Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zenmate VPN provider redirect (maybe fake pages??)


  • This topic is locked This topic is locked
8 replies to this topic

#1 ggs1212

ggs1212

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 13 May 2017 - 03:08 AM

Hi, I made a topic in the other section, and the guy suggested that I make one here after his scanning.

 

Here is the old topic and my original post.

 

https://www.bleepingcomputer.com/forums/t/645928/browser-re-directhijack-maybe-fake-pages/

 

After trying to access the website of my VPN provider (ZenMate), I get to their website, (https://zenmate.com/) but however sometimes it looks the same, but the URL bar shows something different. Currently, if I try and access it I get the same layout, but the URL reads (https://a0.awsstatic.com/) it looks like the real site, but the URL bar shows different. It also did this a few days ago, upon clicking the zenmate.com in google, it would show the zenmate site layout, but the URL would read "deviantart.com" , which obviously was not true. Was it a fake/phishing page? Why would the URL read a different site to the one being displayed?

 

I use Firefox, Windows 7 x64 , AVG and Malwarebytes Free

 

I use a VPN called zenmate which is a proxy, its a browser based extension for firefox. I am still getting strange redirects sometimes when I try and log in (to access the VPN/Proxy upon startup of firefox) at the zenmate site, attached is pictures of what I mean.

 

Here is a photo of the normal site, before the weird URL thing:

 

http://i.imgur.com/2CdpZwy.png 

 

And here is one of the many weird URL's that appear to be the same site with a different URL

 

http://i.imgur.com/WApGSlt.png

 

There was more variations of these weird URL things, but I kept trying to replicate it, and could only get that one.

 

Got redirected to this :

 

https://versand-status.de/login/?utm_medium=in_product&utm_source=extension_interface&utm_campaign=login_unknown_unknown&utm_content=menu

 

its supposed to read zenmate.com instead of versand-status.de (which translates to shipping status?)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Home (administrator) on HOME-PC (13-05-2017 16:03:12)
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Innovative Digital Technologies) C:\Users\Home\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Lenovo) C:\Users\Home\AppData\Local\Apps\2.0\CC62WHH3.0PW\5YAQGYWJ.41M\lsb...tion_2d7b41b05b24775e_0001.0006_3b0a905c8de4f74a\LSB.exe
(Innovative Digital Technologies) C:\Users\Home\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\Run: [AceStream] => C:\Users\Home\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2017-03-20] (Innovative Digital Technologies)
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-02] (Piriform Ltd)
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\Run: [NetBalancer] => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe [1915256 2016-11-14] (SeriousBit)
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\MountPoints2: E - E:\F1MAutoRun.exe
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\MountPoints2: F - F:\MLLaunch.exe
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\MountPoints2: S - notepad SeaToolsDOSguide.EN.txt
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\MountPoints2: {846eb2c7-1fba-11e6-a8a7-00016c4dc679} - notepad SeaToolsDOSguide.EN.txt
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\MountPoints2: {846eb2d3-1fba-11e6-a8a7-00016c4dc679} - E:\Launcher.exe
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\MountPoints2: {846eb2ee-1fba-11e6-a8a7-00016c4dc679} - X:\Setup.exe autorun
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\MountPoints2: {846eb2fa-1fba-11e6-a8a7-00016c4dc679} - Z:\Setup.exe autorun
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\MountPoints2: {846eb2fb-1fba-11e6-a8a7-00016c4dc679} - Y:\Setup.exe autorun
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-05-21]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk [2016-12-10]
ShortcutTarget: Windows Firewall Control.lnk -> C:\Program Files\Windows Firewall Control\wfc.exe (BiniSoft.org)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{59F10D26-14BC-4ADE-9406-472785947105}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ua96zwbx.default
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ua96zwbx.default [2017-05-13]
FF NetworkProxy: Mozilla\Firefox\Profiles\ua96zwbx.default -> ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\ua96zwbx.default -> ftp_port", 49736
FF NetworkProxy: Mozilla\Firefox\Profiles\ua96zwbx.default -> no_proxies_on", "localhost, localdomain, .localdomain, local, .local, 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, www.google-analytics.com"
FF NetworkProxy: Mozilla\Firefox\Profiles\ua96zwbx.default -> ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\ua96zwbx.default -> ssl_port", 49736
FF Extension: (Test Pilot) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ua96zwbx.default\Extensions\@testpilot-addon.xpi [2017-04-18]
FF Extension: (MEGA) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ua96zwbx.default\Extensions\firefox@mega.co.nz.xpi [2017-05-11]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ua96zwbx.default\Extensions\firefox@zenmate.com.xpi [2017-05-06]
FF Extension: (Wayback Machine) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ua96zwbx.default\Extensions\wayback_machine@mozilla.org.xpi [2017-03-01]
FF Extension: (Adblock Plus) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ua96zwbx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Home\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\Home\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-02-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.7 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)

