AIMP
2016-05-16 22:29 - 2016-01-19 00:16 - 02118804 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-16 22:29 - 2015-10-30 20:12 - 00905636 _____ C:\WINDOWS\system32\prfh0816.dat
2016-05-16 22:29 - 2015-10-30 20:12 - 00196988 _____ C:\WINDOWS\system32\prfc0816.dat
2016-05-16 22:29 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-16 16:33 - 2014-09-02 17:40 - 00000000 ____D C:\Users\B\AppData\Local\Spotify
2016-05-16 16:29 - 2014-07-16 15:09 - 00000000 ___RD C:\Users\B\MEOCloud
2016-05-16 12:54 - 2014-09-02 17:39 - 00000000 ____D C:\Users\B\AppData\Roaming\Spotify
2016-05-16 09:51 - 2015-08-31 10:33 - 00000000 ____D C:\Users\B\AppData\Local\Packages
2016-05-15 15:19 - 2014-10-03 23:25 - 00000000 ____D C:\Program Files\Serviio
2016-05-15 15:13 - 2016-02-15 00:14 - 00000000 ____D C:\Users\B\AppData\Roaming\Serviio-Console-Wrapper
2016-05-15 14:40 - 2014-07-16 14:28 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-05-15 11:32 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2016-05-15 02:35 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-15 00:14 - 2016-01-19 00:07 - 00338184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-14 23:56 - 2014-07-18 22:04 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-14 23:22 - 2016-01-31 01:25 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-14 22:27 - 2016-03-20 13:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-14 21:31 - 2015-08-31 10:33 - 00000000 ____D C:\Users\B\AppData\Local\VirtualStore
2016-05-13 21:33 - 2016-01-19 00:17 - 00000000 ____D C:\Users\B
2016-05-13 21:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\security
2016-05-13 21:13 - 2015-12-27 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-13 21:13 - 2015-12-27 21:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-13 20:52 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 18:10 - 2014-07-16 15:40 - 00000000 ____D C:\ProgramData\Oracle
2016-05-13 18:09 - 2015-08-29 12:47 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-13 09:26 - 2014-07-16 14:28 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 14:16 - 2015-07-15 20:20 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-11 22:55 - 2015-08-31 10:33 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 22:42 - 2016-03-22 22:37 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-05-11 22:37 - 2015-10-30 20:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 22:37 - 2015-10-30 08:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 22:37 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 22:37 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 22:37 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 22:37 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 20:57 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 20:57 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 14:48 - 2014-07-18 22:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 12:48 - 2014-07-16 14:27 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-05-11 12:48 - 2014-07-16 14:27 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-05-11 12:48 - 2014-07-16 14:27 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-05-11 12:48 - 2014-07-16 14:27 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-05-11 12:48 - 2014-07-16 14:27 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-05-11 12:48 - 2014-07-16 14:27 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-05-11 12:48 - 2014-07-16 14:27 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-05-11 12:47 - 2016-03-22 22:37 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-05-11 12:47 - 2014-07-16 14:27 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-05-10 23:10 - 2015-07-15 20:20 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-10 23:10 - 2014-07-16 14:45 - 00000000 ____D C:\ProgramData\Adobe
2016-05-10 23:06 - 2016-02-02 15:31 - 00000000 ____D C:\ProgramData\Lenovo
2016-05-10 23:06 - 2015-11-09 22:10 - 00000000 ____D C:\Users\B\AppData\Local\Lenovo
2016-05-10 23:06 - 2015-11-09 22:08 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-05-08 14:43 - 2014-07-16 15:39 - 00000000 ____D C:\Users\B\AppData\Roaming\Adobe
2016-05-08 14:41 - 2014-07-18 21:35 - 00000000 ____D C:\Users\B\AppData\Local\Adobe
2016-05-08 12:52 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-05-05 13:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-30 17:49 - 2014-07-16 14:27 - 00000000 ____D C:\Users\B\AppData\Local\Google
2016-04-28 15:56 - 2015-05-19 21:43 - 00000000 ____D C:\Users\B\Documents\Ficheiros do Outlook
2016-04-26 21:26 - 2016-02-14 22:57 - 00000000 ____D C:\Program Files (x86)\AIMP
2016-04-25 18:22 - 2016-03-22 15:58 - 00000000 ___RD C:\Users\B\Dropbox
2016-04-25 17:08 - 2015-08-29 12:27 - 00000000 ____D C:\Users\B\.oracle_jre_usage
2016-04-25 17:06 - 2014-10-03 23:24 - 00000000 ____D C:\Program Files\Java
2016-04-23 22:25 - 2014-07-16 14:27 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-23 22:17 - 2016-03-20 13:02 - 00000000 ____D C:\Users\B\AppData\Local\Dropbox
 
==================== Files in the root of some directories =======
 
2015-07-26 21:08 - 2015-07-26 21:08 - 0000038 ___SH () C:\Users\B\AppData\Local\69ff07055291669bb2b218.72821112
2015-09-14 21:15 - 2015-09-14 21:15 - 0000218 _____ () C:\Users\B\AppData\Local\recently-used.xbel
2015-03-19 21:32 - 2015-05-24 00:13 - 0007608 _____ () C:\Users\B\AppData\Local\Resmon.ResmonCfg
2015-12-20 16:12 - 2015-12-20 16:12 - 0000000 _____ () C:\Users\B\AppData\Local\{203D9476-47A0-49EB-B278-5B9541A5732A}
2015-12-21 16:12 - 2015-12-21 16:12 - 0000000 _____ () C:\Users\B\AppData\Local\{23A593F0-85A0-4460-89B7-061BB5F9D3F4}
2015-12-19 16:12 - 2015-12-19 16:12 - 0000000 _____ () C:\Users\B\AppData\Local\{92774133-2994-40DC-9650-C4F301DB2C3A}
2015-07-24 15:54 - 2015-07-24 15:54 - 0000000 _____ () C:\Users\B\AppData\Local\{C4C197EE-5E29-4737-A211-9FFDCC0C158A}
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-08 13:10
 
