Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC was unauthorized remotely and exe's files installed. Keylogger installed?


  • Please log in to reply
8 replies to this topic

#1 coppo808

coppo808

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 16 June 2016 - 02:17 PM

Hello,

 

My Laptop was remotely accessed"unauthorized and I believe up to 7 files were installed, although I do not know what they were and can not find them.

.

The next day my bank info was compromised and I started receiving phone calls and text messages, possible keylogger or remote access still on my PC? 

 

Here is my log as an attached file

Attached Files

  • Attached File  FRST.txt   68.04KB   12 downloads


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:25 PM

Posted 18 June 2016 - 08:11 AM

​Hi,

​I see you have already run several tools. when you ran FRST it produced another log called addition.txt that you can find in the same location you have FRST. Can you post that log. We will also get another tool to use.

​Usually Iam only on line once or twice per day so you may not get a response back from me until the following day.

​Download TDSSKiller (exe or zip version) and save it to your desktop.

http://www.bleepingcomputer.com/download/tdsskiller/

    Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    Accept the EULA and KSN statement to continue the install
    Click the SCAN button to start.
    If an infected file is detected, the default action will be Cure, click on Continue.
    If a suspicious file is detected, the default action will be Skip, click on Continue.
    It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    If no reboot is required or no threats found click on Report. A log file should appear. Please copy and paste the contents  in your reply.
    If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of     TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


How Can I Reduce My Risk to Malware?


#3 coppo808

coppo808
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 June 2016 - 09:02 AM