Chrome:
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2017-02-12]
CHR Extension: (Ace Stream Web Extension) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-15]
CHR HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-04] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-04] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-04-27] (AVG Technologies CZ, s.r.o.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [181624 2016-11-14] (SeriousBit)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 _wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [103424 2016-12-10] (BiniSoft.org) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [19568 2015-11-10] () [File not signed]
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-04] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-04] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-04] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-04] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-04] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-04] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-04-29] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-04] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-04] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-04] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557912 2017-04-29] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-04] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-04] (AVG Technologies CZ, s.r.o.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-22] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-13] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-13] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-13] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-13] (Malwarebytes)
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [40976 2016-01-15] (SeriousBit)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S0x01000000 papycpu2; C:\Windows\SysWOW64\DRIVERS\papycpu2.sys [1984 2003-01-17] () [File not signed]
S0x01000000 papyjoy; C:\Windows\SysWOW64\DRIVERS\papyjoy.sys [1856 2003-01-17] () [File not signed]
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2014-04-08] (Realtek Semiconductor Corporation                           )
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2016-07-20] (Macrovision Europe Ltd) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-13 16:03 - 2017-05-13 16:04 - 00016596 _____ C:\Users\Home\Downloads\FRST.txt
2017-05-13 16:02 - 2017-05-13 16:03 - 00000000 ____D C:\FRST
2017-05-13 16:02 - 2017-05-13 16:02 - 02429440 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2017-05-13 15:26 - 2017-02-10 00:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-13 15:26 - 2017-02-10 00:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-13 15:26 - 2017-02-09 23:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-13 15:26 - 2016-11-02 23:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-05-13 15:26 - 2016-11-02 23:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-05-13 15:26 - 2016-10-11 23:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-05-13 15:26 - 2016-09-09 04:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-05-13 15:26 - 2016-09-09 04:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-05-13 15:26 - 2016-09-08 22:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-05-13 15:26 - 2016-08-06 23:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-05-13 15:26 - 2016-06-15 01:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-05-13 15:25 - 2017-02-11 23:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-13 15:25 - 2017-02-11 23:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-13 15:25 - 2017-02-11 23:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-13 15:25 - 2017-02-10 00:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-13 15:25 - 2017-02-10 00:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-13 15:25 - 2017-02-10 00:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-13 15:25 - 2017-02-10 00:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-13 15:25 - 2017-02-10 00:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-13 15:25 - 2017-02-10 00:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-13 15:25 - 2017-02-10 00:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-13 15:25 - 2017-02-10 00:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-05-13 15:25 - 2017-02-10 00:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-13 15:25 - 2017-02-10 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-13 15:25 - 2017-02-10 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-13 15:25 - 2017-02-10 00:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-13 15:25 - 2017-02-09 23:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-13 15:25 - 2017-02-09 23:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-13 15:25 - 2017-02-09 23:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-13 15:25 - 2017-02-09 23:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-13 15:25 - 2017-02-09 23:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-13 15:25 - 2017-02-09 23:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-05-13 15:25 - 2017-02-09 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-13 15:25 - 2017-02-09 23:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-13 15:25 - 2017-02-09 23:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-13 15:25 - 2017-02-09 23:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-13 15:25 - 2017-01-14 02:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-05-13 15:25 - 2017-01-14 01:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-05-13 15:25 - 2016-11-21 00:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-05-13 15:25 - 2016-11-18 00:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-05-13 15:25 - 2016-11-10 00:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-05-13 15:25 - 2016-11-10 00:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-05-13 15:25 - 2016-11-10 00:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-05-13 15:25 - 2016-11-10 00:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-05-13 15:25 - 2016-11-10 00:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-05-13 15:25 - 2016-11-10 00:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-05-13 15:25 - 2016-11-10 00:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-05-13 15:25 - 2016-11-09 23:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-05-13 15:25 - 2016-11-02 23:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-05-13 15:25 - 2016-11-02 23:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-05-13 15:25 - 2016-11-02 23:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-05-13 