==================== End of FRST.txt ============================
 
addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by B (2016-05-17 13:05:35)
Running from C:\Users\B\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-18 23:45:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1747157547-3349743972-2654819378-500 - Administrator - Disabled)
B (S-1-5-21-1747157547-3349743972-2654819378-1000 - Administrator - Enabled) => C:\Users\B
Convidado (S-1-5-21-1747157547-3349743972-2654819378-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1747157547-3349743972-2654819378-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1747157547-3349743972-2654819378-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-1747157547-3349743972-2654819378-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Actualizações da NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.02.1713, 26.04.2016 - AIMP DevTeam)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0142.68441 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0142.68441 - Alcor Micro Corp.) Hidden
Allway Sync version 15.3.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.6 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.1 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Box Sync (HKLM\...\{FAA6D20B-4F15-4E1A-84C3-41B354C0B235}) (Version: 4.0.7255.0 - Box, Inc.)
Bullzip PDF Printer 10.7.0.2277 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.7.0.2277 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Desinstalar Impressora EPSON SX110 Series (HKLM\...\EPSON SX110 Series) (Version:  - SEIKO EPSON Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.1 - Dropbox, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Ferramentas de Verificação do Microsoft Office 2013 - Português (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.77.5240 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
IRS - Modelo 3 Impressos 2016 (HKLM\...\pt.at.DM3IRSCLIv2016) (Version: 2016.2.3.0137 - AT)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEO Music (HKLM-x32\...\{BA8152E5-18E5-4CCB-81D2-344C0FC4D5A6}) (Version: 3.1.02 - PT Comunicações S.A.)
MEOCloud (HKLM\...\{DBBE1DF3-F7F0-4068-B283-D48A3F369BF1}) (Version: 0.1.214.64 - PT Comunicações S.A.)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Message Analyzer (HKLM\...\{DAA1EBBC-6DBD-4889-B317-9021BCA1B0B2}) (Version: 4.0.7948.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 pt-PT)) (Version: 45.0.2 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
NVIDIA Controlador gráfico 307.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.07 - NVIDIA Corporation)
NVIDIA O software do sistema PhysX 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de controladores do Windows - ASUS (ATP) Mouse  (08/01/2015 10.0.0.5) (HKLM\...\B267A462F49A1ACD7A2EC5C262BA0DC7D7B23891) (Version: 08/01/2015 10.0.0.5 - ASUS)
Pacote de controladores do Windows - ASUS (ATP) Mouse  (10/13/2012 1.0.0.146) (HKLM\...\19BB77B03643718D26B01876FD391DC93B189805) (Version: 10/13/2012 1.0.0.146 - ASUS)
Pacote de controladores do Windows - Intel (NETwLv64) net  (10/07/2010 13.4.0.139) (HKLM\...\EA1C8ECD4E416637C38F0079F98C8C7B0A112265) (Version: 10/07/2010 13.4.0.139 - Intel)
Pacote de controladores do Windows - Intel (NETwNs64) net  (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Pacote de controladores do Windows - Intel (NETwNs64) net  (03/12/2012 15.1.1.1) (HKLM\...\738EE4A2348F1D264E42F18DCB309A694B162AE3) (Version: 03/12/2012 15.1.1.1 - Intel)
Painel de controlo da NVIDIA 353.54 (Version: 353.54 - NVIDIA Corporation) Hidden
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (HKLM-x32\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Serviio (HKLM\...\Serviio) (Version:  - )
Spotify (HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
Spotify (HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
Tag&Rename 3.8.1 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.8.1 - Softpointer Inc)
Task Killer (remove only) (HKLM-x32\...\Task Killer) (Version:  - )
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0816-1000-0000000FF1CE}_Office15.PROPLUSR_{A3F244FB-7263-468D-BF1C-AA28E842579D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0816-1000-0000000FF1CE}_Office15.PROPLUSR_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 1.1.453.59 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
X10 Hardware™ (HKLM-x32\...\X10Hardware) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\B\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}\InprocServer32 -> C:\Program Files\MEOCloud\MEOCloudShell.dll (MEO)
CustomCLSID: HKU\S-1-5-21-1747157547-3349743972-2654819378-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\B\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1747157547-3349743972-2654819378-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1747157547-3349743972-2654819378-1000_Classes\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}\InprocServer32 -> C:\Program Files\MEOCloud\MEOCloudShell.dll (MEO)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A1C336B-17A0-465F-885D-23B1E82F7F4C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1283328E-07FA-49FE-B9E2-FB34BABD41C7} - System32\Tasks\Opera scheduled Autoupdate 1463396817 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-09] (Opera Software)
Task: {13E29FFF-2F64-4F8F-8843-E901D3112460} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {1679DF08-65EE-4C36-A6BB-C6CCE5FB838B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {22307D89-F2DD-448C-B706-76C8E28A3F76} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {27EE54E8-CCED-4EF4-A6FE-B3176F659B30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2D684C52-D910-4587-8712-739C8D7AA87D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {2FDC1252-92AE-47F4-B130-644527FE164C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {3447FB3E-F94F-4155-9068-00F15C97E5B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {39449C99-64D4-4C54-AE62-02A86F6734F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {413A88CF-3D9B-405A-B12E-8B9C6614B46A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {44A363F8-1B17-49F5-8076-1FFA1C1D960A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4E789EAB-929C-478D-B7D6-C6A515D85FB8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {5069F5E2-DB19-4683-B4CA-A4445DB1EDFE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5729FD42-4BD2-43C4-B448-D292FECB308B} - System32\Tasks\SafeZone scheduled Autoupdate 1458682667 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {5C1F5831-C1C1-467E-B28A-ED73E27D0FAA} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\updateservice\ISUSPM.exe [2016-04-20] (InstallShield®)
Task: {638F84C1-8A1B-4244-AD7D-F1EF363D6E58} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {647C5D40-0426-470A-B13C-127D75F9C0C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {6F0B029C-9348-4FA8-A857-6175FE9E911C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {70398683-CA4B-40ED-B183-F086F21295C5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {84417477-842F-479B-A9D0-D1B1E15CCEDB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {88C1D750-7B96-494E-A659-8635AD345AAC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {8C8844F7-6AC8-4664-A861-AACBEAB475DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-11] (AVAST Software)
Task: {A18D9E6D-FF6C-45DB-BDAB-C8EA5C6E0D9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A60AC1E0-9D9E-4481-92AB-82C8CCA46CE6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A6CF946F-D429-47B1-95CF-85A269735E55} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B1DFD2EE-06E4-4B98-97E6-9CAFDD99E347} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {CFAF21A0-1BD3-4C69-B83E-6FB56446FDB9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D194C698-405E-42EC-B474-A0EF29527924} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E5032346-1BBE-4595-AD70-94206AED1C01} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {EACD00E1-7A87-438F-A4BC-0639864ABD3A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek)
Task: {ED3BC681-6E20-421A-AA4B-7FD7B72227E0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {EDEA8C35-A621-48F1-B2AD-7851E4BB192B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F326D161-572D-4BB4-B75F-6C125F60FE31} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F63E1763-C692-4D8E-BF64-8BBD150562F3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F7F0CF26-D33F-421C-8308-A30020264646} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F8841016-EA6B-4074-9EAB-E8B942B56C90} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-14] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-19 00:12 - 2015-07-13 18:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-28 22:06 - 2016-03-28 22:06 - 00327680 _____ () C:\Program Files\Serviio\bin\ServiioService.exe
2016-04-12 21:57 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 21:57 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-11 14:34 - 2016-04-23 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-19 00:01 - 2016-01-19 00:01 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:34 - 2016-04-23 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 14:34 - 2016-04-23 05:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:35 - 2016-04-23 04:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:35 - 2016-04-23 05:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-05-11 12:48 - 2016-05-11 12:48 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-11 12:48 - 2016-05-11 12:48 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-17 11:17 - 2016-05-17 11:17 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\16051701\algo.dll
2016-05-17 12:24 - 2016-05-17 12:24 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\16051702\algo.dll
2016-05-11 12:48 - 2016-05-11 12:48 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-11 12:48 - 2016-05-11 12:48 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-15 23:19 - 2015-12-15 23:19 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-05-16 13:37 - 2016-05-13 13:11 - 00950904 _____ () C:\Program Files (x86)\Vivaldi\Application\1.1.453.59\ffmpeg.dll
2016-05-16 13:37 - 2016-05-13 13:11 - 01735800 _____ () C:\Program Files (x86)\Vivaldi\Application\1.1.453.59\libglesv2.dll
2016-05-16 13:37 - 2016-05-13 13:11 - 00083064 _____ () C:\Program Files (x86)\Vivaldi\Application\1.1.453.59\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2016-05-17 12:21 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\B\Downloads\tene25(2584).jpg
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\B\Downloads\tene25(2584).jpg
HKU\S-1-5-21-1747157547-3349743972-2654819378-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-1747157547-3349743972-2654819378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: EPSON_EB_RPCV4_01 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: meo => 2
MSCONFIG\Services: meom => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: UI Assistant Service => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^Users^B^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk => C:\Windows\pss\Serviio.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\banda larga tmn\UIExec.exe"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run: => "BoxSync"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Family Tree Builder Update"
HKLM\...\StartupApproved\Run32: => "WSHelperSetup.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "AceWebExtensionUpdater"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "autoRunTest"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "WSHelperSetup.exe"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_11836027D01E6B8D26F19EB308161323"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "AceWebExtensionUpdater"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "autoRunTest"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "WSHelperSetup.exe"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_11836027D01E6B8D26F19EB308161323"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1747157547-3349743972-2654819378-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "KSS"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{313D93F3-8611-412A-99D9-CD6B3F2B832D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E4D5A5C9-A0EF-4E78-B1CE-F5CA438D75ED}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{7FC0A68C-1C69-4E70-9006-E4104F90E4DF}C:\users\b\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A7E98567-AFC5-47C7-81CD-53ED2801F5BF}C:\users\b\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3A5B1DCD-B1D0-4D03-84F1-BA6571C946FF}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{07238399-B85B-409C-A396-D6B927D6DA76}C:\users\b\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\b\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{3CEC3091-3E55-40EB-8975-2F2297ACA291}C:\users\b\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\b\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{92DFE437-0219-4A62-A077-CDF839C9D54A}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [UDP Query User{0423468E-268C-45C2-A64A-7E467DA68E9D}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [{E4C78A10-B278-4850-BC0B-2370C9609B19}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{5B0A4156-4FC6-415A-B1B4-1D1AE070F1B2}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{9C701B87-5C06-4881-A3C7-7B7D5DDFCB06}] => (Allow) C:\Program Files\Serviio\console\ServiioConsole.exe
FirewallRules: [TCP Query User{17A39974-B30C-423A-8BFE-BA683FD5884F}C:\users\b\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4A4098BF-F7CB-4598-9029-6C0868551E9B}C:\users\b\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E5771AC9-9176-4AB4-BB67-2BBDD54DEAE9}] => (Allow) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
 
==================== Restore Points =========================
 
08-05-2016 12:16:23 Installed Pdfedit
10-05-2016 23:03:44 Removed Adobe Acrobat DC.
14-05-2016 22:21:53 JRT Pre-Junkware Removal
17-05-2016 12:21:18 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/17/2016 12:26:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2 na linha C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (05/17/2016 12:26:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2 na linha C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (05/17/2016 12:24:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2 na linha C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (05/17/2016 12:21:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary LLDP (Link-Layer Discovery Protocol) da Microsoft.
 
System Error:
Acesso negado.
.
 
Error: (05/17/2016 12:21:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópia Sombra de Volumes: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Este é muitas vezes causado por definições de segurança incorretas no processo do escritor ou requerente.
 
 
Operação:
   A Recolher Dados de Escritor
 
Contexto:
   ID de Classe de Escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome de Escritor: System Writer
   ID de Instância de Escritor: {78803ab8-ce7e-492c-8e7b-32831250cfe7}
 
Error: (05/17/2016 11:15:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2 na linha C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (05/17/2016 11:10:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regedit.exe, versão: 10.0.10586.0, carimbo de data/hora: 0x5632d798
Nome do módulo com falha: COMCTL32.dll, versão: 6.10.10586.0, carimbo de data/hora: 0x5632d2ce
Código de exceção: 0xc00000fd
Desvio de falha: 0x00000000000037a7
ID do processo com falha: 0x206c
Hora de início da aplicação com falha: 0xregedit.exe0
Caminho da aplicação com falha: regedit.exe1
Caminho do módulo com falha: regedit.exe2
ID do Relatório: regedit.exe3
Nome completo do pacote com falha: regedit.exe4
ID da aplicação relativa ao pacote com falha: regedit.exe5
 
Error: (05/17/2016 09:20:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2 na linha C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (05/16/2016 10:56:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2 na linha C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (05/16/2016 10:56:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2 na linha C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
 
System errors:
=============
Error: (05/17/2016 12:23:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço NetTcpActivator depende do serviço NetTcpPortSharing o qual falhou o arranque devido ao seguinte erro: 
%%1058
 
Error: (05/17/2016 12:22:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Windows Search falhou o arranque devido ao seguinte erro: 
%%1069
 
Error: (05/17/2016 12:22:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: O serviço WSearch não conseguiu registar como NT AUTHORITY\SYSTEM com a palavra-passe configurada atualmente devido ao seguinte erro: 
%%50
 
Para assegurar que o serviço está configurado corretamente, utilize o snap-in 'Serviços' na 'Consola de gestão da Microsoft' (MMC).
 
Error: (05/17/2016 12:22:24 PM) (Source: DCOM) (EventID: 10010) (User: B-PC)
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/17/2016 12:22:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados do Utilizador_346fa terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 10000 milissegundos: Reiniciar o serviço.
 
Error: (05/17/2016 12:22:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados do Utilizador_346fa terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 10000 milissegundos: Reiniciar o serviço.
 
Error: (05/17/2016 12:22:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Dados de Contacto_346fa terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 10000 milissegundos: Reiniciar o serviço.
 