Hi, 

Thanks for the response Shelf Life, 

Below is the logs you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016
Ran by PC (administrator) on MSI (16-06-2016 14:58:26)
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\PC\AppData\Local\Temp\ocr9838.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\PC\AppData\Local\Temp\ocr9C3F.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe
(Trend Micro Inc.) C:\Users\PC\Downloads\HijackThis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\PC\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-23] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [3724528 2015-06-25] (Portrait Displays, Inc.)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-08-13] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [299520 2015-07-15] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKU\S-1-5-21-2114048596-64351187-3200806156-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2114048596-64351187-3200806156-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1c82ffb-8406-45b9-9dfc-3f7e0efbca59}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d390f93b-ac29-41e3-818c-3b33c05f282c}: [NameServer] 10.0.0.1
Tcpip\..\Interfaces\{d390f93b-ac29-41e3-818c-3b33c05f282c}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{ee2147d8-1dc2-40da-ba60-ed6882b040c2}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2114048596-64351187-3200806156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000
SearchScopes: HKU\S-1-5-21-2114048596-64351187-3200806156-1001 -> {6D62A92F-E1B1-4165-BC9A-DA5EE03316F5} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-01-13] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-26] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-26] (LastPass)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-26] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-26] (LastPass)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wj42i1hu.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF Homepage: Google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-26] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-26] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-01-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Disconnect - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wj42i1hu.default\extensions\2.0@disconnect.me.xpi [2016-04-28]
FF Extension: LastPass - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wj42i1hu.default\Extensions\support@lastpass.com [2016-06-16]
FF Extension: Adblock Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wj42i1hu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-02-02] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.iptorrents.com/t"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-26]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-26]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-01]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-26]
CHR Extension: (WebRTC Leak Prevent) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2016-04-04]
CHR Extension: (HTTPS Everywhere) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-06-10]
CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-12]
CHR Extension: (Disconnect) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [621472 2016-02-24] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-26] (Dropbox, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [164968 2016-02-27] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2016-02-24] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [413696 2015-07-07] (Rivet Networks) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-07-15] (Micro-Star International Co., Ltd.) [File not signed]
R2 MsiTrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [175344 2015-06-25] (Portrait Displays, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2016-02-27] (Synaptics Incorporated)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-12] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-04-27] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-04-27] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-04-27] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-27] (REALiX™)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [300304 2016-02-27] (Intel Corporation)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-04-27] (Bitdefender)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162456 2016-04-23] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185896 2016-04-23] (Intel Corporation)
S3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6711048 2016-02-27] (Intel Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7135504 2016-04-23] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [28344 2016-01-19] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2016-04-01] (Realsil Semiconductor Corporation)
R3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2016-02-28] (SpeedJet Technology INC.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42160 2016-02-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42600 2016-04-01] (Synaptics Incorporated)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2015-10-02] (SteelSeries ApS)
S3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2016-02-23] (SteelSeries ApS)
S3 ssps2; C:\Windows\System32\drivers\ssps2.sys [32848 2016-02-02] (SteelSeries ApS)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [33376 2016-01-08] (DEVGURU Co., LTD.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-04-27] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2015-10-30] (Microsoft Corporation)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2016-01-19] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [198248 2016-02-26] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-16 14:56 - 2016-06-16 14:56 - 02386944 _____ (Farbar) C:\Users\PC\Downloads\FRST64 (1).exe
2016-06-16 14:39 - 2016-06-16 14:39 - 00388608 _____ (Trend Micro Inc.) C:\Users\PC\Downloads\HijackThis (1).exe
2016-06-16 14:34 - 2016-06-16 14:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\PC\Downloads\HijackThis.exe
2016-06-16 14:34 - 2016-06-16 14:34 - 00004191 _____ C:\Users\PC\Downloads\startuplist.txt
2016-06-16 13:49 - 2016-06-16 13:49 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-16 13:49 - 2016-06-16 13:49 - 00001226 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-16 13:47 - 2016-06-16 13:47 - 00242136 _____ C:\Users\PC\Downloads\Firefox Setup Stub 47.0.exe
2016-06-16 13:38 - 2016-06-16 13:38 - 19936840 _____ C:\Users\PC\Downloads\RogueKiller.exe
2016-06-16 13:32 - 2016-06-16 13:38 - 00000000 ____D C:\Users\PC\Desktop\mbar
2016-06-16 13:32 - 2016-06-16 13:32 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PC\Downloads\mbar-1.09.3.1001 (1).exe
2016-06-16 13:28 - 2016-06-16 13:28 - 00034440 _____ C:\Users\PC\Downloads\Addition.txt
2016-06-16 13:27 - 2016-06-16 14:58 - 00026730 _____ C:\Users\PC\Downloads\FRST.txt
2016-06-16 13:27 - 2016-06-16 14:58 - 00000000 ____D C:\FRST
2016-06-16 13:27 - 2016-06-16 13:27 - 02386944 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2016-06-16 13:26 - 2016-06-16 13:26 - 01736192 _____ (Farbar) C:\Users\PC\Downloads\FRST.exe
2016-06-16 13:24 - 2016-06-16 13:24 - 05659224 _____ (Swearware) C:\Users\PC\Downloads\ComboFix.exe
2016-06-16 13:10 - 2016-06-16 13:10 - 01610816 _____ (Malwarebytes) C:\Users\PC\Downloads\JRT.exe
2016-06-16 12:59 - 2016-06-16 13:03 - 00000000 ____D C:\AdwCleaner
2016-06-16 12:59 - 2016-06-16 12:59 - 03703360 _____ C:\Users\PC\Downloads\adwcleaner_5.200.exe
2016-06-15 21:35 - 2016-06-15 21:35 - 00000000 ___HD C:\OneDriveTemp
2016-06-15 21:28 - 2016-06-16 13:03 - 00000022 _____ C:\WINDOWS\S.dirmngr
2016-06-15 13:52 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 13:52 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 13:52 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 13:52 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 13:52 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 13:52 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 13:52 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 13:52 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 13:52 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 13:52 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 13:52 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 13:52 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 13:52 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 13:52 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 13:52 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 13:52 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 13:52 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 13:52 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 13:52 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 13:52 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 13:52 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 13:52 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 13:52 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 13:52 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 13:52 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 13:52 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 13:52 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 13:52 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 13:52 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 13:52 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 13:52 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 13:52 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 13:52 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 13:52 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 13:52 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 13:52 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 13:52 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 13:52 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 13:52 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 13:52 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 