15:25 - 2016-11-02 23:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-05-13 15:25 - 2016-11-02 23:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-05-13 15:25 - 2016-11-02 23:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-05-13 15:25 - 2016-11-02 23:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-05-13 15:25 - 2016-11-02 22:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-05-13 15:25 - 2016-10-11 23:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-05-13 15:25 - 2016-10-11 23:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-05-13 15:25 - 2016-10-11 23:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-05-13 15:25 - 2016-10-11 23:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-05-13 15:25 - 2016-10-11 23:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-05-13 15:25 - 2016-10-11 23:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-05-13 15:25 - 2016-10-11 23:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-05-13 15:25 - 2016-10-11 23:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-05-13 15:25 - 2016-10-11 23:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-05-13 15:25 - 2016-10-11 23:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-05-13 15:25 - 2016-10-11 23:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-05-13 15:25 - 2016-10-11 23:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-05-13 15:25 - 2016-10-11 21:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-05-13 15:25 - 2016-10-11 21:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-05-13 15:25 - 2016-10-07 23:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-13 15:25 - 2016-10-07 23:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-05-13 15:25 - 2016-10-07 23:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-13 15:25 - 2016-10-07 23:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-05-13 15:25 - 2016-10-04 23:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-13 15:25 - 2016-10-04 23:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-13 15:25 - 2016-10-04 23:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-13 15:25 - 2016-10-04 23:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-13 15:25 - 2016-09-13 05:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-05-13 15:25 - 2016-09-13 04:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-05-13 15:25 - 2016-09-08 22:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-05-13 15:25 - 2016-08-13 01:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-05-13 15:25 - 2016-08-13 01:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-05-13 15:25 - 2016-08-13 01:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-05-13 15:25 - 2016-08-13 00:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-05-13 15:25 - 2016-08-13 00:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-05-13 15:25 - 2016-08-13 00:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-05-13 15:25 - 2016-08-06 23:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-05-13 15:25 - 2016-08-06 22:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-05-13 15:25 - 2016-08-06 22:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-05-13 15:25 - 2016-06-15 01:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-05-13 15:25 - 2016-06-15 01:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-05-13 15:25 - 2016-06-15 01:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-05-13 15:25 - 2016-06-15 01:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-05-13 15:25 - 2016-06-15 01:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-05-13 15:25 - 2016-06-15 01:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-05-13 15:25 - 2016-06-15 01:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-05-13 15:25 - 2016-06-15 01:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-05-13 15:25 - 2016-06-14 23:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-05-13 15:25 - 2016-06-14 23:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-05-13 15:25 - 2016-06-14 23:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-05-13 15:25 - 2016-06-14 23:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-05-13 15:25 - 2016-03-24 06:40 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-05-13 15:24 - 2017-02-11 00:32 - 01551872 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-13 15:24 - 2017-02-11 00:32 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-13 15:24 - 2017-02-11 00:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-05-13 15:24 - 2017-02-11 00:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-13 15:24 - 2017-02-11 00:17 - 01081856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-13 15:24 - 2017-02-11 00:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-05-13 15:24 - 2017-02-11 00:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-13 15:24 - 2017-02-10 00:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-13 15:24 - 2017-02-10 00:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-13 15:24 - 2017-02-10 00:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-13 15:24 - 2017-02-10 00:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-13 15:24 - 2017-02-10 00:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-13 15:24 - 2017-02-10 00:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-13 15:24 - 2017-02-10 00:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-13 15:24 - 2017-02-10 00:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-13 15:24 - 2017-02-10 00:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-13 15:24 - 2017-02-10 00:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-13 15:24 - 2017-02-10 00:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-13 15:24 - 2017-02-10 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-13 15:24 - 2017-02-10 00:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-13 15:24 - 2017-02-09 23:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-13 15:24 - 2017-02-09 23:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-13 15:24 - 2017-02-09 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-13 15:24 - 2017-02-09 23:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-13 15:24 - 2017-02-09 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-13 15:24 - 2017-02-09 23:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-13 15:24 - 2017-02-09 23:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-13 15:24 - 2017-02-07 00:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-05-13 15:24 - 2017-01-14 02:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-13 15:24 - 2017-01-14 01:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-13 15:24 - 2017-01-12 02:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-05-13 