Error: (05/17/2016 12:22:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Anfitrião de Sincronização_346fa terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 10000 milissegundos: Reiniciar o serviço.
 
Error: (05/17/2016 12:21:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Search terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 30000 milissegundos: Reiniciar o serviço.
 
Error: (05/17/2016 12:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço MBAMService terminou inesperadamente. Isto aconteceu 1 vez(es).
 
 
CodeIntegrity:
===================================
  Date: 2016-05-15 02:18:06.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\SHAREit Technologies\SHAREit\unins000.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-14 12:01:51.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 21:37:49.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 11:04:37.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-11 22:42:46.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-10 23:12:17.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Hardcoded Software\dupeGuru\updater.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-10 23:12:10.698
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Hardcoded Software\dupeGuru\updater.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-10 23:08:15.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\SHAREit Technologies\SHAREit\unins000.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2016-04-13 11:59:55.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-12 22:55:14.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 57%
Total physical RAM: 5581.58 MB
Available physical RAM: 2354.36 MB
Total Virtual: 11213.58 MB
Available Virtual: 7316.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:419.54 GB) (Free:313.36 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:278.32 GB) (Free:50.56 GB) NTFS
Drive g: () (Removable) (Total:14.91 GB) (Free:10.91 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 966ECCA6)
Partition 1: (Active) - (Size=419.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=795 MB) - (Type=27)
Partition 3: (Not Active) - (Size=278.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 Jo*

Jo*

  • Malware Response Team
  • 3,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 17 May 2016 - 07:23 AM


Hi,

:step1: Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program

***


:step2: ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

***


:step3: How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 bfsreis

bfsreis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 17 May 2016 - 09:32 AM

1. Sophos:

Nothing found

 

2. Emsisoft:

Emsisoft Anti-Malware Free - Versão 11.0
Última atualização 17-05-2016 13:37:20
User account: B-PC\B
 
Configuração do exame:
 
Tipo de exame: Malware Scan
arquivos: Rootkits, Memória, Rastros, Files
 
Detect PUPs: Ligado
Análise de arquivos: Desligado
Análise de ADS: Ligado
Extensão de arquivo: Desligado
Caching avançado: Ligado
Acesso direto ao disco: Desligado
 
Início do exame: 17-05-2016 13:42:29
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINDIVERT1.1 detectados: Application.AdShell (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINDIVERT1.1 detectados: Application.AdShell (A)
C:\WINDOWS\SECOH-QAD.dll detectados: Riskware.NetTool (A)
 
Analisados: 84384
Achado 3
 
Fim do exame: 17-05-2016 13:48:52
Duração do exame: 0:06:23

 

3. Now is fine, back to normal. But if I change the system hour manually to 20:59 and the hijack returns.



#8 Jo*

Jo*

  • Malware Response Team
  • 3,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 17 May 2016 - 09:52 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{15FD0F78-9BA4-4F97-ACC1-5CD5006F4760}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{4850C0BE-00EE-422E-9628-7FACE6812D77}] 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{5B736BEE-60D3-44DB-AF53-844FF99E8D10}]
C:\Users\B\AppData\Local\69ff07055291669bb2b218.72821112

CMD: ipconfig /flushdns

end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

turn off all computers, iphones, ...
then unplug the power cable from the router,
then unplug the power cable from the (Cable) modem

....let it OFF for about 5 minutes.

Then with the computers still off,
plug back in the Cable modem power cable.

...when all the lights come on:
then plug in the router,

when all the lights come back on:
then start all computers:

Now check if your problem still exists.
Post results here!


***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 17 May 2016 - 12:19 PM

We see you started later a Topic with the same issue at the MB Forum
https://forums.malwarebytes.org/topic/183235-hijackautoconfigurlprxysvrrst-malware/

You can get help only from one forum, decide from which forum and let the topic at the other forum close by a moderator!

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 bfsreis

bfsreis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 17 May 2016 - 01:30 PM

Thank you for the help so far.

 

I'm following this forum instructions and I will stay here. I will ask MB forum to close the thread.

 

Did what you suggested. Because my ISP is down when I arrived home I am connecting to the internet thru my phone 4G.

 

When I was without internet I changed date and hour (to 20:59) and nothing happened. The minute I connected to internet the problem came back.

I used MB and detected and deleted the 2 registry entries.



#11 Jo*

Jo*

  • Malware Response Team
  • 3,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 17 May 2016 - 02:12 PM

Scan with SystemLook again
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:dir 
C:\Windows\System32\Tasks /s

:reg 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr

:regfind
koa.net
server.pac
wscript.exe

:filefind
*koa*
*.pac*
*proxy.txt
  • Click the Look button to start the scan (may take 10 ... 20 min.)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt





***



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. DSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Edited by Jo*, 18 May 2016 - 04:25 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 bfsreis

bfsreis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 18 May 2016 - 10:11 AM

Hello again and sorry for the delay answering you.

 

Ok I did what you asked and here's the log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 15:41 on 18/05/2016 by B
Administrator - Elevation successful
 
========== dir ==========
 
C:\Windows\System32\Tasks - Parameters: "/s"
 
---Files---
ASUS Smart Gesture Launcher --a---- 3628 bytes [08:14 10/05/2016] [08:14 10/05/2016]
avast! Emergency Update --a---- 4280 bytes [13:28 16/07/2014] [19:59 26/05/2016]
CCleanerSkipUAC --a---- 2840 bytes [22:13 14/05/2016] [22:13 14/05/2016]
GoogleUpdateTaskMachineCore --a---- 3852 bytes [13:19 11/05/2016] [13:19 11/05/2016]
GoogleUpdateTaskMachineUA --a---- 4084 bytes [13:19 11/05/2016] [13:19 11/05/2016]
InstallShield® Update Service Scheduler --a---- 3324 bytes [11:44 08/05/2016] [20:57 17/05/2016]
Opera scheduled Autoupdate 1463396817 --a---- 3938 bytes [11:07 16/05/2016] [11:07 16/05/2016]
User_Feed_Synchronization-{5610EDFD-B20E-4249-A266-FC2A4CB69A6A} --a---- 4154 bytes [19:59 31/08/2015] [19:59 18/05/2016]
 
C:\Windows\System32\Tasks\Microsoft d------ [07:24 30/10/2015]
 