13:52 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 13:52 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 13:52 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 13:52 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 13:52 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 13:52 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 13:52 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 13:52 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 13:52 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 13:52 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 13:52 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 13:52 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 13:52 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 13:52 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 13:52 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 13:52 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 13:52 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 13:52 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 13:52 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 13:52 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 13:52 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 13:52 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 13:52 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 13:52 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 13:52 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 13:52 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 13:52 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 13:52 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 13:52 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 13:52 - 2016-05-28 00:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-15 13:52 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 13:52 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 13:52 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 13:52 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 13:52 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 13:52 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 13:52 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 13:52 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 13:52 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 13:52 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 13:52 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 13:52 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 13:52 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 13:52 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 13:52 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 13:52 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 13:52 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 13:52 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 13:52 - 2016-05-28 00:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-15 13:52 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 13:52 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 13:52 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 13:52 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 13:52 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 13:52 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 13:52 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 13:52 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 13:52 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 13:52 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 13:52 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 13:52 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 13:52 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 13:52 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 13:52 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 13:52 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 13:52 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 13:52 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 13:52 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 13:52 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 13:52 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 13:52 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 13:52 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 13:52 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 13:52 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 13:52 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 13:52 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 13:52 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 13:52 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 13:52 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 13:52 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 13:52 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 13:52 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 13:52 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 13:52 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 13:52 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 13:52 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 13:52 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 13:52 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 13:52 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 13:52 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 13:52 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 13:52 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 13:52 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 13:52 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 13:52 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 13:52 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 13:52 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 13:52 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 13:52 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 13:52 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 13:52 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 13:52 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 13:52 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 13:52 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 13:52 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 13:52 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 13:52 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 13:51 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 13:51 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 13:51 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 13:51 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 13:51 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 13:51 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 13:51 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 13:51 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 13:51 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 13:51 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 13:51 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 13:51 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 13:51 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 13:51 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 13:51 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 13:51 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 13:51 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 13:51 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 13:51 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 13:51 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 13:51 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 13:51 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 13:51 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-15 13:51 - 2016-05-28 00:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-15 13:51 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 13:51 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 13:51 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 13:51 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 13:51 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 13:51 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 13:51 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 13:51 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 13:51 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 13:51 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 13:51 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 13:51 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 13:51 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 13:51 - 2016-05-28 00:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-15 13:51 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 13:51 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 13:51 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 13:51 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 13:51 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 13:51 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 13:51 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 13:51 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 13:51 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 13:51 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 13:51 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 13:51 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 13:51 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 13:51 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 13:51 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 13:51 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 13:51 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 13:51 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 13:51 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 13:51 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 13:51 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 13:51 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 