15:24 - 2017-01-12 01:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-05-13 15:24 - 2017-01-07 01:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-05-13 15:24 - 2016-11-22 02:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-05-13 15:24 - 2016-11-20 22:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-05-13 15:24 - 2016-11-11 00:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-05-13 15:24 - 2016-11-11 00:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-05-13 15:24 - 2016-11-10 00:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-05-13 15:24 - 2016-11-10 00:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-05-13 15:24 - 2016-11-10 00:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-13 15:24 - 2016-11-10 00:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-05-13 15:24 - 2016-11-10 00:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-05-13 15:24 - 2016-11-10 00:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-13 15:24 - 2016-10-11 23:32 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-05-13 15:24 - 2016-10-11 23:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-05-13 15:24 - 2016-10-11 23:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-05-13 15:24 - 2016-10-11 23:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-05-13 15:24 - 2016-10-11 23:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-05-13 15:24 - 2016-10-11 23:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-05-13 15:24 - 2016-10-11 23:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-05-13 15:24 - 2016-10-11 23:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-05-13 15:24 - 2016-10-11 23:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-05-13 15:24 - 2016-10-11 23:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-05-13 15:24 - 2016-10-11 23:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-05-13 15:24 - 2016-10-11 23:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-05-13 15:24 - 2016-10-11 23:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-05-13 15:24 - 2016-10-11 23:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-05-13 15:24 - 2016-10-11 22:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-05-13 15:24 - 2016-10-11 22:53 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-05-13 15:24 - 2016-10-08 21:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-05-13 15:24 - 2016-10-07 23:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-05-13 15:24 - 2016-10-07 23:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-05-13 15:24 - 2016-10-05 22:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-05-13 15:24 - 2016-10-04 23:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-13 15:24 - 2016-10-04 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-13 15:24 - 2016-10-04 23:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-13 15:24 - 2016-10-04 23:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-13 15:24 - 2016-09-15 22:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-05-13 15:24 - 2016-09-10 02:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-05-13 15:24 - 2016-09-10 02:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-05-13 15:24 - 2016-09-09 04:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-05-13 15:24 - 2016-09-09 04:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-05-13 15:24 - 2016-08-23 00:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-05-13 15:24 - 2016-08-13 00:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-05-13 15:24 - 2016-08-06 23:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-13 15:24 - 2016-08-06 23:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-05-13 15:24 - 2016-08-06 23:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-13 15:24 - 2016-08-06 23:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-05-13 15:24 - 2016-08-06 23:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-05-13 15:24 - 2016-08-06 23:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-13 15:24 - 2016-08-06 23:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-05-13 15:24 - 2016-08-06 23:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-13 15:24 - 2016-08-06 23:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-05-13 15:24 - 2016-08-06 23:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-05-13 15:24 - 2016-08-06 23:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-05-13 15:24 - 2016-08-06 22:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-05-13 15:24 - 2016-06-15 01:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 02646528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-05-13 15:24 - 2016-06-15 01:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 02136064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-05-13 15:24 - 2016-06-14 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-05-13 15:24 - 2016-06-14 23:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-05-13 15:24 - 2016-06-14 23:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-05-13 15:24 - 2016-06-14 23:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-05-13 15:24 - 2016-06-14 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-05-13 15:24 - 2016-06-14 23:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-05-13 15:24 - 2016-05-12 21:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-05-13 15:24 - 2016-05-12 21:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-05-13 15:23 - 2017-02-10 00:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-13 15:23 - 2017-02-10 00:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-13 15:23 - 2017-02-10 00:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-13 15:23 - 2017-01-12 02:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-05-13 15:23 - 2017-01-12 01:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-05-13 15:23 - 2017-01-07 02:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-05-13 15:23 - 2016-08-13 01:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-05-13 15:23 - 2016-08-13 01:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-05-13 15:23 - 2016-08-13 00:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-05-13 15:23 - 2016-08-13 00:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-05-13 15:05 - 2017-05-13 15:47 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-05-12 19:49 - 2017-05-12 20:53 - 00000000 ___HD C:\_acestream_cache_
2017-05-12 19:48 - 2017-05-12 19:48 - 00001466 _____ C:\Users\Home\Desktop\ace_player.exe - Shortcut.lnk
2017-05-12 19:47 - 2017-05-13 15:47 - 00000000 ____D C:\Users\Home\AppData\Roaming\.ACEStream
2017-05-12 19:46 - 2017-05-12 19:46 - 00002025 _____ C:\Users\Home\Desktop\Ace Stream Media Center.lnk