C:\Windows\System32\Tasks\Microsoft\Office d------ [23:36 10/10/2015]
Office 15 Subscription Heartbeat --a---- 3508 bytes [23:41 10/10/2015] [23:40 18/01/2016]
OfficeTelemetryAgentFallBack --a---- 2820 bytes [23:36 10/10/2015] [23:40 18/01/2016]
OfficeTelemetryAgentLogOn --a---- 2748 bytes [23:36 10/10/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows d------ [07:24 30/10/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework d------ [12:21 10/07/2015]
.NET Framework NGEN v4.0.30319 --a---- 3706 bytes [12:21 10/07/2015] [08:57 20/01/2016]
.NET Framework NGEN v4.0.30319 64 --a---- 3712 bytes [12:21 10/07/2015] [12:36 20/03/2016]
.NET Framework NGEN v4.0.30319 64 Critical --a---- 2882 bytes [12:21 10/07/2015] [14:06 12/05/2016]
.NET Framework NGEN v4.0.30319 Critical --a---- 2876 bytes [12:21 10/07/2015] [16:44 12/05/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client d------ [12:21 10/07/2015]
AD RMS Rights Policy Template Management (Automated) --a---- 3978 bytes [12:21 10/07/2015] [23:40 18/01/2016]
AD RMS Rights Policy Template Management (Manual) --a---- 3426 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\AppID d------ [12:21 10/07/2015]
EDP Policy Manager --a---- 3436 bytes [12:21 10/07/2015] [23:40 18/01/2016]
PolicyConverter --a---- 2722 bytes [12:21 10/07/2015] [23:40 18/01/2016]
SmartScreenSpecific --a---- 3320 bytes [12:21 10/07/2015] [23:40 18/01/2016]
VerifiedPublisherCertStoreCheck --a---- 3346 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience d------ [12:21 10/07/2015]
Microsoft Compatibility Appraiser --a---- 4680 bytes [23:40 18/01/2016] [23:45 18/01/2016]
ProgramDataUpdater --a---- 3014 bytes [23:40 18/01/2016] [23:40 18/01/2016]
StartupAppTask --a---- 3090 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData d------ [12:21 10/07/2015]
CleanupTemporaryState --a---- 3052 bytes [12:21 10/07/2015] [23:40 18/01/2016]
DsSvcCleanup --a---- 2716 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient d------ [12:21 10/07/2015]
Pre-staged app cleanup --a---- 3086 bytes [12:21 10/07/2015] [09:43 19/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk d------ [12:21 10/07/2015]
Proxy --a---- 2870 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth d------ [12:21 10/07/2015]
UninstallDeviceTask --a---- 2328 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient d------ [12:21 10/07/2015]
AikCertEnrollTask --a---- 2936 bytes [12:21 10/07/2015] [23:40 18/01/2016]
CryptoPolicyTask --a---- 2830 bytes [23:40 18/01/2016] [23:40 18/01/2016]
KeyPreGenTask --a---- 3092 bytes [12:21 10/07/2015] [23:40 18/01/2016]
SystemTask --a---- 3694 bytes [12:21 10/07/2015] [23:40 18/01/2016]
UserTask --a---- 3680 bytes [12:21 10/07/2015] [23:40 18/01/2016]
UserTask-Roam --a---- 3554 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk d------ [12:21 10/07/2015]
ProactiveScan --a---- 2780 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Clip d------ [12:21 10/07/2015]
License Validation --a---- 3428 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost d------ [12:21 10/07/2015]
CreateObjectTask --a---- 2242 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program d------ [12:21 10/07/2015]
Consolidator --a---- 3030 bytes [12:21 10/07/2015] [23:40 18/01/2016]
KernelCeipTask --a---- 3410 bytes [12:21 10/07/2015] [23:40 18/01/2016]
UsbCeip --a---- 3260 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan d------ [12:21 10/07/2015]
Data Integrity Scan --a---- 3714 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Data Integrity Scan for Crash Recovery --a---- 3354 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag d------ [12:21 10/07/2015]
ScheduledDefrag --a---- 2930 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup d------ [12:21 10/07/2015]
Metadata Refresh --a---- 2984 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient d------ [23:40 18/01/2016]
IntegrityCheck --a---- 3138 bytes [23:40 18/01/2016] [23:40 18/01/2016]
RegisterDeviceAccountChange --a---- 3192 bytes [23:40 18/01/2016] [23:40 18/01/2016]
RegisterDeviceConnectedToNetwork --a---- 3172 bytes [23:40 18/01/2016] [23:45 18/01/2016]
RegisterDevicePeriodic1 --a---- 3264 bytes [23:40 18/01/2016] [23:45 18/01/2016]
RegisterDevicePeriodic24 --a---- 3444 bytes [23:40 18/01/2016] [23:45 18/01/2016]
RegisterDevicePeriodic6 --a---- 3236 bytes [23:40 18/01/2016] [23:45 18/01/2016]
RegisterDeviceScreenOnOff --a---- 3272 bytes [23:40 18/01/2016] [23:45 18/01/2016]
RegisterDeviceSettingChange --a---- 3202 bytes [23:40 18/01/2016] [23:40 18/01/2016]
RegisterUserDevice --a---- 3308 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis d------ [12:21 10/07/2015]
Scheduled --a---- 3092 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup d------ [12:21 10/07/2015]
SilentCleanup --a---- 3072 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic d------ [12:04 16/07/2014]
Microsoft-Windows-DiskDiagnosticDataCollector --a---- 3094 bytes [12:04 16/07/2014] [20:48 09/03/2016]
Microsoft-Windows-DiskDiagnosticResolver --a---- 2766 bytes [12:04 16/07/2014] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint d------ [12:21 10/07/2015]
Diagnostics --a---- 2398 bytes [12:21 10/07/2015] [23:40 18/01/2016]
StorageSense --a---- 2562 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DUSM d------ [23:40 18/01/2016]
dusmtask --a---- 2384 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails d------ [23:40 18/01/2016]
EnableErrorDetailsUpdate --a---- 2782 bytes [23:40 18/01/2016] [23:40 18/01/2016]
ErrorDetailsUpdate --a---- 2948 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback d------ [12:21 10/07/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf d------ [12:21 10/07/2015]
DmClient --a---- 2880 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory d------ [12:21 10/07/2015]
File History (maintenance mode) --a---- 2996 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller d------ [12:21 10/07/2015]
Installation --a---- 3550 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Uninstallation --a---- 3228 bytes [12:21 10/07/2015] [18:41 26/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\License Manager d------ [23:40 18/01/2016]
TempSignedLicenseExchange --a---- 3340 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Live d------ [12:21 10/07/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Live\Roaming d------ [12:21 10/07/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Location d------ [12:21 10/07/2015]
Notifications --a---- 2638 bytes [12:21 10/07/2015] [23:40 18/01/2016]
WindowsActionDialog --a---- 2572 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance d------ [12:21 10/07/2015]
WinSAT --a---- 3002 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Management d------ [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning d------ [23:40 18/01/2016]
Logon --a---- 2998 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Maps d------ [12:21 10/07/2015]
MapsToastTask --a---- 2946 bytes [12:21 10/07/2015] [23:40 18/01/2016]
MapsUpdateTask --a---- 3474 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center d------ [13:06 12/04/2011]
ActivateWindowsSearch --a---- 2606 bytes [12:04 16/07/2014] [23:40 18/01/2016]
ConfigureInternetTimeService --a---- 2634 bytes [12:04 16/07/2014] [23:40 18/01/2016]
DispatchRecoveryTasks --a---- 2544 bytes [12:04 16/07/2014] [23:40 18/01/2016]
ehDRMInit --a---- 2586 bytes [12:04 16/07/2014] [23:40 18/01/2016]
InstallPlayReady --a---- 2600 bytes [12:04 16/07/2014] [23:40 18/01/2016]
mcupdate --a---- 2674 bytes [12:04 16/07/2014] [23:40 18/01/2016]
mcupdate_scheduled --a---- 2610 bytes [08:17 31/08/2015] [23:40 18/01/2016]
MediaCenterRecoveryTask --a---- 2838 bytes [12:04 16/07/2014] [23:40 18/01/2016]
ObjectStoreRecoveryTask --a---- 2842 bytes [12:04 16/07/2014] [23:40 18/01/2016]
OCURActivate --a---- 2566 bytes [12:04 16/07/2014] [23:40 18/01/2016]
OCURDiscovery --a---- 2586 bytes [12:04 16/07/2014] [23:40 18/01/2016]
PBDADiscovery --a---- 2570 bytes [12:04 16/07/2014] [23:40 18/01/2016]
PBDADiscoveryW1 --a---- 2792 bytes [12:04 16/07/2014] [23:40 18/01/2016]
PBDADiscoveryW2 --a---- 2794 bytes [12:04 16/07/2014] [23:40 18/01/2016]
PeriodicScanRetry --a---- 2990 bytes [12:04 16/07/2014] [23:40 18/01/2016]
PvrRecoveryTask --a---- 2810 bytes [12:04 16/07/2014] [23:40 18/01/2016]
PvrScheduleTask --a---- 2802 bytes [12:04 16/07/2014] [23:40 18/01/2016]
RecordingRestart --a---- 2832 bytes [12:04 16/07/2014] [23:40 18/01/2016]
RegisterSearch --a---- 2594 bytes [12:04 16/07/2014] [23:40 18/01/2016]
ReindexSearchRoot --a---- 2618 bytes [12:04 16/07/2014] [23:40 18/01/2016]
SqlLiteRecoveryTask --a---- 2826 bytes [12:04 16/07/2014] [23:40 18/01/2016]
StartRecording --a---- 2484 bytes [22:28 07/10/2014] [23:40 18/01/2016]
UpdateRecordPath --a---- 2922 bytes [12:04 16/07/2014] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\Extender d------ [13:06 12/04/2011]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic d------ [12:21 10/07/2015]
ProcessMemoryDiagnosticEvents --a---- 5684 bytes [12:21 10/07/2015] [23:40 18/01/2016]
RunFullMemoryDiagnostic --a---- 3446 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts d------ [12:21 10/07/2015]
MNO Metadata Parser --a---- 3582 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC d------ [12:04 16/07/2014]
HotStart --a---- 2762 bytes [12:04 16/07/2014] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MUI d------ [12:21 10/07/2015]
LPRemove --a---- 2796 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia d------ [12:21 10/07/2015]
SystemSoundsService --a---- 2574 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg d------ [12:21 10/07/2015]
BindingWorkItemQueueHandler --a---- 2818 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace d------ [12:21 10/07/2015]
GatherNetworkInfo --a---- 2444 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection d------ [04:54 14/07/2009]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc d------ [23:40 18/01/2016]
WiFiTask --a---- 2996 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack d------ [04:55 14/07/2009]
BackgroundConfigSurveyor --a---- 3008 bytes [04:55 14/07/2009] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\PI d------ [12:21 10/07/2015]
Secure-Boot-Update --a---- 3060 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Sqm-Tasks --a---- 2880 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\PLA d------ [07:24 30/10/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System d------ [07:24 30/10/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play d------ [12:21 10/07/2015]
Device Install Group Policy --a---- 2972 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Device Install Reboot Required --a---- 2992 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Plug and Play Cleanup --a---- 3200 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Sysprep Generalize Drivers --a---- 2338 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics d------ [12:21 10/07/2015]
AnalyzeSystem --a---- 3128 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RAC d------ [04:55 14/07/2009]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Ras d------ [12:21 10/07/2015]
MobilityManager --a---- 3462 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment d------ [12:21 10/07/2015]
VerifyWinRE --a---- 3480 bytes [12:21 10/07/2015] [09:15 02/02/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Registry d------ [12:21 10/07/2015]
RegIdleBackup --a---- 3218 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update d------ [07:24 30/10/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance d------ [12:21 10/07/2015]
RemoteAssistanceTask --a---- 3796 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools d------ [21:04 18/07/2014]
MRT_HB --a---- 3654 bytes [12:01 24/02/2016] [21:14 10/03/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RetailDemo d------ [12:21 10/07/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing d------ [12:21 10/07/2015]
StartComponentCleanup --a---- 2502 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync d------ [12:21 10/07/2015]
BackgroundUploadTask --a---- 2544 bytes [12:21 10/07/2015] [23:40 18/01/2016]
NetworkStateChangeTask --a---- 2904 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Setup d------ [08:28 21/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Shell d------ [12:21 10/07/2015]
CreateObjectTask --a---- 2636 bytes [12:21 10/07/2015] [23:40 18/01/2016]
FamilySafetyMonitor --a---- 3512 bytes [12:21 10/07/2015] [23:40 18/01/2016]
FamilySafetyRefresh --a---- 4052 bytes [12:21 10/07/2015] [23:40 18/01/2016]
IndexerAutomaticMaintenance --a---- 2756 bytes [12:21 10/07/2015] [23:40 18/01/2016]
WindowsParentalControls --a---- 3174 bytes [04:57 14/07/2009] [23:40 18/01/2016]
WindowsParentalControlsMigration --a---- 3246 bytes [04:57 14/07/2009] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow d------ [12:04 16/07/2014]
AutoWake --a---- 3052 bytes [12:04 16/07/2014] [23:40 18/01/2016]
GadgetManager --a---- 2978 bytes [12:04 16/07/2014] [23:40 18/01/2016]
SessionAgent --a---- 3060 bytes [12:04 16/07/2014] [23:40 18/01/2016]
SystemDataProviders --a---- 3060 bytes [12:04 16/07/2014] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform d------ [12:21 10/07/2015]
SvcRestartTask --a---- 4680 bytes [12:21 10/07/2015] [14:39 18/05/2016]
SvcRestartTaskLogon --a---- 3372 bytes [12:21 10/07/2015] [19:27 22/01/2016]
SvcRestartTaskNetwork --a---- 4048 bytes [12:21 10/07/2015] [19:27 22/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort d------ [12:21 10/07/2015]
SpaceAgentTask --a---- 3006 bytes [12:21 10/07/2015] [23:40 18/01/2016]
SpaceManagerTask --a---- 3070 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management d------ [23:40 18/01/2016]
Storage Tiers Management Initialization --a---- 3200 bytes [23:40 18/01/2016] [23:40 18/01/2016]
Storage Tiers Optimization --a---- 3286 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter d------ [07:24 30/10/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain d------ [12:21 10/07/2015]
HybridDriveCachePrepopulate --a---- 3056 bytes [12:21 10/07/2015] [23:40 18/01/2016]
HybridDriveCacheRebalance --a---- 3126 bytes [12:21 10/07/2015] [23:40 18/01/2016]
ResPriStaticDbSync --a---- 2972 bytes [12:21 10/07/2015] [23:40 18/01/2016]
WsSwapAssessmentTask --a---- 3858 bytes [12:21 10/07/2015] [13:25 06/05/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore d------ [12:21 10/07/2015]
SR --a---- 2976 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager d------ [12:21 10/07/2015]
Interactive --a---- 2762 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler d------ [07:24 30/10/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip d------ [04:53 14/07/2009]
IpAddressConflict1 --a---- 3208 bytes [04:53 14/07/2009] [23:40 18/01/2016]
IpAddressConflict2 --a---- 3324 bytes [04:53 14/07/2009] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework d------ [12:21 10/07/2015]
MsCtfMonitor --a---- 2566 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization d------ [12:21 10/07/2015]
ForceSynchronizeTime --a---- 2932 bytes [12:21 10/07/2015] [23:40 18/01/2016]
SynchronizeTime --a---- 2902 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone d------ [12:21 10/07/2015]
SynchronizeTimeZone --a---- 2600 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TPM d------ [12:21 10/07/2015]
Tpm-HASCertRetr --a---- 2816 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Tpm-Maintenance --a---- 3592 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator d------ [12:21 10/07/2015]
Maintenance Install --a---- 2420 bytes [12:22 10/07/2015] [19:52 13/05/2016]
MusUx_UpdateInterval --a---- 2292 bytes [13:26 19/09/2015] [23:40 18/01/2016]
Policy Install --a---- 3192 bytes [12:22 10/07/2015] [23:45 18/01/2016]
Reboot --a---- 3180 bytes [12:21 10/07/2015] [13:50 11/05/2016]
Resume On Boot --a---- 2268 bytes [12:22 10/07/2015] [20:22 17/05/2016]
Schedule Retry Scan --a---- 3128 bytes [20:22 17/05/2016] [20:22 17/05/2016]
Schedule Scan --a---- 5286 bytes [12:21 10/07/2015] [20:21 17/05/2016]
USO_UxBroker_Display --a---- 2330 bytes [12:22 10/07/2015] [23:40 18/01/2016]
USO_UxBroker_ReadyToReboot --a---- 2396 bytes [12:22 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP d------ [12:21 10/07/2015]
UPnPHostConfig --a---- 2328 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service d------ [12:21 10/07/2015]
HiveUploadTask --a---- 3650 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WCM d------ [07:24 30/10/2015]
WiFiTask --a---- 2920 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WDI d------ [12:21 10/07/2015]
ResolutionHost --a---- 2892 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies d------ [12:21 10/07/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender d------ [12:21 10/07/2015]
Windows Defender Cache Maintenance --a---- 2776 bytes [23:40 18/01/2016] [23:40 18/01/2016]
Windows Defender Cleanup --a---- 2738 bytes [23:40 18/01/2016] [23:40 18/01/2016]
Windows Defender Scheduled Scan --a---- 2728 bytes [23:40 18/01/2016] [23:40 18/01/2016]
Windows Defender Verification --a---- 2764 bytes [23:40 18/01/2016] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting d------ [12:21 10/07/2015]
QueueReporting --a---- 3990 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform d------ [12:21 10/07/2015]
BfeOnServiceStartTypeChange --a---- 3288 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing d------ [12:21 10/07/2015]
UpdateLibrary --a---- 3420 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup d------ [12:21 10/07/2015]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem d------ [12:21 10/07/2015]
Calibration Loader --a---- 3224 bytes [12:21 10/07/2015] [08:42 19/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate d------ [12:21 10/07/2015]
Automatic App Update --a---- 3426 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Scheduled Start --a---- 5078 bytes [12:21 10/07/2015] [14:38 18/05/2016]
sih --a---- 3300 bytes [12:21 10/07/2015] [23:40 18/01/2016]
sihboot --a---- 3186 bytes [12:21 10/07/2015] [23:39 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet d------ [12:21 10/07/2015]
CacheTask --a---- 2564 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WOF d------ [12:21 10/07/2015]
WIM-Hash-Management --a---- 3060 bytes [12:21 10/07/2015] [23:40 18/01/2016]
WIM-Hash-Validation --a---- 2794 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders d------ [12:21 10/07/2015]
Work Folders Logon Synchronization --a---- 2790 bytes [12:21 10/07/2015] [23:40 18/01/2016]
Work Folders Maintenance Work --a---- 3090 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join d------ [12:21 10/07/2015]
Automatic-Device-Join --a---- 2744 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WS d------ [12:21 10/07/2015]
License Validation --a---- 4116 bytes [12:21 10/07/2015] [23:40 18/01/2016]
WSTask --a---- 2784 bytes [12:21 10/07/2015] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\Microsoft\Windows Defender d------ [04:57 14/07/2009]
 