13:51 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-15 13:51 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-15 13:51 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 13:51 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 13:51 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 13:51 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 13:51 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 13:51 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 13:51 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 13:51 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 13:51 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 13:51 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 13:51 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 13:51 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 13:51 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 35115968 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 31641656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 25404864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 21812056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 21355464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 20375488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 18151128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 17746664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 17729184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 17432544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 14462536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 10643240 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 08733792 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 02844608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 02470336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 01920960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436839.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436839.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00983488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00910392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00787384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00769984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00707520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00669952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00565208 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00379808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00316632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00177952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00155768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-06-12 21:03 - 2016-06-03 03:22 - 00000594 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-06-12 21:03 - 2016-06-03 03:22 - 00000594 _____ C:\WINDOWS\system32\nv-vk64.json
2016-06-12 20:47 - 2016-06-12 20:47 - 05776144 _____ (Adobe Systems Inc.) C:\Users\PC\Downloads\Shockwave_Installer_Slim.exe
2016-06-12 20:47 - 2016-06-12 20:47 - 00089525 _____ C:\Users\PC\Downloads\dir (1).dcr
2016-06-04 14:26 - 2016-06-04 14:26 - 00066216 _____ C:\Users\PC\Downloads\correspondence.pdf
2016-06-03 20:32 - 2016-06-03 20:32 - 00000000 ____D C:\Users\PC\Documents\SideSync
2016-06-03 20:32 - 2016-06-03 20:32 - 00000000 ____D C:\Users\PC\AppData\Roaming\Samsung
2016-06-03 20:32 - 2016-06-03 20:32 - 00000000 ____D C:\Program Files\Samsung
2016-06-03 20:32 - 2016-01-08 04:51 - 01490656 ____N (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2016-06-03 20:32 - 2016-01-08 04:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-06-03 20:32 - 2016-01-08 04:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-06-03 20:32 - 2016-01-08 04:51 - 00033376 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\ss_conn_usb_driver.sys
2016-06-03 20:31 - 2016-06-03 20:31 - 00000000 ____D C:\ProgramData\Samsung
2016-06-03 20:31 - 2016-06-03 20:31 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-06-03 15:12 - 2016-06-03 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-01 18:40 - 2016-06-01 18:41 - 00000000 ____D C:\Users\PC\VirtualBox VMs
2016-06-01 18:21 - 2016-06-01 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-06-01 18:21 - 2016-06-01 18:21 - 00000000 ____D C:\Program Files\Oracle
2016-06-01 18:21 - 2016-04-28 15:05 - 00916520 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2016-06-01 18:21 - 2016-04-28 15:05 - 00143568 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-06-01 00:00 - 2016-06-01 00:00 - 00003240 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2016-06-01 00:00 - 2016-06-01 00:00 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2016-05-28 19:41 - 2016-05-28 19:41 - 00003162 _____ C:\Users\PC\AppData\Local\recently-used.xbel
2016-05-27 20:21 - 2016-05-27 20:21 - 00005596 _____ C:\Users\PC\Downloads\smime.p7s
2016-05-27 20:20 - 2016-05-27 20:20 - 01504673 _____ C:\Users\PC\Downloads\CG_719B copy.pdf
2016-05-27 16:53 - 2016-05-27 16:53 - 00081127 _____ C:\Users\PC\Downloads\AIG Identity Theft and Fraud Claim Form.pdf
2016-05-27 15:30 - 2016-06-02 23:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-27 15:30 - 2016-05-27 15:30 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-27 15:30 - 2016-05-27 15:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-25 16:42 - 2016-06-09 06:42 - 00000000 ____D C:\Users\PC\Desktop\New folder
2016-05-24 14:37 - 2016-05-24 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-05-24 14:37 - 2016-05-24 14:37 - 00000000 ____D C:\ProgramData\Auslogics
2016-05-24 14:37 - 2016-05-24 14:37 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-05-21 17:20 - 2016-05-21 17:20 - 00000885 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2016-05-21 16:38 - 2016-06-12 07:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-21 16:38 - 2016-05-21 17:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-21 15:09 - 2016-05-21 15:12 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2016-05-19 07:55 - 2016-05-10 00:05 - 01924152 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436519.dll
2016-05-19 07:55 - 2016-05-10 00:05 - 01573432 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436519.dll
2016-05-19 07:45 - 2016-05-19 07:45 - 00816616 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2016-05-19 07:44 - 2016-02-27 16:09 - 00300304 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-16 14:58 - 2016-02-28 13:48 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-16 14:56 - 2016-02-26 11:51 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-16 14:40 - 2016-02-26 09:19 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-16 14:37 - 2016-02-26 04:47 - 00000000 ____D C:\Users\PC\AppData\LocalLow\LastPass
2016-06-16 14:37 - 2016-02-26 02:25 - 00000000 ____D C:\Users\PC\AppData\Local\VirtualStore
2016-06-16 14:35 - 2016-03-18 15:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-16 14:08 - 2016-02-26 03:33 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2016-06-16 13:49 - 2016-05-07 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-16 13:49 - 2016-02-26 04:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-16 13:46 - 2016-02-26 04:04 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 13:11 - 2016-02-27 15:58 - 00000000 ____D C:\Users\PC\AppData\Roaming\IObit
2016-06-16 13:11 - 2016-02-27 15:58 - 00000000 ____D C:\ProgramData\IObit
2016-06-16 13:11 - 2016-02-26 02:30 - 00000000 ___RD C:\Users\PC\OneDrive
2016-06-16 13:10 - 2016-02-26 11:55 - 00000000 ___RD C:\Users\PC\Dropbox
2016-06-16 13:10 - 2016-02-26 04:06 - 00000000 ____D C:\WINDOWS\INF
2016-06-16 13:10 - 2015-07-17 12:12 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-16 13:04 - 2016-02-28 13:48 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-16 13:04 - 2016-02-26 11:51 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-16 13:04 - 2016-02-26 09:39 - 00000258 _____ C:\WINDOWS\Tasks\CCleanerClean.job
2016-06-16 13:04 - 2016-02-26 04:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-16 13:04 - 2016-02-26 02:25 - 00000000 __SHD C:\Users\PC\IntelGraphicsProfiles
2016-06-16 13:03 - 2016-04-23 04:20 - 00016071 _____ C:\bdlog.txt
2016-06-16 13:03 - 2016-02-26 04:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-16 13:03 - 2016-02-26 03:33 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-06-16 12:54 - 2016-02-26 04:35 - 00000000 ____D C:\Users\PC\AppData\Roaming\qBittorrent
2016-06-16 08:02 - 2016-02-26 04:07 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-16 08:02 - 2016-02-26 04:07 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-15 21:28 - 2016-02-26 02:25 - 00000000 ____D C:\Users\PC
2016-06-15 21:27 - 2016-02-26 04:07 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-15 21:27 - 2016-02-26 04:07 - 00000000 ____D C:\WINDOWS\system32\DiagSvcs
2016-06-15 21:27 - 2016-02-26 04:07 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-15 20:46 - 2016-02-26 12:02 - 00000000 ____D C:\Users\PC\AppData\Roaming\gnupg
2016-06-14 14:33 - 2016-02-26 04:07 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2016-02-26 04:07 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-12 21:04 - 2016-05-02 09:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-12 21:04 - 2016-02-26 04:37 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-12 20:56 - 2016-02-26 09:39 - 00002650 _____ C:\WINDOWS\System32\Tasks\CCleanerClean
2016-06-12 17:03 - 2016-04-04 04:06 - 00000000 ____D C:\Users\PC\.VirtualBox
2016-06-11 18:37 - 2016-05-01 15:33 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2016-06-08 17:59 - 2016-02-28 13:48 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 17:17 - 2016-02-26 10:20 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-04 11:36 - 2016-03-03 00:29 - 00000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2016-06-04 11:36 - 2016-02-26 04:07 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-06-03 20:51 - 2016-02-24 23:15 - 13553096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-06-03 15:13 - 2016-02-26 11:51 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-03 03:22 - 2016-03-02 09:27 - 03371624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-06-03 03:22 - 2016-02-24 23:15 - 03811256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-06-03 03:22 - 2016-02-24 23:15 - 00040084 _____ C:\WINDOWS\system32\nvinfo.pb