2017-05-12 19:46 - 2017-05-12 19:46 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2017-05-12 19:45 - 2017-05-12 19:45 - 00000000 ____D C:\Users\Home\AppData\LocalLow\.ACEStream
2017-05-12 19:44 - 2017-05-12 19:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\ACEStream
2017-05-12 19:33 - 2017-05-12 19:36 - 83381280 _____ C:\Users\Home\Downloads\Ace_Stream_Media_3.1.16.1.exe
2017-05-11 13:52 - 2017-05-11 13:52 - 00000000 ____D C:\Users\Home\AppData\LocalLow\BitTorrent
2017-05-11 13:21 - 2017-05-11 13:22 - 00000000 ____D C:\Users\Home\Downloads\Blitz (2011) - 720p
2017-05-08 21:43 - 2017-05-08 22:56 - 00000000 ____D C:\Users\Home\Desktop\mbar
2017-05-08 21:39 - 2017-05-08 21:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Home\Downloads\mbar-1.09.3.1001.exe
2017-05-07 21:55 - 2017-05-07 21:55 - 00192447 _____ C:\Users\Home\Downloads\1995CK_fixes_by_CrashKing.zip
2017-05-07 21:54 - 2017-05-07 21:54 - 00008089 _____ C:\Users\Home\Downloads\1995CK_GDB_and_Icon_by_CrashKing.zip
2017-05-07 21:44 - 2017-05-07 21:50 - 142969780 _____ C:\Users\Home\Downloads\F1_1995_Mod_by_CrashKing.zip
2017-05-06 22:08 - 2017-04-04 00:20 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-06 17:38 - 2017-05-06 17:38 - 04089296 _____ C:\Users\Home\Downloads\AdwCleaner(1).exe
2017-05-06 17:37 - 2017-05-06 17:37 - 04089296 _____ C:\Users\Home\Downloads\AdwCleaner.exe
2017-05-06 17:34 - 2017-05-06 17:34 - 00002183 _____ C:\Users\Home\Desktop\JRT.txt
2017-05-06 17:27 - 2017-05-06 17:27 - 01663672 _____ (Malwarebytes) C:\Users\Home\Downloads\JRT.exe
2017-05-06 17:19 - 2017-05-06 17:19 - 00852798 _____ C:\Users\Home\Downloads\SecurityCheck.exe
2017-05-06 17:07 - 2017-05-06 17:07 - 00000681 _____ C:\Users\Home\Home - Shortcut.lnk
2017-05-06 13:50 - 2017-05-06 13:50 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Home\Downloads\esetonlinescanner_enu.exe
2017-05-06 13:46 - 2017-05-06 13:47 - 00037694 _____ C:\Users\Home\Downloads\MTB.txt
2017-05-06 13:45 - 2017-05-06 13:45 - 00892416 _____ (Farbar) C:\Users\Home\Downloads\MiniToolBox.exe
2017-05-05 17:34 - 2017-05-05 17:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\Home\Downloads\HijackThis(1).exe
2017-05-05 17:34 - 2017-05-05 17:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\Home\Downloads\HijackThis.exe
2017-05-04 16:55 - 2017-05-04 16:56 - 00002378 _____ C:\Users\Home\Desktop\Rkill.txt
2017-04-28 22:53 - 2017-04-28 22:54 - 00000000 ____D C:\Users\Home\Desktop\New folder
2017-04-26 07:08 - 2017-04-26 07:08 - 00000000 _____ C:\Users\Home\AppData\Local\{9D3A5011-6D17-4239-8B67-6976657C4AE5}
2017-04-25 08:44 - 2017-05-05 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-19 16:31 - 2017-04-19 16:31 - 00000000 _____ C:\Users\Home\Desktop\New Text Document.txt
2017-04-17 20:09 - 2017-04-17 20:11 - 175904226 _____ C:\Users\Home\Desktop\CART_1988_V1.0_FULL_INSTALL (2).7z
2017-04-16 20:50 - 2017-05-06 17:51 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-13 15:51 - 2009-07-14 12:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-13 15:51 - 2009-07-14 12:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-13 15:48 - 2017-04-04 00:21 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-05-13 15:48 - 2016-11-18 21:22 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Mozilla
2017-05-13 15:46 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-13 15:46 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-05-13 15:42 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-13 15:39 - 2017-02-27 16:38 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-13 15:39 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-13 15:39 - 2009-07-14 12:45 - 00326120 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-13 15:36 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-05-13 15:36 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-05-13 15:36 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Dism
2017-05-13 14:19 - 2016-09-21 09:29 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-13 07:09 - 2016-05-23 11:49 - 00000000 ____D C:\Users\Home\AppData\Local\Deployment
2017-05-12 19:46 - 2017-03-24 11:16 - 00001921 _____ C:\Users\Home\Desktop\Ace Player.lnk
2017-05-11 20:41 - 2016-05-21 17:59 - 00000000 ____D C:\Users\Home\AppData\Roaming\BitTorrent
2017-05-11 18:10 - 2016-05-26 15:33 - 00000000 ____D C:\Users\Home\Downloads\react
2017-05-11 10:42 - 2016-11-15 13:27 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-10 20:31 - 2016-12-11 15:30 - 00000000 ____D C:\Users\Home\AppData\Roaming\obs-studio
2017-05-10 20:31 - 2016-06-03 11:47 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc
2017-05-10 16:16 - 2016-05-22 10:29 - 00000000 ____D C:\Users\Home\AppData\Local\CrashDumps
2017-05-08 22:56 - 2017-02-27 17:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-06 18:06 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-06 17:53 - 2016-05-10 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-06 17:07 - 2016-05-10 21:10 - 00000000 ____D C:\Users\Home
2017-05-06 14:21 - 2016-11-18 15:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-05 15:38 - 2016-05-21 16:40 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-04 22:28 - 2016-11-13 19:57 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2017-05-02 15:47 - 2016-12-14 22:18 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2017-04-29 15:05 - 2017-04-04 00:21 - 00557912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-29 15:05 - 2017-04-04 00:21 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-28 23:34 - 2017-04-03 16:20 - 00000000 ____D C:\Users\Home\Desktop\Games
2017-04-28 23:34 - 2016-06-26 13:34 - 00000000 ____D C:\Users\Home\Desktop\GPSAVES
2017-04-28 22:56 - 2016-06-26 13:51 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-04-28 22:50 - 2017-04-09 23:08 - 00000000 ____D C:\Grand Prix 4
2017-04-28 22:13 - 2016-05-10 21:20 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
2017-04-28 07:43 - 2016-11-15 13:26 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 07:43 - 2016-11-15 13:26 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-23 16:57 - 2016-10-19 12:31 - 00000000 ____D C:\Users\Home\AppData\Roaming\HexChat
2017-04-16 20:34 - 2016-05-21 16:49 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-13 11:34 - 2017-02-27 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2016-10-14 12:52 - 2016-12-21 13:47 - 0621572 _____ () C:\Users\Home\AppData\Roaming\CompatAdmin.log
2016-11-10 20:10 - 2016-11-10 20:10 - 0000770 _____ () C:\Users\Home\AppData\Local\recently-used.xbel
2016-08-13 18:08 - 2016-08-13 18:08 - 0007611 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2017-04-26 07:08 - 2017-04-26 07:08 - 0000000 _____ () C:\Users\Home\AppData\Local\{9D3A5011-6D17-4239-8B67-6976657C4AE5}