C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform d------ [13:53 16/07/2014]
SvcRestartTask --a---- 3756 bytes [13:53 16/07/2014] [23:40 18/01/2016]
 
C:\Windows\System32\Tasks\WPD d------ [05:09 14/07/2009]
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 "
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"BoxSync"=""C:\Program Files\Box\Box Sync\BoxSync.exe" -m"
 
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr]
(No values found)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{2565BF0C-5D1D-4300-9DA1-8646DE5EB089}]
 
 
========== regfind ==========
 
Searching for "koa.net"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{2565BF0C-5D1D-4300-9DA1-8646DE5EB089}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{2565BF0C-5D1D-4300-9DA1-8646DE5EB089}]
 
Searching for "server.pac"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{2565BF0C-5D1D-4300-9DA1-8646DE5EB089}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{2565BF0C-5D1D-4300-9DA1-8646DE5EB089}]
 
Searching for "wscript.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WScript.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSEFile\DefaultIcon]
@="C:\Windows\System32\WScript.exe,3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSEFile\Shell\Open\Command]
@="C:\Windows\System32\WScript.exe "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSFile\DefaultIcon]
@="C:\Windows\System32\WScript.exe,3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSFile\Shell\Open\Command]
@="C:\Windows\System32\WScript.exe "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBEFile\DefaultIcon]
@="%SystemRoot%\System32\WScript.exe,2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBEFile\Shell\Open\Command]
@=""%SystemRoot%\System32\WScript.exe" "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon]
@="%SystemRoot%\System32\WScript.exe,2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open\Command]
@=""%SystemRoot%\System32\WScript.exe" "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WSFFile\DefaultIcon]
@="%SystemRoot%\System32\WScript.exe,2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WSFFile\Shell\Open\Command]
@=""%SystemRoot%\System32\WScript.exe" "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WSHFile\DefaultIcon]
@="%SystemRoot%\System32\WScript.exe,1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WSHFile\Shell\Open\Command]
@=""%SystemRoot%\System32\WScript.exe" "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe]
 
========== filefind ==========
 
Searching for "*koa*"
No files found.
 