2016-06-02 23:59 - 2016-02-26 04:37 - 06452948 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-06-02 23:59 - 2016-02-26 04:37 - 06364216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-06-02 23:59 - 2016-02-26 04:37 - 02455608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-06-02 23:59 - 2016-02-26 04:37 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-06-02 23:59 - 2016-02-26 04:37 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-06-02 23:59 - 2016-02-26 04:37 - 00534072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-06-02 23:59 - 2016-02-26 04:37 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-06-02 23:59 - 2016-02-26 04:37 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-06-02 23:59 - 2016-02-26 04:37 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-06-01 00:14 - 2016-02-26 05:47 - 00000000 ____D C:\Program Files\pia_manager
2016-05-31 22:21 - 2016-02-26 04:07 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-31 12:49 - 2016-02-26 02:25 - 00000000 ____D C:\Users\PC\AppData\Local\Packages
2016-05-28 19:04 - 2016-02-26 12:04 - 00000000 ____D C:\Users\PC\AppData\Local\gtk-2.0
2016-05-28 01:55 - 2016-02-26 04:46 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-05-27 15:43 - 2016-02-29 19:44 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Adobe
2016-05-27 15:43 - 2016-02-29 19:39 - 00000000 ____D C:\Users\PC\AppData\Local\Adobe
2016-05-27 15:43 - 2016-02-26 02:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\Adobe
2016-05-27 15:30 - 2016-02-29 19:38 - 00000000 ____D C:\ProgramData\Adobe
2016-05-21 16:37 - 2016-02-26 09:12 - 00000000 ____D C:\Program Files\CCleaner
2016-05-18 14:32 - 2016-02-26 02:30 - 00002364 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2016-02-26 04:47 - 2016-02-26 04:47 - 21405208 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-05-28 19:41 - 2016-05-28 19:41 - 0003162 _____ () C:\Users\PC\AppData\Local\recently-used.xbel
2016-02-26 04:36 - 2016-02-26 04:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-12 20:18
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
10:00:55.0791 0x1b34  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
10:00:55.0791 0x1b34  UEFI system
10:01:02.0930 0x1b34  ============================================================
10:01:02.0930 0x1b34  Current date / time: 2016/06/18 10:01:02.0930
10:01:02.0930 0x1b34  SystemInfo:
10:01:02.0930 0x1b34  
10:01:02.0930 0x1b34  OS Version: 10.0.10586 ServicePack: 0.0
10:01:02.0930 0x1b34  Product type: Workstation
10:01:02.0930 0x1b34  ComputerName: MSI
10:01:02.0930 0x1b34  UserName: PC
10:01:02.0930 0x1b34  Windows directory: C:\WINDOWS
10:01:02.0930 0x1b34  System windows directory: C:\WINDOWS
10:01:02.0930 0x1b34  Running under WOW64
10:01:02.0930 0x1b34  Processor architecture: Intel x64
10:01:02.0930 0x1b34  Number of processors: 8
10:01:02.0930 0x1b34  Page size: 0x1000
10:01:02.0930 0x1b34  Boot type: Normal boot
10:01:02.0930 0x1b34  ============================================================
10:01:03.0198 0x1b34  KLMD registered as C:\WINDOWS\system32\drivers\55811419.sys
10:01:03.0382 0x1b34  System UUID: {5194BFB5-7E7C-1365-90E0-96436F8A7E21}
10:01:03.0679 0x1b34  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:01:03.0957 0x1b34  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:01:03.0962 0x1b34  ============================================================
10:01:03.0962 0x1b34  \Device\Harddisk0\DR0:
10:01:03.0962 0x1b34  GPT partitions:
10:01:03.0962 0x1b34  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3740CE9A-4614-44FA-BED1-CC3FAF074BA3}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
10:01:03.0963 0x1b34  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {BE16E004-74F4-4225-A88D-6882FA122ADC}, Name: Microsoft reserved partition, StartLBA 0x96800, BlocksNum 0x40000
10:01:03.0963 0x1b34  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {4F093B44-4A87-4698-879E-6B80F7AC91EC}, Name: Basic data partition, StartLBA 0xD6800, BlocksNum 0xEA5A002
10:01:03.0963 0x1b34  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {18F62E1A-9B5F-4186-A231-39331FFF31AF}, Name: , StartLBA 0xEB31000, BlocksNum 0x189000
10:01:03.0963 0x1b34  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {CBCC991D-9990-49EF-A843-F58ED0987529}, Name: Basic data partition, StartLBA 0xECBA000, BlocksNum 0x1C2000
10:01:03.0963 0x1b34  MBR partitions:
10:01:03.0963 0x1b34  \Device\Harddisk1\DR1:
10:01:03.0963 0x1b34  GPT partitions:
10:01:03.0963 0x1b34  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {99325468-F17F-407E-AB47-FD89D668098E}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x71E48800
10:01:03.0963 0x1b34  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7B8349D8-6DBF-4642-A69C-7C62341ADEF9}, Name: Basic data partition, StartLBA 0x71E49000, BlocksNum 0x28BD800
10:01:03.0963 0x1b34  MBR partitions:
10:01:03.0963 0x1b34  ============================================================
10:01:03.0964 0x1b34  Initialize success
10:01:03.0964 0x1b34  ============================================================
10:01:06.0341 0x2298  ============================================================
10:01:06.0341 0x2298  Scan started
10:01:06.0341 0x2298  Mode: Manual; 
10:01:06.0341 0x2298  ============================================================
10:01:06.0341 0x2298  KSN ping started
10:01:06.0529 0x2298  KSN ping finished: true
10:01:06.0578 0x2298  ================ Scan system memory ========================
10:01:06.0578 0x2298  System memory - ok
10:01:06.0578 0x2298  ================ Scan services =============================
10:01:06.0585 0x2298  1394ohci - ok
10:01:06.0587 0x2298  3ware - ok
10:01:06.0591 0x2298  ACPI - ok
10:01:06.0593 0x2298  acpiex - ok
10:01:06.0595 0x2298  acpipagr - ok
10:01:06.0596 0x2298  AcpiPmi - ok
10:01:06.0598 0x2298  acpitime - ok
10:01:06.0600 0x2298  AdobeARMservice - ok
10:01:06.0606 0x2298  AdobeFlashPlayerUpdateSvc - ok
10:01:06.0611 0x2298  ADP80XX - ok
10:01:06.0614 0x2298  AFD - ok
10:01:06.0616 0x2298  agp440 - ok
10:01:06.0618 0x2298  ahcache - ok
10:01:06.0620 0x2298  AJRouter - ok
10:01:06.0622 0x2298  ALG - ok
10:01:06.0625 0x2298  AmdK8 - ok
10:01:06.0627 0x2298  AmdPPM - ok
10:01:06.0629 0x2298  amdsata - ok
10:01:06.0631 0x2298  amdsbs - ok
10:01:06.0633 0x2298  amdxata - ok
10:01:06.0635 0x2298  AppID - ok
10:01:06.0637 0x2298  AppIDSvc - ok
10:01:06.0640 0x2298  Appinfo - ok
10:01:06.0645 0x2298  AppMgmt - ok
10:01:06.0648 0x2298  AppReadiness - ok
10:01:06.0650 0x2298  AppXSvc - ok
10:01:06.0652 0x2298  arcsas - ok
10:01:06.0655 0x2298  asmthub3 - ok
10:01:06.0657 0x2298  asmtxhci - ok
10:01:06.0659 0x2298  AsyncMac - ok
10:01:06.0661 0x2298  atapi - ok
10:01:06.0663 0x2298  AudioEndpointBuilder - ok
10:01:06.0665 0x2298  Audiosrv - ok
10:01:06.0667 0x2298  avc3 - ok
10:01:06.0669 0x2298  avckf - ok
10:01:06.0671 0x2298  AxInstSV - ok
10:01:06.0676 0x2298  b06bdrv - ok
10:01:06.0678 0x2298  BasicDisplay - ok
10:01:06.0680 0x2298  BasicRender - ok
10:01:06.0685 0x2298  bcmfn - ok
10:01:06.0690 0x2298  bcmfn2 - ok
10:01:06.0693 0x2298  bdelam - ok
10:01:06.0695 0x2298  BDESVC - ok
10:01:06.0697 0x2298  bdfwfpf - ok
10:01:06.0700 0x2298  BDVEDISK - ok
10:01:06.0701 0x2298  Beep - ok
10:01:06.0703 0x2298  BFE - ok
10:01:06.0705 0x2298  BfLwf - ok
10:01:06.0710 0x2298  BITS - ok
10:01:06.0713 0x2298  bowser - ok
10:01:06.0715 0x2298  BrokerInfrastructure - ok
10:01:06.0716 0x2298  Browser - ok
10:01:06.0719 0x2298  BthAvrcpTg - ok
10:01:06.0720 0x2298  BthEnum - ok
10:01:06.0723 0x2298  BthHFEnum - ok
10:01:06.0725 0x2298  bthhfhid - ok
10:01:06.0727 0x2298  BthHFSrv - ok
10:01:06.0729 0x2298  BthLEEnum - ok
10:01:06.0732 0x2298  BTHMODEM - ok
10:01:06.0734 0x2298  BthPan - ok
10:01:06.0736 0x2298  BTHPORT - ok
10:01:06.0738 0x2298  bthserv - ok
10:01:06.0741 0x2298  BTHUSB - ok
10:01:06.0743 0x2298  buttonconverter - ok
10:01:06.0745 0x2298  CapImg - ok
10:01:06.0747 0x2298  cdfs - ok
10:01:06.0749 0x2298  CDPSvc - ok
10:01:06.0750 0x2298  cdrom - ok
10:01:06.0753 0x2298  CertPropSvc - ok
10:01:06.0755 0x2298  circlass - ok
10:01:06.0758 0x2298  CLFS - ok
10:01:06.0760 0x2298  ClipSVC - ok
10:01:06.0766 0x2298  CmBatt - ok
10:01:06.0768 0x2298  CNG - ok
10:01:06.0773 0x2298  cnghwassist - ok
10:01:06.0776 0x2298  CompositeBus - ok
10:01:06.0778 0x2298  COMSysApp - ok
10:01:06.0780 0x2298  condrv - ok
10:01:06.0782 0x2298  CoreMessagingRegistrar - ok
10:01:06.0785 0x2298  cphs - ok
10:01:06.0787 0x2298  cplspcon - ok
10:01:06.0791 0x2298  CryptSvc - ok
10:01:06.0792 0x2298  CSC - ok
10:01:06.0794 0x2298  CscService - ok
10:01:06.0796 0x2298  dam - ok
10:01:06.0799 0x2298  dbupdate - ok
10:01:06.0801 0x2298  dbupdatem - ok
10:01:06.0804 0x2298  DcomLaunch - ok
10:01:06.0809 0x2298  DcpSvc - ok
10:01:06.0812 0x2298  defragsvc - ok
10:01:06.0814 0x2298  DeviceAssociationService - ok
10:01:06.0816 0x2298  DeviceInstall - ok
10:01:06.0818 0x2298  DevQueryBroker - ok
10:01:06.0820 0x2298  Dfsc - ok
10:01:06.0823 0x2298  dg_ssudbus - ok
10:01:06.0825 0x2298  Dhcp - ok
10:01:06.0827 0x2298  diagnosticshub.standardcollector.service - ok
10:01:06.0830 0x2298  DirMngr - ok
10:01:06.0833 0x2298  disk - ok
10:01:06.0835 0x2298  DmEnrollmentSvc - ok
10:01:06.0837 0x2298  dmvsc - ok
10:01:06.0840 0x2298  dmwappushservice - ok
10:01:06.0843 0x2298  Dnscache - ok
10:01:06.0847 0x2298  dot3svc - ok
10:01:06.0849 0x2298  DPS - ok
10:01:06.0852 0x2298  drmkaud - ok
10:01:06.0854 0x2298  DsmSvc - ok
10:01:06.0858 0x2298  DsSvc - ok
10:01:06.0860 0x2298  DXGKrnl - ok
10:01:06.0862 0x2298  Eaphost - ok
10:01:06.0864 0x2298  ebdrv - ok
10:01:06.0867 0x2298  EFS - ok
10:01:06.0869 0x2298  EhStorClass - ok
10:01:06.0871 0x2298  EhStorTcgDrv - ok
10:01:06.0875 0x2298  embeddedmode - ok
10:01:06.0879 0x2298  EntAppSvc - ok
