Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection, system not working properly.


  • This topic is locked This topic is locked
93 replies to this topic

#1 monkeyjoker

monkeyjoker

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 September 2017 - 10:29 PM

Hai,  Bleeping computer.

 

I do not know how malware installed in my system. I tried everything to remove this malware but it is not gone completely. Files are moving from folder to folder without my doing. Folders  renaming themselves. I used malwarebytes anti-malware, ESET scanner, adw cleaner, junkware removal tool, TDSS killer, Avast anti-virus. But everything is failed. So, I thought it is time for contact you people. I need to remove this malware.

 

FRST log : 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2017
Ran by teja (administrator) on MONKEYJOKER (28-09-2017 08:42:06)
Running from F:\progams\Joker prgms
Loaded Profiles: teja (Available Profiles: teja & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) D:\program files\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Update Service.exe
(AVAST Software s.r.o.) D:\program files\aswidsagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) D:\program files\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files\Plex\Plex Media Server\Plex Tuner Service.exe
(Python Software Foundation) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(MPC-HC Team) C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [15009280 2017-06-30] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1165920 2017-07-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\program files\AvLaunch.exe [239856 2017-09-22] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Run: [Plex Media Server] => C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe [16260584 2017-09-04] (Plex, Inc.)
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3878480 2014-08-20] (Tonec Inc.)
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {07383e37-ab94-11e5-a593-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {0d3f743f-c573-11e3-94e8-00177c0f22b2} - J:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {2632f500-fb72-11e3-891d-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {281ba21d-5b47-11e3-87c3-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {55fd480b-c55e-11e2-bd0b-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {573cef48-3efa-11e3-acb9-00177c0f22b2} - H:\Setup.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {6662b2a1-2ade-11e4-a9a7-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {6f9cd4cb-fb71-11e3-9cc5-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {70e79e54-3a33-11e4-82a3-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {73c59382-4c69-11e3-88ae-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {aa13cca1-bfc9-11e2-9a8c-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {c485de1a-3fb6-11e3-a980-00177c0f22b2} - H:\Setup.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {c635828f-5b47-11e3-b9f7-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e1cdb0a2-1b2b-11e6-8278-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e4087d13-53cd-11e4-9bf8-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e9ff6fb6-2add-11e4-be9a-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {fcb4530d-4c69-11e3-af17-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {fdaa2210-3f03-11e3-8cba-00177c0f22b2} - H:\Setup.exe /Auto
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe [16260584 2017-09-04] (Plex, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2017-08-19]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\teja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2017-08-19]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{E618CDF8-0EF2-4624-99EB-9DA1EE608404}: [NameServer] 172.28.28.1,8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=8&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: [S-1-5-21-2309560818-624024024-290004726-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2014-08-20] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\program files\aswWebRepIE.dll [2017-09-22] (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: mkticmnt.default
FF ProfilePath: C:\Users\teja\AppData\Roaming\Mozilla\Firefox\Profiles\mkticmnt.default [2017-09-27]
FF Extension: (Avast SafePrice) - C:\Users\teja\AppData\Roaming\Mozilla\Firefox\Profiles\mkticmnt.default\Extensions\sp@avast.com.xpi [2017-09-22]
FF Extension: (Avast Online Security) - C:\Users\teja\AppData\Roaming\Mozilla\Firefox\Profiles\mkticmnt.default\Extensions\wrc@avast.com.xpi [2017-09-22]
FF Extension: (Facemoods) - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com [2014-10-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SpeedBit Video Downloader\SPFireFox => not found
FF HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\teja\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\teja\AppData\Roaming\IDM\idmmzcc5 [2017-09-21] [not signed]
FF HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\teja\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-26] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default [2017-09-28]
CHR Extension: (Google Docs) - C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-22]
CHR Extension: (Google Drive) - C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-22]
CHR Extension: (YouTube) - C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-22]
CHR Extension: (Google Docs Offline) - C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-22]