Searching for "*.pac*"
C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.750.4.0_x86__kgqvnymyfvs32\res_output\scenes\minishop\booster.pack.best.value.graphics.xml --a---- 1432 bytes [17:50 08/02/2016] [17:52 08/02/2016] 1E6DEC49DCE94C5BF71B71BC596EDAEE
C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.750.4.0_x86__kgqvnymyfvs32\res_output\scenes\minishop\booster.pack.graphics.xml --a---- 717 bytes [17:50 08/02/2016] [17:52 08/02/2016] CE22B355FF4112540E9EC564D359A30F
C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.750.4.0_x86__kgqvnymyfvs32\res_output\scenes\minishop\booster.pack.shadow.xml --a---- 365 bytes [17:50 08/02/2016] [17:52 08/02/2016] 71AF72943CD1DBCA75C5214A5A018E9E
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Packaging.RichJPG.dll --a---- 521216 bytes [15:51 29/03/2016] [15:52 29/03/2016] 0CE319704E2E19062F400B2A28E4B7EF
C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2016.325.60.0_x64__8wekyb3d8bbwe\Microsoft.Packaging.RichJPG.dll --a---- 1032192 bytes [11:37 08/04/2016] [11:37 08/04/2016] 14711544E2C0448BDC9788B825926AEC
C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2016.325.60.0_x64__8wekyb3d8bbwe\Microsoft.Packaging.RichJPG.winmd --a---- 17920 bytes [11:37 08/04/2016] [11:37 08/04/2016] 7B978CB0CA979087AADAD61FE8B4D869
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.ArchiverProviders.dll --a---- 75264 bytes [11:01 10/07/2015] [11:01 10/07/2015] 541064B2C71506D9EB43997600925A58
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.CoreProviders.dll --a---- 46080 bytes [11:01 10/07/2015] [11:01 10/07/2015] BB5E1DB548B0AAE586088F0A25AE2B4C
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.dll --a---- 240128 bytes [11:01 10/07/2015] [11:01 10/07/2015] 2A0461EC9D9F3D8107A463709129D3AF
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.MetaProvider.PowerShell.dll --a---- 54784 bytes [11:01 10/07/2015] [11:01 10/07/2015] 86858C8F2CFC521FB41CF7911A10FFB7
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.MsiProvider.dll --a---- 243712 bytes [11:01 10/07/2015] [11:01 10/07/2015] D9182ABEAF080201FE92D2CB2E17010A
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.MsuProvider.dll --a---- 14336 bytes [11:01 10/07/2015] [11:01 10/07/2015] DBE60E907F9339AD0392F4421AA64A35
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PowerShell.PackageManagement.dll --a---- 126464 bytes [11:01 10/07/2015] [11:01 10/07/2015] 44011ACFE5C72F8E4BAF13DEDDB99EEA
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.ArchiverProviders.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] C2FCAC228CC87BE660849BA3C1387A46
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.CoreProviders.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] 2DABEE9323E60FE5F329939B710BE9E4
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] 933AD18FE587E437F7A53A6B38F10BA7
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.MsiProvider.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] 335D08CE7EF45E305D778A9AF089CDEB
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.MsuProvider.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] 70F2809D016F3384689DFBCD4BFB97E2
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.resources.dll --a---- 7168 bytes [16:27 10/07/2015] [16:27 10/07/2015] 2BCBE3F4275D70F3737A1DEF7E053878
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PowerShell.PackageManagement.resources.dll --a---- 12288 bytes [16:27 10/07/2015] [16:27 10/07/2015] 8295D78885E525C4B5CEB8B3FD567C75
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.ArchiverProviders.dll --a---- 73728 bytes [07:24 30/10/2015] [07:21 30/10/2015] 758C8495FFD97A64269B99DEB40F7ED3
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.CoreProviders.dll --a---- 55296 bytes [07:24 30/10/2015] [07:21 30/10/2015] 28D2B02615B7A45254ED2EA0AF960E2F
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.dll --a---- 253440 bytes [07:24 30/10/2015] [07:21 30/10/2015] BC9481630788C2D9672A7562784DC603
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MetaProvider.PowerShell.dll --a---- 68608 bytes [07:24 30/10/2015] [07:21 30/10/2015] EECBA7A18490891F7BCDD0E4FABBD2E5
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MsiProvider.dll --a---- 243712 bytes [07:24 30/10/2015] [07:21 30/10/2015] C97B84D39F7C9942154AFDDDCEBD99BC
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MsuProvider.dll --a---- 14336 bytes [07:24 30/10/2015] [07:21 30/10/2015] D2EC39E9D681022206663EA54A326698
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PowerShell.PackageManagement.dll --a---- 151040 bytes [07:24 30/10/2015] [07:21 30/10/2015] 4C0E3494B34132A6D00609EC968965F4
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.ArchiverProviders.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] AEF0AF542393361345A51A68490AAC9D
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.CoreProviders.resources.dll --a---- 4608 bytes [19:11 30/10/2015] [19:11 30/10/2015] 5081AFCEBD78F0BEA41D2EC9D4FFD736
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll --a---- 6144 bytes [19:11 30/10/2015] [19:11 30/10/2015] B226D82AEDD708C3201BD718D6B10F88
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MsiProvider.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] 7DA1F6E8E24CF3BA05C44FCAB7E6EA3B
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MsuProvider.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] 5ED19EC793861202AA17538EC48349C8
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.resources.dll --a---- 11776 bytes [19:11 30/10/2015] [19:11 30/10/2015] 1341561E02DC1CCD8A771925F064EE59
C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PowerShell.PackageManagement.resources.dll --a---- 16384 bytes [19:11 30/10/2015] [19:11 30/10/2015] E93A85C4FD9BC1871B9B32218B2E3BF7
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.ArchiverProviders.dll --a---- 75264 bytes [11:01 10/07/2015] [11:01 10/07/2015] 4483E85A114BB35B6FAA75E06480FB03
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.CoreProviders.dll --a---- 46080 bytes [11:01 10/07/2015] [11:01 10/07/2015] 0FE4EB52AAD0AA0ACD440FD21E7284BD
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.dll --a---- 240128 bytes [11:01 10/07/2015] [11:01 10/07/2015] 508A3527131A44B4437AD641832D362A
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.MetaProvider.PowerShell.dll --a---- 54784 bytes [11:01 10/07/2015] [11:01 10/07/2015] 508C0377F6F10BDEFFDEDB060E756011
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.MsiProvider.dll --a---- 243712 bytes [11:01 10/07/2015] [11:01 10/07/2015] 49B1ADAEF8B09E4EA8EEF88704325BA5
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PackageManagement.MsuProvider.dll --a---- 14336 bytes [11:01 10/07/2015] [11:01 10/07/2015] 1ECD056045985743912D72DC988D2081
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PowerShell.PackageManagement.dll --a---- 126464 bytes [11:01 10/07/2015] [11:01 10/07/2015] 03D77D70141E1462E134CFC8C6B7F670
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.ArchiverProviders.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] 2B3AD83257194FC38F2F546A3EBCD967
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.CoreProviders.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] DCF8E85E2F695839B06E7E9DAD7EF099
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] 9B7EFB853628F442E5C0DAD694772D78
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.MsiProvider.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] 3765845833ED49F5DDBD7EA03E08773D
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.MsuProvider.resources.dll --a---- 4096 bytes [16:27 10/07/2015] [16:27 10/07/2015] 6D189EC491FBD86249647744888AE6E0
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PackageManagement.resources.dll --a---- 7168 bytes [16:27 10/07/2015] [16:27 10/07/2015] 6A69C578E4CA9D028F5293ECBF00451B
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\Microsoft.PowerShell.PackageManagement.resources.dll --a---- 12288 bytes [16:27 10/07/2015] [16:27 10/07/2015] 546B0767B273537200DE46D496F7A606
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.ArchiverProviders.dll --a---- 73728 bytes [07:24 30/10/2015] [07:21 30/10/2015] C754324E86DFCDCE9C57708993418AFC
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.CoreProviders.dll --a---- 55296 bytes [07:24 30/10/2015] [07:21 30/10/2015] 160AF93C8262619EB7A50DD1EBB16799
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.dll --a---- 253440 bytes [07:24 30/10/2015] [07:21 30/10/2015] 541E1E91969F03D3E53C05C8FA930642
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MetaProvider.PowerShell.dll --a---- 68608 bytes [07:24 30/10/2015] [07:21 30/10/2015] E8085767F47BD8C976E7A067BD67D410
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MsiProvider.dll --a---- 243712 bytes [07:24 30/10/2015] [07:21 30/10/2015] FB72C74A5E51C7859F42C6E5AA46C50B
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MsuProvider.dll --a---- 14336 bytes [07:24 30/10/2015] [07:21 30/10/2015] 6D0C20B2ADD02B61970C8293BF8DAA5A
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PowerShell.PackageManagement.dll --a---- 151040 bytes [07:24 30/10/2015] [07:21 30/10/2015] 230A90E3EC521FF576866DB0A0EA5251
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.ArchiverProviders.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] C3F82473A143DC52746F68616AD71FDD
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.CoreProviders.resources.dll --a---- 4608 bytes [19:11 30/10/2015] [19:11 30/10/2015] 01C74F2CF010B813F5373229C60848DE
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll --a---- 6144 bytes [19:11 30/10/2015] [19:11 30/10/2015] 19C24AB938A8A5533B06671CDFCF15C5
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MsiProvider.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] EBE7BDDBFDF3A7E86911780103D7EA05
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MsuProvider.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] 35E3C9116A69476BE38B462ED35439D2
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.resources.dll --a---- 11776 bytes [19:11 30/10/2015] [19:11 30/10/2015] 691EC0028501AE66F9C142C69DEE86CB
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PowerShell.PackageManagement.resources.dll --a---- 16384 bytes [19:11 30/10/2015] [19:11 30/10/2015] C78F9F1DC15C5A25090F100297562505
C:\Windows\InfusedApps\Packages\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Lumia.Media.Packaging.RTM.dll --a---- 651264 bytes [19:17 30/10/2015] [19:17 30/10/2015] CD28B69483C3CF63F2083E2F8BFAE8F3
C:\Windows\InfusedApps\Packages\Microsoft.WindowsCamera_2015.1071.40.0_x64__8wekyb3d8bbwe\Lumia.Media.Packaging.RTM.dll --a---- 663040 bytes [19:17 30/10/2015] [19:17 30/10/2015] 45ECD0F7EC1C399632F34197B295C359
C:\Windows\InfusedApps\Packages\Microsoft.WindowsCamera_2015.1071.40.0_x64__8wekyb3d8bbwe\Lumia.Media.Packaging.winmd --a---- 9728 bytes [19:17 30/10/2015] [19:17 30/10/2015] BB7F12FF3141678BC6B28D9C1F4ACA56
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Appx.PackageManager.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.Appx.PackageManager.Commands.dll --a---- 52736 bytes [07:17 30/10/2015] [07:17 30/10/2015] 86393703B4D7CEA3D8ABAED46B2DCE2A
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Appx.PackageManager.Commands.Resources\v4.0_10.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Appx.PackageManager.Commands.Resources.dll --a---- 6656 bytes [19:11 30/10/2015] [19:11 30/10/2015] D18E5BFCA5A03501F58E2C82D2DFFED0
C:\Windows\System32\DiagSvcs\DiagnosticsHub.Packaging.dll --a---- 179200 bytes [07:17 30/10/2015] [07:17 30/10/2015] DE98BF818E734B6FFEEEBA991E4C4049
C:\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.10586.0_none_bdc7c7f51dcd1d8d\DiagnosticsHub.Packaging.dll --a---- 179200 bytes [07:17 30/10/2015] [07:17 30/10/2015] DE98BF818E734B6FFEEEBA991E4C4049
C:\Windows\WinSxS\amd64_microsoft.packagema..ement.coreproviders_31bf3856ad364e35_10.0.10586.0_none_92e51eb0725e4a78\Microsoft.PackageManagement.CoreProviders.dll --a---- 22616 bytes [07:19 30/10/2015] [08:06 30/10/2015] 84340354FE2953B32BC9CD81070FF14A
C:\Windows\WinSxS\amd64_microsoft.packagema..iprovider.resources_31bf3856ad364e35_10.0.10586.0_en-us_1053a118ab0e4d80\Microsoft.PackageManagement.MsiProvider.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] 7DA1F6E8E24CF3BA05C44FCAB7E6EA3B
C:\Windows\WinSxS\amd64_microsoft.packagema..owershell.resources_31bf3856ad364e35_10.0.10586.0_en-us_0746d2157d87e1f5\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll --a---- 6144 bytes [19:11 30/10/2015] [19:11 30/10/2015] B226D82AEDD708C3201BD718D6B10F88
C:\Windows\WinSxS\amd64_microsoft.packagema..provider.powershell_31bf3856ad364e35_10.0.10586.0_none_9797c2db9450184c\Microsoft.PackageManagement.MetaProvider.PowerShell.dll --a---- 27712 bytes [07:19 30/10/2015] [08:06 30/10/2015] 617290AE4B5BF3D65683842ABA192633