Some files in TEMP:
====================
2017-04-16 19:14 - 2010-11-21 11:23 - 1731936 _____ (Microsoft Corporation) C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-13 07:46

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 14 May 2017 - 08:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Ace Stream Media 3.1.16.1 (HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\AceStream) (Version: 3.1.16.1 - Ace Stream Media) <==== ATTENTION
Wireshark 2.0.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.4 - The Wireshark developer community, hxxps://www.wireshark.org)
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FF HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Home\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\Home\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-02-01]
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.7 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
CHR Extension: (Ace Stream Web Extension) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-15]
CHR HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
Hosts:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please let me know what problem persists with this computer.

#3 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 15 May 2017 - 06:29 AM

I have done all of your steps.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Home (15-05-2017 17:44:09) Run:1
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available Profiles: Home)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FF HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Home\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\Home\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-02-01]
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3828139814-2548984782-3901974033-1000: @acestream.net/acestreamplugin,version=3.1.7 -> C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
CHR Extension: (Ace Stream Web Extension) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-15]
CHR HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
Hosts:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value not found.
C:\Users\Home\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found.
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.16.1 => key not found.
C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.6 => key removed successfully
C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.7 => key removed successfully
C:\Users\Home\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => moved successfully
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::a0a5:c220:79ed:269%12
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{59F10D26-14BC-4ADE-9406-472785947105}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{53D2790F-D2F1-4D51-A273-EF473BCF74C6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::a0a5:c220:79ed:269%12
   IPv4 Address. . . . . . . . . . . : 192.168.1.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{59F10D26-14BC-4ADE-9406-472785947105}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{53D2790F-D2F1-4D51-A273-EF473BCF74C6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:386c:34f1:836b:b03f
   Link-local IPv6 Address . . . . . : fe80::386c:34f1:836b:b03f%15
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv4 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {1CA004DB-21E2-4FEB-95C6-DBCCA4C34C37}.
Unable to cancel {8A45D2E5-2E1D-43E7-BC5E-603F68B2C927}.
Unable to cancel {3354B1F1-8924-4E71-ABA1-378DFB7F2B1A}.
Unable to cancel {E934B932-AB04-4E5D-BF58-8BF3793AC64F}.
Unable to cancel {D2E405E3-9E0C-4EAA-8CF4-3E4B265B9C34}.
Unable to cancel {6D36B41C-7F04-4C77-A31A-4F7FB8CA77FD}.
Unable to cancel {5AB06FF2-863A-4FA3-87FF-84C2C8D14E5A}.
Unable to cancel {594C0BA7-423E-4F82-8498-22D7A93014E8}.
Unable to cancel {B5E01B22-32C5-4861-BE52-E1501440FAF3}.
Unable to cancel {2FCD2779-91A8-45A4-9281-3B38C81B9AF2}.
Unable to cancel {6727A00C-F344-4B94-B897-57F2722D5021}.
Unable to cancel {CB6B4B58-1B95-42B9-B27C-6113C31F37DF}.
Unable to cancel {BA5C69E4-6CA2-4E87-89E6-99C363A2611D}.
Unable to cancel {7DEDD25A-93BD-4F63-B36C-37D9C135BF33}.
Unable to cancel {E033609E-7C25-4205-8B23-0C803974ACB3}.
Unable to cancel {82A92831-A206-43E7-B4CD-2CEF02629D25}.
Unable to cancel {C5E6F41F-9D80-47BC-B523-19092388A737}.