CHR Extension: (Avast Online Security) - C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-22]
CHR Extension: (Gmail) - C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\teja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-22]
CHR Profile: C:\Users\teja\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-04]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-08-20]
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (0) - C:\Users\teja\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-07-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; D:\program files\aswidsagent.exe [5830352 2017-09-22] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\program files\AvastSvc.exe [275208 2017-09-22] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
R2 PlexUpdateService; C:\Program Files\Plex\Plex Media Server\Plex Update Service.exe [2093544 2017-09-04] (Plex, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267520 2017-09-22] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-09-22] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-09-22] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-09-22] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-09-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-09-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99568 2017-09-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-09-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [773800 2017-09-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [500136 2017-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [148232 2017-09-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296824 2017-09-22] (AVAST Software)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-06-30] (REALiX™)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2009-06-18] (CACE Technologies)
S3 qcusbnet; C:\Windows\System32\DRIVERS\qcusbnet.sys [366136 2017-03-15] (QUALCOMM Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2013-09-19] () [File not signed]
S3 via_cdc_acm; C:\Windows\System32\DRIVERS\MBlaze_USB_SER.sys [45056 2012-05-12] (VIA Telecom)
S3 VIA_USB_BusEnum; C:\Windows\System32\DRIVERS\MBlaze_USB_BusEnum.sys [36864 2012-05-12] ()
S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\MBlaze_USB_ETS.sys [18560 2012-05-12] (Via Telecom, Inc.)
S3 VIA_USB_WinMux; C:\Windows\System32\DRIVERS\MBlaze_USB_WinMux.sys [30080 2012-05-12] ()
R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2017-07-31] () [File not signed]
U3 afgksc4i; C:\Windows\system32\Drivers\afgksc4i.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 FXDrv32; \??\G:\FXDrv32.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IUFileFilter; \??\C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IUFileFilter.sys [X]
U4 secdrv; no ImagePath
S2 UefGdstor; \??\C:\Windows\system32\drivers\UefGdstor.sys [X] <==== ATTENTION
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-26 15:19 - 2017-09-26 15:19 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 15:19 - 2017-09-26 15:19 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-26 15:08 - 2017-09-27 08:23 - 000000000 ____D C:\Users\teja\AppData\LocalLow\Mozilla
2017-09-26 15:07 - 2017-09-26 15:08 - 000000000 ____D C:\Users\teja\AppData\Roaming\Mozilla
2017-09-26 15:07 - 2017-09-26 15:07 - 000001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-26 15:07 - 2017-09-26 15:07 - 000001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-26 15:07 - 2017-09-26 15:07 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2017-09-26 13:10 - 2017-09-26 13:12 - 007649280 ____C C:\Program Files\GUTFFA4.tmp
2017-09-26 13:10 - 2017-09-26 13:10 - 000000000 ___DC C:\Program Files\GUMFFA3.tmp
2017-09-26 13:09 - 2017-09-26 13:12 - 007649280 ____C C:\Program Files\GUT3A14.tmp
2017-09-26 13:09 - 2017-09-26 13:09 - 000000000 ___DC C:\Program Files\GUM3A13.tmp
2017-09-25 23:30 - 2017-09-25 23:30 - 000001852 _____ C:\Users\teja\Desktop\ESET scan.txt
2017-09-25 22:00 - 2017-09-25 22:01 - 000205200 _____ C:\TDSSKiller.3.1.0.15_25.09.2017_22.00.19_log.txt
2017-09-25 21:50 - 2017-09-25 21:53 - 000205348 _____ C:\TDSSKiller.3.1.0.15_25.09.2017_21.50.18_log.txt
2017-09-25 18:03 - 2017-09-25 18:03 - 000000000 ____D C:\Users\teja\AppData\Local\AVAST Software
2017-09-25 11:58 - 2017-09-27 06:36 - 000000000 ____D C:\Users\teja\AppData\Local\ESET
2017-09-23 22:46 - 2010-03-08 15:40 - 000009216 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2017-09-23 21:19 - 2017-09-23 21:19 - 000000274 ____H C:\Windows\Tasks\User_Feed_Synchronization-{443DF6D2-B0B4-47E8-9281-BCF0DDF609C6}.job
2017-09-23 21:01 - 2017-09-23 22:53 - 000000000 ____D C:\Users\teja\AppData\Roaming\FreeFixer
2017-09-23 21:01 - 2017-09-23 22:53 - 000000000 ____D C:\Users\teja\AppData\Local\FreeFixer
2017-09-23 18:08 - 2017-09-23 18:13 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-23 17:35 - 2017-09-23 17:35 - 001790024 _____ (Malwarebytes) C:\Users\teja\Downloads\JRT.exe
2017-09-23 17:34 - 2017-09-23 17:35 - 000406284 _____ C:\TDSSKiller.3.1.0.15_23.09.2017_17.34.12_log.txt
2017-09-23 11:57 - 2017-09-27 22:51 - 000000000 _____ C:\Windows\system32\last.dump
2017-09-23 06:59 - 2017-09-23 06:59 - 000000000 ___DC C:\Program Files\Common Files\DESIGNER
2017-09-22 21:15 - 2017-09-22 21:15 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\teja\Downloads\rkill.exe
2017-09-22 20:19 - 2017-09-22 20:19 - 000000000 ____D C:\Users\teja\AppData\Roaming\AVAST Software
2017-09-22 20:19 - 2017-09-22 20:19 - 000000000 ____D C:\Users\teja\AppData\Local\CEF