10:01:06.0882 0x2298  ErrDev - ok
10:01:06.0886 0x2298  EventSystem - ok
10:01:06.0888 0x2298  EvtEng - ok
10:01:06.0891 0x2298  exfat - ok
10:01:06.0893 0x2298  fastfat - ok
10:01:06.0895 0x2298  Fax - ok
10:01:06.0897 0x2298  fcvsc - ok
10:01:06.0899 0x2298  fdc - ok
10:01:06.0901 0x2298  fdPHost - ok
10:01:06.0903 0x2298  FDResPub - ok
10:01:06.0906 0x2298  fhsvc - ok
10:01:06.0910 0x2298  FileCrypt - ok
10:01:06.0913 0x2298  FileInfo - ok
10:01:06.0914 0x2298  Filetrace - ok
10:01:06.0916 0x2298  flpydisk - ok
10:01:06.0918 0x2298  FltMgr - ok
10:01:06.0920 0x2298  FontCache - ok
10:01:06.0923 0x2298  FontCache3.0.0.0 - ok
10:01:06.0925 0x2298  FsDepends - ok
10:01:06.0927 0x2298  Fs_Rec - ok
10:01:06.0929 0x2298  fvevol - ok
10:01:06.0931 0x2298  gagp30kx - ok
10:01:06.0933 0x2298  gencounter - ok
10:01:06.0935 0x2298  genericusbfn - ok
10:01:06.0937 0x2298  GfExperienceService - ok
10:01:06.0941 0x2298  GPIOClx0101 - ok
10:01:06.0943 0x2298  gpsvc - ok
10:01:06.0945 0x2298  GpuEnergyDrv - ok
10:01:06.0947 0x2298  gupdate - ok
10:01:06.0949 0x2298  gupdatem - ok
10:01:06.0951 0x2298  gzflt - ok
10:01:06.0953 0x2298  HDAudBus - ok
10:01:06.0956 0x2298  HidBatt - ok
10:01:06.0958 0x2298  HidBth - ok
10:01:06.0960 0x2298  hidi2c - ok
10:01:06.0963 0x2298  hidinterrupt - ok
10:01:06.0965 0x2298  HidIr - ok
10:01:06.0967 0x2298  hidserv - ok
10:01:06.0969 0x2298  HidUsb - ok
10:01:06.0971 0x2298  HomeGroupListener - ok
10:01:06.0976 0x2298  HomeGroupProvider - ok
10:01:06.0978 0x2298  HpSAMD - ok
10:01:06.0981 0x2298  HTTP - ok
10:01:06.0983 0x2298  HWiNFO32 - ok
10:01:06.0986 0x2298  hwpolicy - ok
10:01:06.0988 0x2298  hyperkbd - ok
10:01:06.0990 0x2298  i8042prt - ok
10:01:06.0992 0x2298  iai2c - ok
10:01:06.0994 0x2298  iaLPSS2i_I2C - ok
10:01:06.0996 0x2298  iaLPSSi_GPIO - ok
10:01:06.0999 0x2298  iaLPSSi_I2C - ok
10:01:07.0001 0x2298  iaStorA - ok
10:01:07.0003 0x2298  iaStorAV - ok
10:01:07.0007 0x2298  IAStorDataMgrSvc - ok
10:01:07.0012 0x2298  iaStorV - ok
10:01:07.0014 0x2298  ibbus - ok
10:01:07.0016 0x2298  ibtsiva - ok
10:01:07.0018 0x2298  ibtusb - ok
10:01:07.0019 0x2298  icssvc - ok
10:01:07.0022 0x2298  IEEtwCollectorService - ok
10:01:07.0025 0x2298  igfx - ok
10:01:07.0026 0x2298  igfxCUIService2.0.0.0 - ok
10:01:07.0029 0x2298  ignis - ok
10:01:07.0031 0x2298  IKEEXT - ok
10:01:07.0034 0x2298  IntcAzAudAddService - ok
10:01:07.0036 0x2298  IntcDAud - ok
10:01:07.0041 0x2298  Intel® Capability Licensing Service TCP IP Interface - ok
10:01:07.0046 0x2298  Intel® Security Assist - ok
10:01:07.0048 0x2298  intelide - ok
10:01:07.0050 0x2298  intelpep - ok
10:01:07.0051 0x2298  intelppm - ok
10:01:07.0054 0x2298  IoQos - ok
10:01:07.0057 0x2298  IpFilterDriver - ok
10:01:07.0059 0x2298  iphlpsvc - ok
10:01:07.0061 0x2298  IPMIDRV - ok
10:01:07.0064 0x2298  IPNAT - ok
10:01:07.0066 0x2298  IRENUM - ok
10:01:07.0068 0x2298  isaHelperSvc - ok
10:01:07.0069 0x2298  isapnp - ok
10:01:07.0073 0x2298  iScsiPrt - ok
10:01:07.0075 0x2298  jhi_service - ok
10:01:07.0077 0x2298  kbdclass - ok
10:01:07.0080 0x2298  kbdhid - ok
10:01:07.0082 0x2298  kdnic - ok
10:01:07.0084 0x2298  KeyIso - ok
10:01:07.0086 0x2298  Killer Service V2 - ok
10:01:07.0089 0x2298  KillerEth - ok
10:01:07.0091 0x2298  KSecDD - ok
10:01:07.0094 0x2298  KSecPkg - ok
10:01:07.0096 0x2298  ksthunk - ok
10:01:07.0098 0x2298  KtmRm - ok
10:01:07.0101 0x2298  LanmanServer - ok
10:01:07.0104 0x2298  LanmanWorkstation - ok
10:01:07.0110 0x2298  lfsvc - ok
10:01:07.0113 0x2298  LicenseManager - ok
10:01:07.0115 0x2298  lltdio - ok
10:01:07.0117 0x2298  lltdsvc - ok
10:01:07.0118 0x2298  lmhosts - ok
10:01:07.0120 0x2298  LMS - ok
10:01:07.0124 0x2298  LSI_SAS - ok
10:01:07.0126 0x2298  LSI_SAS2i - ok
10:01:07.0128 0x2298  LSI_SAS3i - ok
10:01:07.0131 0x2298  LSI_SSS - ok
10:01:07.0133 0x2298  LSM - ok
10:01:07.0135 0x2298  luafv - ok
10:01:07.0137 0x2298  MapsBroker - ok
10:01:07.0140 0x2298  MBAMSwissArmy - ok
10:01:07.0145 0x2298  megasas - ok
10:01:07.0147 0x2298  megasr - ok
10:01:07.0149 0x2298  MEIx64 - ok
10:01:07.0151 0x2298  MessagingService - ok
10:01:07.0215 0x2298  Micro Star SCM - ok
10:01:07.0217 0x2298  mlx4_bus - ok
10:01:07.0219 0x2298  MMCSS - ok
10:01:07.0222 0x2298  Modem - ok
10:01:07.0225 0x2298  monitor - ok
10:01:07.0227 0x2298  mouclass - ok
10:01:07.0229 0x2298  mouhid - ok
10:01:07.0231 0x2298  mountmgr - ok
10:01:07.0233 0x2298  MozillaMaintenance - ok
10:01:07.0235 0x2298  mpsdrv - ok
10:01:07.0237 0x2298  MpsSvc - ok
10:01:07.0240 0x2298  MRxDAV - ok
10:01:07.0243 0x2298  mrxsmb - ok
10:01:07.0244 0x2298  mrxsmb10 - ok
10:01:07.0246 0x2298  mrxsmb20 - ok
10:01:07.0248 0x2298  MsBridge - ok
10:01:07.0251 0x2298  MSDTC - ok
10:01:07.0255 0x2298  Msfs - ok
10:01:07.0258 0x2298  msgpiowin32 - ok
10:01:07.0260 0x2298  mshidkmdf - ok
10:01:07.0262 0x2298  mshidumdf - ok
10:01:07.0264 0x2298  msisadrv - ok
10:01:07.0266 0x2298  MSiSCSI - ok
10:01:07.0271 0x2298  msiserver - ok
10:01:07.0275 0x2298  MsiTrueColorService - ok
10:01:07.0277 0x2298  MSI_SuperCharger - ok
10:01:07.0279 0x2298  MSKSSRV - ok
10:01:07.0281 0x2298  MsLldp - ok
10:01:07.0283 0x2298  MSPCLOCK - ok
10:01:07.0285 0x2298  MSPQM - ok
10:01:07.0287 0x2298  MsRPC - ok
10:01:07.0290 0x2298  mssmbios - ok
10:01:07.0293 0x2298  MSTEE - ok
10:01:07.0295 0x2298  MTConfig - ok
10:01:07.0297 0x2298  Mup - ok
10:01:07.0299 0x2298  mvumis - ok
10:01:07.0300 0x2298  MyWiFiDHCPDNS - ok
10:01:07.0304 0x2298  NativeWifiP - ok
10:01:07.0307 0x2298  NcaSvc - ok
10:01:07.0310 0x2298  NcbService - ok
10:01:07.0313 0x2298  NcdAutoSetup - ok
10:01:07.0315 0x2298  ndfltr - ok
10:01:07.0317 0x2298  NDIS - ok
10:01:07.0319 0x2298  NdisCap - ok
10:01:07.0321 0x2298  NdisImPlatform - ok
10:01:07.0324 0x2298  NdisTapi - ok
10:01:07.0326 0x2298  Ndisuio - ok
10:01:07.0328 0x2298  NdisVirtualBus - ok
10:01:07.0331 0x2298  NdisWan - ok
10:01:07.0333 0x2298  ndiswanlegacy - ok
10:01:07.0335 0x2298  ndproxy - ok
10:01:07.0337 0x2298  Ndu - ok
10:01:07.0341 0x2298  NetBIOS - ok
10:01:07.0346 0x2298  NetBT - ok
10:01:07.0348 0x2298  Netlogon - ok
10:01:07.0350 0x2298  Netman - ok
10:01:07.0352 0x2298  netprofm - ok
10:01:07.0354 0x2298  NetSetupSvc - ok
10:01:07.0357 0x2298  NetTcpPortSharing - ok
10:01:07.0360 0x2298  Netwtw02 - ok
10:01:07.0363 0x2298  Netwtw04 - ok
10:01:07.0365 0x2298  NgcCtnrSvc - ok
10:01:07.0367 0x2298  NgcSvc - ok
10:01:07.0369 0x2298  NlaSvc - ok
10:01:07.0372 0x2298  Npfs - ok
10:01:07.0377 0x2298  npsvctrig - ok
10:01:07.0379 0x2298  nsi - ok
10:01:07.0381 0x2298  nsiproxy - ok
10:01:07.0384 0x2298  NTFS - ok
10:01:07.0390 0x2298  NTIOLib_1_0_3 - ok
10:01:07.0392 0x2298  Null - ok
10:01:07.0394 0x2298  nvlddmkm - ok
10:01:07.0396 0x2298  NvNetworkService - ok
10:01:07.0398 0x2298  nvraid - ok
10:01:07.0400 0x2298  nvstor - ok
10:01:07.0405 0x2298  NvStreamKms - ok
10:01:07.0408 0x2298  NvStreamNetworkSvc - ok
10:01:07.0410 0x2298  NvStreamSvc - ok
10:01:07.0412 0x2298  NvStUSB - ok
10:01:07.0414 0x2298  nvsvc - ok
10:01:07.0416 0x2298  NVSWCFilter - ok
10:01:07.0418 0x2298  nvvad_WaveExtensible - ok
10:01:07.0420 0x2298  nv_agp - ok
10:01:07.0423 0x2298  OneSyncSvc - ok
10:01:07.0496 0x2298  ose64 - ok
10:01:07.0500 0x2298  p2pimsvc - ok
10:01:07.0503 0x2298  p2psvc - ok
10:01:07.0505 0x2298  Parport - ok
10:01:07.0510 0x2298  Partizan - ok
10:01:07.0513 0x2298  partmgr - ok
10:01:07.0515 0x2298  PcaSvc - ok
10:01:07.0519 0x2298  pci - ok
10:01:07.0521 0x2298  pciide - ok
10:01:07.0524 0x2298  pcmcia - ok
10:01:07.0526 0x2298  pcw - ok
10:01:07.0528 0x2298  pdc - ok
10:01:07.0530 0x2298  PEAUTH - ok
10:01:07.0532 0x2298  PeerDistSvc - ok
10:01:07.0534 0x2298  percsas2i - ok
10:01:07.0536 0x2298  percsas3i - ok
10:01:07.0542 0x2298  PerfHost - ok
10:01:07.0547 0x2298  PhoneSvc - ok
10:01:07.0549 0x2298  PimIndexMaintenanceSvc - ok
10:01:07.0617 0x2298  pla - ok
10:01:07.0620 0x2298  PlugPlay - ok
10:01:07.0622 0x2298  PNRPAutoReg - ok
10:01:07.0625 0x2298  PNRPsvc - ok
10:01:07.0627 0x2298  PolicyAgent - ok
10:01:07.0631 0x2298  Power - ok
10:01:07.0633 0x2298  PptpMiniport - ok
10:01:07.0636 0x2298  PrintNotify - ok
10:01:07.0639 0x2298  Processor - ok
10:01:07.0644 0x2298  ProductAgentService - ok
10:01:07.0647 0x2298  ProfSvc - ok
10:01:07.0649 0x2298  Psched - ok
10:01:07.0651 0x2298  QWAVE - ok
10:01:07.0654 0x2298  QWAVEdrv - ok
10:01:07.0657 0x2298  RasAcd - ok
10:01:07.0659 0x2298  RasAgileVpn - ok
10:01:07.0661 0x2298  RasAuto - ok
10:01:07.0664 0x2298  Rasl2tp - ok
10:01:07.0667 0x2298  RasMan - ok
10:01:07.0669 0x2298  RasPppoe - ok
10:01:07.0672 0x2298  RasSstp - ok
10:01:07.0676 0x2298  rdbss - ok
10:01:07.0680 0x2298  rdpbus - ok
10:01:07.0683 0x2298  RDPDR - ok
10:01:07.0687 0x2298  RdpVideoMiniport - ok
10:01:07.0689 0x2298  rdyboost - ok
10:01:07.0692 0x2298  ReFSv1 - ok
10:01:07.0695 0x2298  RegSrvc - ok
10:01:07.0697 0x2298  RemoteAccess - ok
10:01:07.0700 0x2298  RemoteRegistry - ok
10:01:07.0703 0x2298  RetailDemo - ok
10:01:07.0705 0x2298  RFCOMM - ok
10:01:07.0710 0x2298  RpcEptMapper - ok
10:01:07.0713 0x2298  RpcLocator - ok
10:01:07.0716 0x2298  RpcSs - ok
10:01:07.0718 0x2298  rspndr - ok
10:01:07.0720 0x2298  RTSUER - ok
10:01:07.0723 0x2298  s3cap - ok
10:01:07.0725 0x2298  SamSs - ok
10:01:07.0727 0x2298  sbp2port - ok
10:01:07.0730 0x2298  SCardSvr - ok
10:01:07.0733 0x2298  ScDeviceEnum - ok
10:01:07.0735 0x2298  scfilter - ok
10:01:07.0737 0x2298  Schedule - ok
10:01:07.0740 0x2298  SCPolicySvc - ok
10:01:07.0743 0x2298  sdbus - ok
10:01:07.0745 0x2298  SDRSVC - ok
10:01:07.0747 0x2298  sdstor - ok
10:01:07.0750 0x2298  seclogon - ok
10:01:07.0752 0x2298  SENS - ok
10:01:07.0755 0x2298  SensorDataService - ok
10:01:07.0758 0x2298  SensorService - ok
10:01:07.0760 0x2298  SensrSvc - ok
10:01:07.0762 0x2298  SerCx - ok
10:01:07.0764 0x2298  SerCx2 - ok
10:01:07.0768 0x2298  Serenum - ok
10:01:07.0773 0x2298  Serial - ok
10:01:07.0776 0x2298  sermouse - ok
10:01:07.0781 0x2298  SessionEnv - ok
10:01:07.0783 0x2298  sfloppy - ok
10:01:07.0786 0x2298  SharedAccess - ok
10:01:07.0790 0x2298  ShellHWDetection - ok