C:\Windows\WinSxS\amd64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.10586.0_en-us_294cefb8636f437a\Microsoft.PackageManagement.ArchiverProviders.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] AEF0AF542393361345A51A68490AAC9D
C:\Windows\WinSxS\amd64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.10586.0_en-us_ccef1c039a05e115\Microsoft.PackageManagement.CoreProviders.resources.dll --a---- 4608 bytes [19:11 30/10/2015] [19:11 30/10/2015] 5081AFCEBD78F0BEA41D2EC9D4FFD736
C:\Windows\WinSxS\amd64_microsoft.packagema..t.archiverproviders_31bf3856ad364e35_10.0.10586.0_none_566b574de3662ced\Microsoft.PackageManagement.ArchiverProviders.dll --a---- 30722 bytes [07:19 30/10/2015] [08:06 30/10/2015] AFB97C9856E2C11ED7E733DC400651BB
C:\Windows\WinSxS\amd64_microsoft.packagema..uprovider.resources_31bf3856ad364e35_10.0.10586.0_en-us_972453dec5ecd0cc\Microsoft.PackageManagement.MsuProvider.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] 5ED19EC793861202AA17538EC48349C8
C:\Windows\WinSxS\amd64_microsoft.packagemanagement.msiprovider_31bf3856ad364e35_10.0.10586.0_none_5b1fb8d8734fa565\Microsoft.PackageManagement.MsiProvider.dll --a---- 86414 bytes [07:19 30/10/2015] [08:06 30/10/2015] 78A9B79C9AE13F2BBB99BD77917DB607
C:\Windows\WinSxS\amd64_microsoft.packagemanagement.msuprovider_31bf3856ad364e35_10.0.10586.0_none_ca717afd75860b79\Microsoft.PackageManagement.MsuProvider.dll --a---- 6398 bytes [07:19 30/10/2015] [08:06 30/10/2015] 57FFA3624890ACCD69283B985E6F987D
C:\Windows\WinSxS\amd64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.10586.0_en-us_3566177e99b30eba\Microsoft.PackageManagement.resources.dll --a---- 11776 bytes [19:11 30/10/2015] [19:11 30/10/2015] 1341561E02DC1CCD8A771925F064EE59
C:\Windows\WinSxS\amd64_microsoft.packagemanagement_31bf3856ad364e35_10.0.10586.0_none_9f1c22fb4af6babf\Microsoft.PackageManagement.dll --a---- 91320 bytes [07:19 30/10/2015] [08:06 30/10/2015] 8B6FFD94FE6A087194FE25F90F1206A5
C:\Windows\WinSxS\amd64_microsoft.powershel..anagement.resources_31bf3856ad364e35_10.0.10586.0_en-us_87a1fcb65d52bdd5\Microsoft.PowerShell.PackageManagement.resources.dll --a---- 16384 bytes [19:11 30/10/2015] [19:11 30/10/2015] E93A85C4FD9BC1871B9B32218B2E3BF7
C:\Windows\WinSxS\amd64_microsoft.powershell.packagemanagement_31bf3856ad364e35_10.0.10586.0_none_6121373966540a42\Microsoft.PowerShell.PackageManagement.dll --a---- 51148 bytes [07:19 30/10/2015] [08:06 30/10/2015] 5B0540B819341EC0AE985DAFE9A97828
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-p..paces-sso.resources_31bf3856ad364e35_10.0.10586.0_pt-pt_b88f2b940523b946.manifest --a---- 241 bytes [19:10 30/10/2015] [19:10 30/10/2015] 9389FCFDF455F06B8A830233FDCA8E06
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..ement.coreproviders_31bf3856ad364e35_10.0.10586.0_none_92e51eb0725e4a78.manifest --a---- 292 bytes [07:15 30/10/2015] [07:14 30/10/2015] D4C78F6A1CB67BE81BB105B3AA6E915B
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..iprovider.resources_31bf3856ad364e35_10.0.10586.0_en-us_1053a118ab0e4d80.manifest --a---- 397 bytes [19:10 30/10/2015] [19:10 30/10/2015] 189E0F9E4FD78EA24CCC44E4A0FA65A7
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..owershell.resources_31bf3856ad364e35_10.0.10586.0_en-us_0746d2157d87e1f5.manifest --a---- 401 bytes [19:10 30/10/2015] [19:10 30/10/2015] DE8E8E437AC56B1232248DFE12F0E65C
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..provider.powershell_31bf3856ad364e35_10.0.10586.0_none_9797c2db9450184c.manifest --a---- 294 bytes [07:15 30/10/2015] [07:14 30/10/2015] 35BE4163B36AAF4C514385967130528F
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.10586.0_en-us_294cefb8636f437a.manifest --a---- 401 bytes [19:10 30/10/2015] [19:10 30/10/2015] 548E4723BCA611A2DF5E30ACA90AA7F3
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.10586.0_en-us_ccef1c039a05e115.manifest --a---- 398 bytes [19:10 30/10/2015] [19:10 30/10/2015] 9E45BDAB7153C256736408FA19AF7BEA
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..t.archiverproviders_31bf3856ad364e35_10.0.10586.0_none_566b574de3662ced.manifest --a---- 292 bytes [07:15 30/10/2015] [07:14 30/10/2015] B5B4D1B090435C12ABF1A233D68EEC66
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..uprovider.resources_31bf3856ad364e35_10.0.10586.0_en-us_972453dec5ecd0cc.manifest --a---- 396 bytes [19:10 30/10/2015] [19:10 30/10/2015] BD98E9CE28F7EB679A7947B1A914A7A6
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagemanagement.common_31bf3856ad364e35_10.0.10586.0_none_9b433f9c30c303e2.manifest --a---- 511 bytes [07:15 30/10/2015] [07:14 30/10/2015] 0834EC2E2D33179DE31D5E53B84FC271
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagemanagement.msiprovider_31bf3856ad364e35_10.0.10586.0_none_5b1fb8d8734fa565.manifest --a---- 289 bytes [07:15 30/10/2015] [07:14 30/10/2015] 7DCB57CC2D9D21DCC8C6A13FA65134FB
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagemanagement.msuprovider_31bf3856ad364e35_10.0.10586.0_none_ca717afd75860b79.manifest --a---- 289 bytes [07:15 30/10/2015] [07:14 30/10/2015] 550151FC9C7FABF6B265982666D07B66
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.10586.0_en-us_3566177e99b30eba.manifest --a---- 389 bytes [19:10 30/10/2015] [19:10 30/10/2015] 792BBB487880C60A4F69A4EA9707AC60
C:\Windows\WinSxS\Manifests\amd64_microsoft.packagemanagement_31bf3856ad364e35_10.0.10586.0_none_9f1c22fb4af6babf.manifest --a---- 284 bytes [07:15 30/10/2015] [07:14 30/10/2015] F3BB1092AA63C3A9BD4782B96407FFA8
C:\Windows\WinSxS\Manifests\amd64_microsoft.powershell.packagemanagement_31bf3856ad364e35_10.0.10586.0_none_6121373966540a42.manifest --a---- 288 bytes [07:15 30/10/2015] [07:14 30/10/2015] B4F93E8F5747DE9E75278349A2A5BC78
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagema..ement.coreproviders_31bf3856ad364e35_10.0.10586.0_none_9d39c902a6bf0c73.manifest --a---- 295 bytes [07:15 30/10/2015] [07:15 30/10/2015] 1061504F168DA146C737CFD7F36CB3DE
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagema..iprovider.resources_31bf3856ad364e35_10.0.10586.0_en-us_1aa84b6adf6f0f7b.manifest --a---- 405 bytes [19:10 30/10/2015] [19:10 30/10/2015] 444BF2F3FBB39B3486829EC8D594D7A7
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagema..owershell.resources_31bf3856ad364e35_10.0.10586.0_en-us_119b7c67b1e8a3f0.manifest --a---- 409 bytes [19:10 30/10/2015] [19:10 30/10/2015] 6C995544FF772823F3A5AE2E2DA38A4E
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagema..provider.powershell_31bf3856ad364e35_10.0.10586.0_none_a1ec6d2dc8b0da47.manifest --a---- 301 bytes [07:15 30/10/2015] [07:15 30/10/2015] 36F0DB31B51294039989D5BB77CFEAE5
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.10586.0_en-us_33a19a0a97d00575.manifest --a---- 407 bytes [19:10 30/10/2015] [19:10 30/10/2015] 625FE00FB122454B38FFC9B6AF1ED15E
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.10586.0_en-us_d743c655ce66a310.manifest --a---- 406 bytes [19:10 30/10/2015] [19:10 30/10/2015] CE11CB167A952BD87E9890C2992A7233
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagema..t.archiverproviders_31bf3856ad364e35_10.0.10586.0_none_60c001a017c6eee8.manifest --a---- 298 bytes [07:15 30/10/2015] [07:15 30/10/2015] A64A0FB257153234EB9E94B75C7AF0E4
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagema..uprovider.resources_31bf3856ad364e35_10.0.10586.0_en-us_a178fe30fa4d92c7.manifest --a---- 405 bytes [19:10 30/10/2015] [19:10 30/10/2015] 27D5A7C761B7F3DD446922540A605D1E
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagemanagement.common_31bf3856ad364e35_10.0.10586.0_none_a597e9ee6523c5dd.manifest --a---- 516 bytes [07:15 30/10/2015] [07:15 30/10/2015] 7B340B236CFB92B3328D98F31AAC2A09
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagemanagement.msiprovider_31bf3856ad364e35_10.0.10586.0_none_6574632aa7b06760.manifest --a---- 296 bytes [07:15 30/10/2015] [07:15 30/10/2015] 913C7C7FF0AE7AD10237DEE7E5FA0B9E
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagemanagement.msuprovider_31bf3856ad364e35_10.0.10586.0_none_d4c6254fa9e6cd74.manifest --a---- 294 bytes [07:15 30/10/2015] [07:15 30/10/2015] B98CC69FE5C3F13E39BEBADDED3FC75A
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.10586.0_en-us_3fbac1d0ce13d0b5.manifest --a---- 396 bytes [19:10 30/10/2015] [19:10 30/10/2015] 01F93656D7B0126F253A8D5D96D92894
C:\Windows\WinSxS\Manifests\wow64_microsoft.packagemanagement_31bf3856ad364e35_10.0.10586.0_none_a970cd4d7f577cba.manifest --a---- 289 bytes [07:15 30/10/2015] [07:15 30/10/2015] C199F9ECA99C52C0CCEFE4E69A24C999
C:\Windows\WinSxS\Manifests\wow64_microsoft.powershell.packagemanagement_31bf3856ad364e35_10.0.10586.0_none_6b75e18b9ab4cc3d.manifest --a---- 292 bytes [07:15 30/10/2015] [07:15 30/10/2015] 0D8CF0D54794471F18B9E5EE37BF3575
C:\Windows\WinSxS\msil_microsoft.windows.a...commands.resources_31bf3856ad364e35_10.0.10586.0_en-us_100ba71a6cbb9733\Microsoft.Windows.Appx.PackageManager.Commands.Resources.dll --a---- 6656 bytes [19:11 30/10/2015] [19:11 30/10/2015] D18E5BFCA5A03501F58E2C82D2DFFED0
C:\Windows\WinSxS\msil_microsoft.windows.a..agemanager.commands_31bf3856ad364e35_10.0.10586.0_none_115e3d28e9b0f7e4\Microsoft.Windows.Appx.PackageManager.Commands.dll --a---- 52736 bytes [07:17 30/10/2015] [07:17 30/10/2015] 86393703B4D7CEA3D8ABAED46B2DCE2A
C:\Windows\WinSxS\wow64_microsoft.packagema..ement.coreproviders_31bf3856ad364e35_10.0.10586.0_none_9d39c902a6bf0c73\Microsoft.PackageManagement.CoreProviders.dll --a---- 22604 bytes [07:19 30/10/2015] [08:06 30/10/2015] FA3536008046FB81AA75F5A07CAF5269
C:\Windows\WinSxS\wow64_microsoft.packagema..iprovider.resources_31bf3856ad364e35_10.0.10586.0_en-us_1aa84b6adf6f0f7b\Microsoft.PackageManagement.MsiProvider.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] EBE7BDDBFDF3A7E86911780103D7EA05
C:\Windows\WinSxS\wow64_microsoft.packagema..owershell.resources_31bf3856ad364e35_10.0.10586.0_en-us_119b7c67b1e8a3f0\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll --a---- 6144 bytes [19:11 30/10/2015] [19:11 30/10/2015] 19C24AB938A8A5533B06671CDFCF15C5
C:\Windows\WinSxS\wow64_microsoft.packagema..provider.powershell_31bf3856ad364e35_10.0.10586.0_none_a1ec6d2dc8b0da47\Microsoft.PackageManagement.MetaProvider.PowerShell.dll --a---- 27710 bytes [07:19 30/10/2015] [08:06 30/10/2015] 93D0ED2A9232AA348DB2C3C43BC9DDBE
C:\Windows\WinSxS\wow64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.10586.0_en-us_33a19a0a97d00575\Microsoft.PackageManagement.ArchiverProviders.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] C3F82473A143DC52746F68616AD71FDD
C:\Windows\WinSxS\wow64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.10586.0_en-us_d743c655ce66a310\Microsoft.PackageManagement.CoreProviders.resources.dll --a---- 4608 bytes [19:11 30/10/2015] [19:11 30/10/2015] 01C74F2CF010B813F5373229C60848DE
C:\Windows\WinSxS\wow64_microsoft.packagema..t.archiverproviders_31bf3856ad364e35_10.0.10586.0_none_60c001a017c6eee8\Microsoft.PackageManagement.ArchiverProviders.dll --a---- 30702 bytes [07:19 30/10/2015] [08:06 30/10/2015] F6C11DCDC8895EAA3DCE2441EA46808D
C:\Windows\WinSxS\wow64_microsoft.packagema..uprovider.resources_31bf3856ad364e35_10.0.10586.0_en-us_a178fe30fa4d92c7\Microsoft.PackageManagement.MsuProvider.resources.dll --a---- 4096 bytes [19:11 30/10/2015] [19:11 30/10/2015] 35E3C9116A69476BE38B462ED35439D2
C:\Windows\WinSxS\wow64_microsoft.packagemanagement.msiprovider_31bf3856ad364e35_10.0.10586.0_none_6574632aa7b06760\Microsoft.PackageManagement.MsiProvider.dll --a---- 86548 bytes [07:19 30/10/2015] [08:06 30/10/2015] 9A965A0FCB0D8C6AEEFFC186B41CB9C0
C:\Windows\WinSxS\wow64_microsoft.packagemanagement.msuprovider_31bf3856ad364e35_10.0.10586.0_none_d4c6254fa9e6cd74\Microsoft.PackageManagement.MsuProvider.dll --a---- 6400 bytes [07:19 30/10/2015] [08:06 30/10/2015] 31EDE28B0C70162F03D90935E8265C2E
C:\Windows\WinSxS\wow64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.10586.0_en-us_3fbac1d0ce13d0b5\Microsoft.PackageManagement.resources.dll --a---- 11776 bytes [19:11 30/10/2015] [19:11 30/10/2015] 691EC0028501AE66F9C142C69DEE86CB
C:\Windows\WinSxS\wow64_microsoft.packagemanagement_31bf3856ad364e35_10.0.10586.0_none_a970cd4d7f577cba\Microsoft.PackageManagement.dll --a---- 91278 bytes [07:19 30/10/2015] [08:06 30/10/2015] 50A3BD9353ED14622BD5C9E67006153D
C:\Windows\WinSxS\wow64_microsoft.powershel..anagement.resources_31bf3856ad364e35_10.0.10586.0_en-us_91f6a70891b37fd0\Microsoft.PowerShell.PackageManagement.resources.dll --a---- 16384 bytes [19:11 30/10/2015] [19:11 30/10/2015] C78F9F1DC15C5A25090F100297562505
C:\Windows\WinSxS\wow64_microsoft.powershell.packagemanagement_31bf3856ad364e35_10.0.10586.0_none_6b75e18b9ab4cc3d\Microsoft.PowerShell.PackageManagement.dll --a---- 51140 bytes [07:19 30/10/2015] [08:06 30/10/2015] C717C2CB5B2BDBA813C42C3FA341D13B
 