Unable to cancel {3ADFA405-FBE2-4DE1-B7F3-39C5FA48D7F1}.
Unable to cancel {D61E1684-79D3-4472-BABF-F61C039F2F8B}.
Unable to cancel {0F41045D-1860-4A0F-AADE-393F74B1E9E9}.
Unable to cancel {EFFB113E-EFEC-47EA-9070-5DB804809BF6}.
Unable to cancel {23F09696-F8CA-4A2D-9714-7BAB7AA85265}.
Unable to cancel {689514CC-B037-424D-A792-A659599F4359}.
Unable to cancel {189C8061-064D-465F-B2A8-09A380EBE426}.
Unable to cancel {DE12E470-E8C5-443D-B514-DA94F1A08A31}.
Unable to cancel {B5635C75-78CB-4E37-8472-C623269425B1}.
Unable to cancel {183936BF-A8FC-4C4F-A599-F26E1E1D32AB}.
Unable to cancel {3525AEB5-19E1-4633-AE48-ACA999E0B1F5}.
Unable to cancel {73F444BC-F449-4680-A3D6-A56A90D755EF}.
Unable to cancel {CDD3914A-DAE9-4FFE-98B0-385472A32BE3}.
Unable to cancel {56D18229-1130-4E80-8CDB-AEF15DEDC728}.
Unable to cancel {7D9A6865-2A3B-49FD-9573-862217B13BFB}.
Unable to cancel {CE855688-66ED-4391-8CC5-E29C03684EC1}.
Unable to cancel {D08FA525-569C-45C8-8DCD-10AFA1114BF4}.
Unable to cancel {DE308C9F-569C-43E2-8044-B3D0FA6851A2}.
Unable to cancel {E305584D-D767-4235-9240-0FD2C9AE65C8}.
Unable to cancel {B0967693-8CED-419C-B764-708F67786132}.
Unable to cancel {D0F4106F-02A8-4B65-9B0C-622DA53EBD7C}.
Unable to cancel {1079BBAD-5EE0-4CEB-9A2B-9E5CE41E59B3}.
Unable to cancel {A4C51347-B3FF-4DC7-87D2-51F7C8916F84}.
Unable to cancel {3A250C1F-9EEF-4861-BAF3-A0BD8F2A4D69}.
Unable to cancel {6685B47A-4247-477A-8413-08F64D982037}.
Unable to cancel {BF7EFAD4-1881-404F-B96D-332AEB927E42}.
Unable to cancel {60CD01C2-9857-414C-98A9-8A9694A686C0}.
Unable to cancel {D3564AE8-E1F3-4A56-8555-665DE94591DF}.
Unable to cancel {AEFFD550-2C22-41E6-BDCE-DCA74357B12D}.
Unable to cancel {708DC4F2-CAB7-482E-B3EC-65AEDC0C5EB6}.
Unable to cancel {FDAEB3E5-223F-4F0C-8A9C-F6E74A157905}.
Unable to cancel {3B03AAC9-614F-44B4-9E1D-EA49C1625473}.
Unable to cancel {CEB234AA-A13F-4EC6-8C1A-C15C1474BFAD}.
Unable to cancel {F3AEDA1E-67AC-4FA0-B996-29B644B43C09}.
Unable to cancel {49654A18-31C2-4FAF-A7F4-C565A52FC4F4}.
Unable to cancel {32723390-AF66-45AF-A363-9A61A957E9E1}.
Unable to cancel {8BAA09FF-E2A6-4F09-A21F-EAFEAF044FCB}.
Unable to cancel {76709CE6-7345-4922-AD81-2740A69C2837}.
Unable to cancel {F8AEAF39-E510-407A-A397-935C518E6672}.
Unable to cancel {ACC04157-9A4F-4943-A697-BFA441BE65A2}.
Unable to cancel {8EACF75F-41AF-433D-B7C8-9CA701DC2B32}.
Unable to cancel {1A81EA19-45FE-414D-87AE-979F3A7E469C}.
Unable to cancel {E2EFB17B-320C-458A-A5D7-CCD09C80C7DA}.
Unable to cancel {61FDF4C1-55AA-4056-AEE4-C4A4CC2D7EF0}.
Unable to cancel {2E61D4FA-1513-4180-A4CF-913E9C55649C}.
Unable to cancel {F64B5D62-4586-47AD-8B9A-39A70B618A51}.
Unable to cancel {151D2E42-9B2A-40E5-BA59-DEE1E477A3A8}.
Unable to cancel {1CB2D634-2DB8-4AF8-9762-B7F4AF4ABFD9}.
Unable to cancel {63EFECB4-014B-4C4C-9CF7-E738F63D9791}.
Unable to cancel {DF519ACA-FF96-45EB-9CA2-EA7D2288E689}.
Unable to cancel {26C83AFA-2F4B-4B00-81B3-98E8D5349A42}.
Unable to cancel {AEA1A6A6-4DC5-4C0E-873E-5876AD6BB7BB}.
Unable to cancel {66BB8103-34EA-4AC3-844D-0F21ACEA8D7F}.
Unable to cancel {0D3E4DC6-39FC-4EF1-B0AA-0F1F80F6795C}.
Unable to cancel {82CE02B3-EECB-44F8-B571-881EB87273D3}.
Unable to cancel {64035333-D5E6-4FFE-8817-8B7DD6F79D8A}.
Unable to cancel {BF246362-45A7-45B5-A69A-928F656B4473}.
Unable to cancel {0F67AF22-EF3F-4865-8A93-C2B13422046B}.
Unable to cancel {1A6AF950-B288-4F80-AA27-9D04AE632355}.
Unable to cancel {79E30A96-994F-4C0C-907D-7161F06447EF}.
Unable to cancel {A5B97AF5-5405-4802-BD53-E970BC456350}.
Unable to cancel {9A5C8713-0584-4480-BDBA-649CC8064032}.
Unable to cancel {0B327FB9-CA37-4456-B3C2-B64EB0077FA3}.
Unable to cancel {F8594A3E-89DC-4FB0-87AD-6905AF7E66FE}.
Unable to cancel {2015CAE4-5C20-4B9E-BA35-7B32E5A48F8E}.
Unable to cancel {98515974-8253-481C-932B-85B3C11EB504}.
Unable to cancel {388B874C-14A2-421B-AEB1-EE0BB0A9EBC7}.
Unable to cancel {224DD24E-A262-478F-9D65-758F7689E0A9}.
Unable to cancel {F91B67DE-4165-45BB-9C52-0D9C7F6066B4}.
Unable to cancel {8AF10BEF-6F4F-4B19-ACDC-8D6A23EC544B}.
0 out of 87 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6375211 B
Java, Flash, Steam htmlcache => 770 B
Windows/system/drivers => 4617022 B
Edge => 0 B
Chrome => 130048 B
Firefox => 145801888 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 99641 B
systemprofile32 => 424 B
LocalService => 132244 B
NetworkService => 284450 B
Home => 1018702251 B