10:01:07.0793 0x2298  SiSRaid2 - ok
10:01:07.0795 0x2298  SiSRaid4 - ok
10:01:07.0797 0x2298  SjtWinIo - ok
10:01:07.0799 0x2298  SmbDrv - ok
10:01:07.0801 0x2298  SmbDrvI - ok
10:01:07.0805 0x2298  smphost - ok
10:01:07.0809 0x2298  SmsRouter - ok
10:01:07.0814 0x2298  SNMPTRAP - ok
10:01:07.0817 0x2298  spaceport - ok
10:01:07.0819 0x2298  SpbCx - ok
10:01:07.0821 0x2298  Spooler - ok
10:01:07.0824 0x2298  sppsvc - ok
10:01:07.0826 0x2298  srv - ok
10:01:07.0829 0x2298  srv2 - ok
10:01:07.0831 0x2298  srvnet - ok
10:01:07.0834 0x2298  ssdevfactory - ok
10:01:07.0836 0x2298  SSDPSRV - ok
10:01:07.0839 0x2298  sshid - ok
10:01:07.0844 0x2298  ssps2 - ok
10:01:07.0847 0x2298  SstpSvc - ok
10:01:07.0849 0x2298  ssudmdm - ok
10:01:07.0851 0x2298  ss_conn_service - ok
10:01:07.0854 0x2298  ss_conn_usb_driver - ok
10:01:07.0857 0x2298  StateRepository - ok
10:01:07.0859 0x2298  stexstor - ok
10:01:07.0863 0x2298  stisvc - ok
10:01:07.0865 0x2298  storahci - ok
10:01:07.0868 0x2298  storflt - ok
10:01:07.0870 0x2298  stornvme - ok
10:01:07.0877 0x2298  storqosflt - ok
10:01:07.0880 0x2298  StorSvc - ok
10:01:07.0883 0x2298  storufs - ok
10:01:07.0885 0x2298  storvsc - ok
10:01:07.0887 0x2298  svsvc - ok
10:01:07.0890 0x2298  swenum - ok
10:01:07.0892 0x2298  swprv - ok
10:01:07.0895 0x2298  Synth3dVsc - ok
10:01:07.0897 0x2298  SynTP - ok
10:01:07.0899 0x2298  SynTPEnhService - ok
10:01:07.0902 0x2298  SysMain - ok
10:01:07.0904 0x2298  SystemEventsBroker - ok
10:01:07.0907 0x2298  TabletInputService - ok
10:01:07.0909 0x2298  tap0901 - ok
10:01:07.0912 0x2298  TapiSrv - ok
10:01:07.0914 0x2298  Tcpip - ok
10:01:07.0917 0x2298  Tcpip6 - ok
10:01:07.0921 0x2298  tcpipreg - ok
10:01:07.0925 0x2298  tdx - ok
10:01:07.0927 0x2298  terminpt - ok
10:01:07.0931 0x2298  TermService - ok
10:01:07.0934 0x2298  Themes - ok
10:01:07.0937 0x2298  TieringEngineService - ok
10:01:07.0941 0x2298  tiledatamodelsvc - ok
10:01:07.0943 0x2298  TimeBroker - ok
10:01:07.0946 0x2298  TPM - ok
10:01:07.0948 0x2298  TrkWks - ok
10:01:07.0951 0x2298  trufos - ok
10:01:07.0953 0x2298  TrustedInstaller - ok
10:01:07.0957 0x2298  TsUsbFlt - ok
10:01:07.0960 0x2298  TsUsbGD - ok
10:01:07.0963 0x2298  tunnel - ok
10:01:07.0965 0x2298  tzautoupdate - ok
10:01:07.0968 0x2298  uagp35 - ok
10:01:07.0971 0x2298  UASPStor - ok
10:01:07.0975 0x2298  UcmCx0101 - ok
10:01:07.0979 0x2298  UcmUcsi - ok
10:01:07.0981 0x2298  Ucx01000 - ok
10:01:07.0983 0x2298  UdeCx - ok
10:01:07.0986 0x2298  udfs - ok
10:01:07.0989 0x2298  UEFI - ok
10:01:07.0991 0x2298  Ufx01000 - ok
10:01:07.0994 0x2298  UfxChipidea - ok
10:01:07.0997 0x2298  ufxsynopsys - ok
10:01:08.0002 0x2298  UI0Detect - ok
10:01:08.0005 0x2298  uliagpkx - ok
10:01:08.0010 0x2298  umbus - ok
10:01:08.0013 0x2298  UmPass - ok
10:01:08.0015 0x2298  UmRdpService - ok
10:01:08.0017 0x2298  UnistoreSvc - ok
10:01:08.0097 0x2298  UPDATESRV - ok
10:01:08.0100 0x2298  upnphost - ok
10:01:08.0102 0x2298  UrsChipidea - ok
10:01:08.0105 0x2298  UrsCx01000 - ok
10:01:08.0108 0x2298  UrsSynopsys - ok
10:01:08.0111 0x2298  usbccgp - ok
10:01:08.0114 0x2298  usbcir - ok
10:01:08.0116 0x2298  usbehci - ok
10:01:08.0118 0x2298  usbhub - ok
10:01:08.0121 0x2298  USBHUB3 - ok
10:01:08.0124 0x2298  usbohci - ok
10:01:08.0126 0x2298  usbprint - ok
10:01:08.0129 0x2298  usbrndis6 - ok
10:01:08.0133 0x2298  usbser - ok
10:01:08.0135 0x2298  USBSTOR - ok
10:01:08.0137 0x2298  usbuhci - ok
10:01:08.0141 0x2298  usbvideo - ok
10:01:08.0145 0x2298  USBXHCI - ok
10:01:08.0147 0x2298  usb_rndisx - ok
10:01:08.0149 0x2298  UserDataSvc - ok
10:01:08.0235 0x2298  UserManager - ok
10:01:08.0238 0x2298  UsoSvc - ok
10:01:08.0242 0x2298  VaultSvc - ok
10:01:08.0245 0x2298  VBoxDrv - ok
10:01:08.0248 0x2298  VBoxNetAdp - ok
10:01:08.0251 0x2298  VBoxNetLwf - ok
10:01:08.0254 0x2298  VBoxUSB - ok
10:01:08.0257 0x2298  VBoxUSBMon - ok
10:01:08.0260 0x2298  vdrvroot - ok
10:01:08.0262 0x2298  vds - ok
10:01:08.0265 0x2298  veracrypt - ok
10:01:08.0267 0x2298  VerifierExt - ok
10:01:08.0273 0x2298  vhdmp - ok
10:01:08.0276 0x2298  vhf - ok
10:01:08.0279 0x2298  vmbus - ok
10:01:08.0282 0x2298  VMBusHID - ok
10:01:08.0285 0x2298  vmicguestinterface - ok
10:01:08.0288 0x2298  vmicheartbeat - ok
10:01:08.0291 0x2298  vmickvpexchange - ok
10:01:08.0293 0x2298  vmicrdv - ok
10:01:08.0296 0x2298  vmicshutdown - ok
10:01:08.0299 0x2298  vmictimesync - ok
10:01:08.0301 0x2298  vmicvmsession - ok
10:01:08.0304 0x2298  vmicvss - ok
10:01:08.0309 0x2298  volmgr - ok
10:01:08.0312 0x2298  volmgrx - ok
10:01:08.0314 0x2298  volsnap - ok
10:01:08.0317 0x2298  vpci - ok
10:01:08.0319 0x2298  vsmraid - ok
10:01:08.0322 0x2298  VSS - ok
10:01:08.0326 0x2298  VSSERV - ok
10:01:08.0328 0x2298  VSTXRAID - ok
10:01:08.0331 0x2298  vwifibus - ok
10:01:08.0334 0x2298  vwififlt - ok
10:01:08.0336 0x2298  vwifimp - ok
10:01:08.0341 0x2298  W32Time - ok
10:01:08.0345 0x2298  WacomPen - ok
10:01:08.0348 0x2298  WalletService - ok
10:01:08.0350 0x2298  wanarp - ok
10:01:08.0353 0x2298  wanarpv6 - ok
10:01:08.0356 0x2298  wbengine - ok
10:01:08.0359 0x2298  WbioSrvc - ok
10:01:08.0362 0x2298  Wcmsvc - ok
10:01:08.0365 0x2298  wcncsvc - ok
10:01:08.0367 0x2298  WcsPlugInService - ok
10:01:08.0370 0x2298  WdBoot - ok
10:01:08.0373 0x2298  Wdf01000 - ok
10:01:08.0375 0x2298  WdFilter - ok
10:01:08.0378 0x2298  WdiServiceHost - ok
10:01:08.0381 0x2298  WdiSystemHost - ok
10:01:08.0383 0x2298  wdiwifi - ok
10:01:08.0386 0x2298  WdNisDrv - ok
10:01:08.0389 0x2298  WdNisSvc - ok
10:01:08.0392 0x2298  WebClient - ok
10:01:08.0395 0x2298  Wecsvc - ok
10:01:08.0399 0x2298  WEPHOSTSVC - ok
10:01:08.0403 0x2298  wercplsupport - ok
10:01:08.0406 0x2298  WerSvc - ok
10:01:08.0409 0x2298  WFPLWFS - ok
10:01:08.0411 0x2298  WiaRpc - ok
10:01:08.0414 0x2298  WIMMount - ok
10:01:08.0416 0x2298  WinDefend - ok
10:01:08.0422 0x2298  WindowsTrustedRT - ok
10:01:08.0425 0x2298  WindowsTrustedRTProxy - ok
10:01:08.0428 0x2298  WinHttpAutoProxySvc - ok
10:01:08.0432 0x2298  WINIO - ok
10:01:08.0436 0x2298  WinMad - ok
10:01:08.0440 0x2298  Winmgmt - ok
10:01:08.0443 0x2298  WinRM - ok
10:01:08.0448 0x2298  WINUSB - ok
10:01:08.0451 0x2298  WinVerbs - ok
10:01:08.0453 0x2298  WlanSvc - ok
10:01:08.0457 0x2298  wlidsvc - ok
10:01:08.0460 0x2298  WmiAcpi - ok
10:01:08.0464 0x2298  wmiApSrv - ok
10:01:08.0467 0x2298  WMPNetworkSvc - ok
10:01:08.0470 0x2298  Wof - ok
10:01:08.0476 0x2298  workfolderssvc - ok
10:01:08.0479 0x2298  wpcfltr - ok
10:01:08.0483 0x2298  WPDBusEnum - ok
10:01:08.0485 0x2298  WpdUpFltr - ok
10:01:08.0488 0x2298  WpnService - ok
10:01:08.0492 0x2298  ws2ifsl - ok
10:01:08.0495 0x2298  wscsvc - ok
10:01:08.0498 0x2298  WSearch - ok
10:01:08.0503 0x2298  WSService - ok
10:01:08.0507 0x2298  wuauserv - ok
10:01:08.0511 0x2298  WudfPf - ok
10:01:08.0514 0x2298  WUDFRd - ok
10:01:08.0517 0x2298  wudfsvc - ok
10:01:08.0520 0x2298  WUDFWpdFs - ok
10:01:08.0523 0x2298  WUDFWpdMtp - ok
10:01:08.0526 0x2298  WwanSvc - ok
10:01:08.0529 0x2298  XblAuthManager - ok
10:01:08.0532 0x2298  XblGameSave - ok
10:01:08.0535 0x2298  xboxgip - ok
10:01:08.0538 0x2298  XboxNetApiSvc - ok
10:01:08.0541 0x2298  xinputhid - ok
10:01:08.0547 0x2298  ZeroConfigService - ok
10:01:08.0567 0x2298  ================ Scan global ===============================
10:01:08.0569 0x2298  [ Global ] - ok
10:01:08.0569 0x2298  ================ Scan MBR ==================================
10:01:08.0571 0x2298  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:01:08.0578 0x2298  \Device\Harddisk0\DR0 - ok
10:01:08.0615 0x2298  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:01:08.0619 0x2298  \Device\Harddisk1\DR1 - ok
10:01:08.0620 0x2298  ================ Scan VBR ==================================
10:01:08.0622 0x2298  [ B42C7A7F39E12535F98C84D35E540528 ] \Device\Harddisk0\DR0\Partition1
10:01:08.0623 0x2298  \Device\Harddisk0\DR0\Partition1 - ok
10:01:08.0624 0x2298  [ 539740862D42709F36B68FCABD818F36 ] \Device\Harddisk0\DR0\Partition2
10:01:08.0625 0x2298  \Device\Harddisk0\DR0\Partition2 - ok
10:01:08.0626 0x2298  [ DB7FCBF098417F274753123FBF7AC2D2 ] \Device\Harddisk0\DR0\Partition3
10:01:08.0627 0x2298  \Device\Harddisk0\DR0\Partition3 - ok
10:01:08.0629 0x2298  [ B08256FB5E4EA0ECFF80B56783094081 ] \Device\Harddisk0\DR0\Partition4
10:01:08.0630 0x2298  \Device\Harddisk0\DR0\Partition4 - ok
10:01:08.0632 0x2298  [ FB05C477A291B383D4B23AB8AAB206D8 ] \Device\Harddisk0\DR0\Partition5
10:01:08.0633 0x2298  \Device\Harddisk0\DR0\Partition5 - ok
10:01:08.0635 0x2298  [ 16D2A1FCD8CE3F40D1B3635B0E87C109 ] \Device\Harddisk1\DR1\Partition1
10:01:08.0635 0x2298  \Device\Harddisk1\DR1\Partition1 - ok
10:01:08.0661 0x2298  [ 8F019645F4B8607433D4F0830B4EE7D4 ] \Device\Harddisk1\DR1\Partition2
10:01:08.0672 0x2298  \Device\Harddisk1\DR1\Partition2 - ok
10:01:08.0673 0x2298  ================ Scan generic autorun ======================
10:01:08.0673 0x2298  RTHDVCPL - ok
10:01:08.0675 0x2298  IAStorIcon - ok
10:01:08.0677 0x2298  MsiTrueColor - ok
10:01:08.0678 0x2298  NahimicMSIUILauncher - ok
10:01:08.0680 0x2298  NvBackend - ok
10:01:08.0681 0x2298  SCM - ok
10:01:08.0681 0x2298  ShadowPlay - ok
10:01:08.0682 0x2298  SUPER CHARGER - ok
10:01:08.0683 0x2298  Dropbox - ok
10:01:08.0684 0x2298  OneDriveSetup - ok
10:01:08.0685 0x2298  OneDriveSetup - ok
10:01:08.0686 0x2298  OneDrive - ok
10:01:08.0688 0x2298  CCleaner Monitoring - ok
10:01:08.0690 0x2298  CCleaner - ok
10:01:08.0714 0x2298  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
10:01:08.0715 0x2298  AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2016\wscfix.exe ( 20.0.26.1443 ), 0x41000 ( enabled : updated )
10:01:08.0716 0x2298  FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2016\wscfix.exe ( 20.0.26.1443 ), 0x41010 ( enabled )
10:01:09.0015 0x2298  ============================================================
10:01:09.0015 0x2298  Scan finished
10:01:09.0015 0x2298  ============================================================
10:01:09.0020 0x1f00  Detected object count: 0
10:01:09.0020 0x1f00  Actual detected object count: 0
 