2017-09-22 20:18 - 2017-09-22 20:18 - 000148232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-09-22 20:18 - 2017-09-22 20:18 - 000000703 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-09-22 20:18 - 2017-09-22 20:18 - 000000300 ____H C:\Windows\Tasks\Avast Emergency Update.job
2017-09-22 20:18 - 2017-09-22 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-09-22 20:18 - 2017-09-22 20:17 - 000921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2017-09-22 20:18 - 2017-09-22 20:17 - 000773800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000500136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000304816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-09-22 20:18 - 2017-09-22 20:17 - 000296824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000267520 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000099568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-09-22 20:18 - 2017-09-22 20:17 - 000042856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-09-22 06:34 - 2017-09-22 06:34 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-09-22 06:34 - 2017-09-22 06:34 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-09-21 21:29 - 2017-09-26 14:46 - 000000000 ____D C:\Users\teja\AppData\Roaming\IDM
2017-09-21 21:29 - 2017-09-21 21:29 - 000000000 ___DC C:\Program Files\Internet Download Manager
2017-09-21 21:29 - 2017-09-21 21:29 - 000000000 ____D C:\Users\teja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-09-21 21:29 - 2017-09-21 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-09-20 19:14 - 2016-07-22 20:21 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-09-20 17:36 - 2017-09-20 17:36 - 000000000 ____D C:\Users\teja\AppData\Local\WindowsUpdate
2017-09-20 17:07 - 2017-04-28 04:20 - 003550208 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-09-20 16:59 - 2014-07-01 03:44 - 000008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2017-09-20 16:59 - 2014-06-06 11:46 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-09-20 16:59 - 2014-03-10 03:17 - 000619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2017-09-20 16:59 - 2014-03-10 03:17 - 000099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2017-09-20 16:49 - 2015-07-30 18:43 - 000103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-09-20 16:46 - 2015-07-15 23:25 - 001159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2017-09-20 16:46 - 2015-07-15 08:25 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-09-20 16:46 - 2014-11-11 08:14 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2017-09-20 16:45 - 2017-08-19 20:40 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-20 16:45 - 2017-08-16 20:40 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-20 16:45 - 2017-08-16 20:20 - 002403328 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-20 16:45 - 2017-08-15 20:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-20 16:45 - 2017-08-15 20:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-20 16:45 - 2017-08-14 23:05 - 002150912 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-20 16:45 - 2017-08-14 23:05 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-20 16:45 - 2017-08-14 23:05 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-20 16:45 - 2017-08-14 23:05 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-20 16:45 - 2017-08-14 03:00 - 001401344 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-20 16:45 - 2017-08-11 11:54 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-09-20 16:45 - 2017-08-11 11:54 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-20 16:45 - 2017-08-11 11:54 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-20 16:45 - 2017-08-11 11:54 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-20 16:45 - 2017-08-11 11:51 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000781824 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000299008 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:40 - 000066048 _____ C:\Windows\system32\PrintBrmUi.exe
2017-09-20 16:45 - 2017-08-11 11:39 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-20 16:45 - 2017-08-11 11:39 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-20 16:45 - 2017-08-11 11:39 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-20 16:45 - 2017-08-11 11:33 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-20 16:45 - 2017-08-11 11:31 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-20 16:45 - 2017-08-11 11:30 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-20 16:45 - 2017-08-11 11:30 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-20 16:45 - 2017-08-11 11:30 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-20 16:45 - 2017-08-11 11:30 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-20 16:45 - 2017-08-11 11:30 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-20 16:45 - 2017-08-11 11:28 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-20 16:45 - 2017-08-11 11:28 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-20 16:45 - 2017-08-11 11:26 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-20 16:45 - 2017-08-11 11:26 - 000311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-20 16:45 - 2017-08-11 11:26 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-20 16:45 - 2017-08-11 11:26 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-20 16:45 - 2017-08-11 11:26 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-20 16:45 - 2017-08-11 11:26 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-20 16:45 - 2017-08-11 11:25 - 000188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-20 16:45 - 2017-08-11 11:25 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-20 16:45 - 2017-08-11 11:25 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-20 16:45 - 2017-08-11 11:25 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-20 16:45 - 2017-08-11 11:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-20 16:45 - 2017-08-11 11:25 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-20 16:45 - 2017-08-11 11:25 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:25 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-20 16:45 - 2017-08-11 11:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-20 16:45 - 2017-07-29 20:20 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-09-20 16:45 - 2017-07-21 19:56 - 000518144 _____ C:\Windows\system32\msjetoledb40.dll