Searching for "*proxy.txt"
No files found.
 
-= EOF =-
 
And TDSSKiller found nothing.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 18 May 2016 - 10:34 AM

---

Please go to one of the below sites to scan the following file(s):
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the following file(s) for analysis:

C:\Program Files (x86)\Common Files\InstallShield\updateservice\ISUSPM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\MRT.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

---

advanced-startup-options-boot-windows-10

Check under "System Restore" which restore points are available please.

Is this Restore Point still available: 08-05-2016 12:16:23 Installed Pdfedit

Are there any older restore points?

---

Do you have a backup image of your system drive?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 bfsreis

bfsreis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 18 May 2016 - 11:18 AM

C:\Program Files (x86)\Common Files\InstallShield\updateservice\ISUSPM.exe

https://www.virustotal.com/pt/file/ac8eb654b491c3c321938307893469a1a78067e828981f2269093517cf158a9d/analysis/1463588017/

 

I think we finnaly found the culprit.

 

I scanned the file with MBAM and this time it appearead as malware:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data da Verificação: 18-05-2016
Hora da Verificação: 17:14
Ficheiro de Relatório: a.txt
Administrador: Sim
 
Versão: 2.2.1.1043
Base de Dados de Malware: v2016.05.18.05
Base de dados de Rootkits: v2016.05.06.01
Licença: Versão de Avaliação Grátis
Proteção contra Malware: Ativado
Proteção contra Websites Maliciosos: Ativado
Autoproteção: Desativado
 
SO: Windows 10
CPU: x64
Sistema de Ficheiros: NTFS
Utilizador: B
 
Tipo de Verificação: Verificação de Ameaças
Resultado: Concluída
Objetos Verificados: 1
Tempo Decorrido: 0 min, 30 s
 
Memória: Desativado
Arranque: Desativado
Sistema de Ficheiros: Ativado
Arquivos: Ativado
Rootkits: Desativado
Heurísticos: Ativado
PPI: Ativado
MPI: Ativado
 
Processos: 0
(Nenhum item malicioso detetado)
 
Módulos: 0
(Nenhum item malicioso detetado)
 
Chaves de Registo: 0
(Nenhum item malicioso detetado)
 
Valores de Registo: 0
(Nenhum item malicioso detetado)
 
Dados de Registo: 0
(Nenhum item malicioso detetado)
 
Pastas: 0
(Nenhum item malicioso detetado)
 
Ficheiros: 1
Hijack.AutoConfigURL.PrxySvrRST, C:\Program Files (x86)\Common Files\InstallShield\updateservice\ISUSPM.exe, Movido para Quarentena, [c895488fe0b910261189795a847d6997], 
 
Sectores Físicos: 0
(Nenhum item malicioso detetado)
 
 
(end)
 
I will submitt the others to VT too.


#15 bfsreis

bfsreis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 18 May 2016 - 11:25 AM

All others ok, but I couldn´t find C:\WINDOWS\system32\MRT.exe






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users