RecycleBin => 311347 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:48:43 ====

 

I will re-install the Zenmate addon for firefox and will update.



#4 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 17 May 2017 - 07:08 AM

Getting another strange re-direct upon opening Zenmate, looks like a fake phishing site: http://i.imgur.com/XxD5VxJ.png

 

Typing the URL into google gave the western digital site:  http://i.imgur.com/2AL6gYe.png

 

What it is supposed to look like: http://i.imgur.com/2CdpZwy.png

 

EDit: In addition, typing zenmate into google returns the following:

 

http://i.imgur.com/5bPgBjE.png

 

And then once clicked on (the first result): http://i.imgur.com/K2gnnyN.png

 

wdc.com????

 

I typed wdc.com into google and clicked on it : http://i.imgur.com/XbESIAs.png

 

What is going on? I removed the extension. This is weird and I can't trust it anymore.


Edited by ggs1212, 17 May 2017 - 07:27 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 17 May 2017 - 08:52 AM


Lets check further.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

If you Sync your Crome data.
Delete Your Google Chrome Browser Sync Data
http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/
<<<>>>

#6 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 19 May 2017 - 05:32 AM

It didn't find any red items.

 

RogueKiller V12.10.9.0 (x64) [May 15 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/19/2017 17:43:49 (Duration : 00:31:28)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59F10D26-14BC-4ADE-9406-472785947105} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59F10D26-14BC-4ADE-9406-472785947105} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 4 ¤¤¤
[PUP.Gen1][File] C:\Users\Home\Desktop\ace_player.exe - Shortcut.lnk [LNK@] C:\Users\Home\AppData\Roaming\ACEStream\player\ace_player.exe -> Found
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\.ACEStream -> Found
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\ACEStream -> Found
[PUP.Gen1][File] C:\Users\Home\Desktop\ace_player.exe - Shortcut.lnk [LNK@] C:\Users\Home\AppData\Roaming\ACEStream\player\ace_player.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKX-60B7WT0 ATA Device +++++
--- User ---
[MBR] 9b53a13c9e43c665f337ad836b49bd25
[BSP] 57c86d4644d27f1a1e983daee38e7cf5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 19 May 2017 - 07:19 AM


Run the RogueKiller tool and deleted these PUP items.

[PUP.Gen1][File] C:\Users\Home\Desktop\ace_player.exe - Shortcut.lnk [LNK@] C:\Users\Home\AppData\Roaming\ACEStream\player\ace_player.exe -> Found
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\.ACEStream -> Found
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\ACEStream -> Found
[PUP.Gen1][File] C:\Users\Home\Desktop\ace_player.exe - Shortcut.lnk [LNK@] C:\Users\Home\AppData\Roaming\ACEStream\player\ace_player.exe -> Found


Restart the computer normally.

How is it now?

#8 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 22 May 2017 - 06:45 AM

RogueKiller V12.10.9.0 (x64) [May 15 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 05/22/2017 18:30:01 (Duration : 00:28:51)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59F10D26-14BC-4ADE-9406-472785947105} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59F10D26-14BC-4ADE-9406-472785947105} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\.ACEStream -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\aircast\devices.json -> Deleted
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\.ACEStream\aircast -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\broadcast_list.pickle -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\conf -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\cookies -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\cookies.pickle -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\ec.pem -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\ecpub.pem -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\external_player_manager.json -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\external_playlists.pickle -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\ml.xspf -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\options.sdb -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\playerconf.pickle -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\playlist\local.db -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\playlist\system.db -> Deleted
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\.ACEStream\playlist\tmp -> Deleted
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\.ACEStream\playlist -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\playlist.pickle -> Deleted
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\.ACEStream\plugins_cache -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\sessconfig.pickle -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\state.dat -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\sync\sync.db -> Deleted
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\.ACEStream\sync -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\user_messages.json -> Deleted
[PUP.Gen1][File] C:\Users\Home\AppData\Roaming\.ACEStream\vlc-205-qt-interface.ini -> Deleted
[PUP.Gen1][Folder] C:\Users\Home\AppData\Roaming\ACEStream -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKX-60B7WT0 ATA Device +++++
--- User ---
[MBR] 9b53a13c9e43c665f337ad836b49bd25
[BSP] 57c86d4644d27f1a1e983daee38e7cf5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Did another scan and delete



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 22 May 2017 - 07:43 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users