2017-09-20 16:45 - 2017-07-21 19:56 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll
2017-09-20 16:45 - 2017-07-21 19:56 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll
2017-09-20 16:45 - 2017-07-21 19:56 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-09-20 16:45 - 2017-07-14 20:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-09-20 16:45 - 2017-07-14 20:30 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-09-20 16:45 - 2017-07-14 20:30 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-09-20 16:45 - 2017-07-14 20:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-09-20 16:45 - 2017-07-14 20:29 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-09-20 16:45 - 2017-07-14 20:20 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-20 16:45 - 2017-07-14 20:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-09-20 16:45 - 2017-07-08 20:49 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-09-20 16:45 - 2017-07-07 20:45 - 000296680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-09-20 16:45 - 2017-07-07 20:41 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-09-20 16:45 - 2017-07-07 20:40 - 000973312 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-09-20 16:45 - 2017-07-01 18:35 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll
2017-09-20 16:45 - 2017-06-16 01:48 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-09-20 16:45 - 2017-06-13 03:59 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-09-20 16:45 - 2017-06-13 03:59 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-09-20 16:45 - 2017-06-13 03:59 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-09-20 16:45 - 2017-06-13 03:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-09-20 16:45 - 2017-06-13 03:36 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-09-20 16:45 - 2017-06-13 03:36 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-09-20 16:45 - 2017-06-13 03:36 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-09-20 16:45 - 2017-06-09 20:47 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-09-20 16:45 - 2017-06-02 13:27 - 000497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-09-20 16:45 - 2017-05-30 10:09 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-09-20 16:45 - 2017-05-30 10:09 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-09-20 16:45 - 2017-05-30 10:09 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-09-20 16:45 - 2017-05-21 09:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-09-20 16:45 - 2017-05-16 20:46 - 000730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-09-20 16:45 - 2017-05-16 20:46 - 000218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-09-20 16:45 - 2017-05-16 20:42 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-09-20 16:45 - 2017-05-12 23:37 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-09-20 16:45 - 2017-05-12 23:33 - 001082368 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-09-20 16:45 - 2017-05-12 23:33 - 000813056 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-09-20 16:45 - 2017-05-12 23:33 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-09-20 16:45 - 2017-05-12 23:33 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-09-20 16:45 - 2017-05-12 23:33 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-09-20 16:45 - 2017-05-12 23:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-09-20 16:45 - 2017-05-12 23:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-09-20 16:45 - 2017-05-10 20:46 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-09-20 16:45 - 2017-05-10 20:42 - 002953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-09-20 16:45 - 2017-05-10 20:42 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-09-20 16:45 - 2017-05-10 20:40 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-09-20 16:45 - 2017-05-10 20:31 - 002092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-09-20 16:45 - 2017-05-10 20:30 - 000573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-09-20 16:45 - 2017-05-10 20:30 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-09-20 16:45 - 2017-05-10 20:30 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-09-20 16:45 - 2017-05-10 20:30 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-09-20 16:45 - 2017-05-10 20:30 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-09-20 16:45 - 2017-05-10 20:30 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-09-20 16:45 - 2017-05-10 20:30 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-09-20 16:45 - 2017-05-07 20:44 - 000078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-09-20 16:45 - 2017-05-07 20:23 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-09-20 16:45 - 