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:25 PM

Posted 18 June 2016 - 11:07 AM

Thanks for the info.  Dont see or recognize anything that looks like a keylogger. We can use FRST to make some changes.

 

Copy/paste whats below into notepad and save it as fixlist.txt in the same location that you have FRST. Start FRST like before except this time click on the Fix button once. Machine may reboot to finish the process. Upon reboot it will display a fixlog that you can copy/paste in your reply

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 


How Can I Reduce My Risk to Malware?


#5 coppo808

coppo808
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 June 2016 - 12:35 PM

Thanks for the quick response,

 

I may have removed whatever was on my computer with BitDefender, MWB and other root kits I tried before I found this site, I know my email and 1 bank were accessed ( the only two accounts that don't require 2FA a day after I found 7 open emails on my laptop that I didn't open and the links in the emails didn't work just lead to an unresponsive link

 

While I stay very security aware I, that day is when I noticed the breach. As you can see from the log I have Lastpass, so all of my passwords are 80-100 character random mix and all are different so there is no way they were brute forced or guessed. I was just going to do a fresh reinstall but as you know that takes hours so I was hoping to restore what I have. I know my cell and PC were infected last Oct when my identity were stolen and sold on the Deep Web but I have replaced those devices so I was surprised when I found a remote access tool and trojan's on the laptop last week.

 

I just wanted to make sure it was clean as these are the only two devices I use to access my account. 

 

Thanks an I really appreciate the help.

 

Below is the log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-06-2016
Ran by PC (2016-06-18 13:17:26) Run:1
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 13:17:26 ====


#6 coppo808

coppo808
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 June 2016 - 12:47 PM

.


Edited by coppo808, 18 June 2016 - 12:53 PM.


#7 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:25 PM

Posted 18 June 2016 - 02:00 PM

Your welcome. As far as I can tell the logs look ok. You could also do a online scan if you wanted but I dont think anything would get by the tools you have already used. Most AV vendors have web based scanners that can be used as another one time check for malware.


How Can I Reduce My Risk to Malware?


#8 coppo808

coppo808
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 June 2016 - 02:06 PM

Thanks, if it looks clean and you think I'm good you could close this out.

 

Thanks for your help Shelf Life  :clapping: Really appreciate you taking time to look at the logs....



#9 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:25 PM

Posted 18 June 2016 - 02:21 PM

Ok, your welcome. Happy Safe Surfing "out there."


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users