2017-04-21 20:45 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-09-20 16:45 - 2017-04-17 20:42 - 000581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-09-20 16:45 - 2017-04-12 20:56 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-09-20 16:45 - 2017-04-12 20:55 - 001176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-09-20 16:45 - 2017-04-12 20:55 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-09-20 16:45 - 2017-04-12 20:55 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-09-20 16:45 - 2017-04-04 20:22 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-09-20 16:45 - 2017-03-30 20:28 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-09-20 16:45 - 2017-03-10 21:50 - 001508352 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-09-20 16:45 - 2017-03-10 21:50 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-09-20 16:45 - 2017-03-10 21:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-09-20 16:45 - 2017-03-10 21:21 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-09-20 16:45 - 2017-03-10 21:21 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-09-20 16:45 - 2017-03-07 21:47 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-09-20 16:45 - 2017-03-04 06:44 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-09-20 16:45 - 2017-03-04 06:44 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-09-20 16:45 - 2017-02-09 21:44 - 000575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-09-20 16:45 - 2017-02-09 21:44 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-09-20 16:45 - 2017-02-09 21:44 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-09-20 16:45 - 2017-02-09 21:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-09-20 16:45 - 2017-02-09 21:21 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-09-20 16:45 - 2017-01-18 21:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-09-20 16:45 - 2017-01-13 23:15 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-09-20 16:45 - 2017-01-13 23:15 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-09-20 16:45 - 2017-01-11 23:13 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-09-20 16:45 - 2017-01-11 23:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-09-20 16:45 - 2016-11-20 21:49 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-09-20 16:45 - 2016-11-20 19:37 - 000373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-09-20 16:45 - 2016-11-10 21:49 - 000811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-09-20 16:45 - 2016-11-09 21:54 - 000105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-09-20 16:45 - 2016-11-09 21:47 - 002365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-09-20 16:45 - 2016-11-09 21:47 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-09-20 16:45 - 2016-11-09 21:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-09-20 16:45 - 2016-11-09 21:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-09-20 16:45 - 2016-11-09 21:47 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-09-20 16:45 - 2016-11-09 21:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-09-20 16:45 - 2016-10-11 20:48 - 001027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-09-20 16:45 - 2016-10-11 20:48 - 000829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-09-20 16:45 - 2016-10-11 20:48 - 000701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-09-20 16:45 - 2016-10-11 20:48 - 000430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-09-20 16:45 - 2016-10-11 20:48 - 000202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-09-20 16:45 - 2016-10-11 20:48 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-09-20 16:45 - 2016-10-11 20:48 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-09-20 16:45 - 2016-10-11 20:48 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-09-20 16:45 - 2016-10-11 20:48 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-09-20 16:45 - 2016-10-11 20:48 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-09-20 16:45 - 2016-10-11 20:48 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-09-20 16:45 - 2016-10-11 20:48 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-09-20 16:45 - 2016-10-11 20:48 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-09-20 16:45 - 2016-10-11 20:23 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-09-20 16:45 - 2016-10-11 20:21 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-09-20 16:45 - 2016-10-11 18:48 - 000419648 _____ C:\Windows\system32\locale.nls
2017-09-20 16:45 - 2016-10-08 18:35 - 000534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-09-20 16:45 - 2016-10-07 20:42 - 002291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-09-20 16:45 - 2016-10-07 20:42 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2017-09-20 16:45 - 2016-10-05 20:20 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-09-20 16:45 - 2016-09-15 20:21 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-09-20 16:45 - 2016-09-13 02:19 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-09-20 16:45 - 2016-09-09 02:04 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-09-20 16:45 - 2016-09-09 02:04 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-09-20 16:45 - 2016-09-08 20:19 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-09-20 16:45 - 2016-09-08 20:19 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-09-20 16:45 - 2016-08-21 18:35 - 000935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-09-20 16:45 - 2016-08-12 22:17 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-09-20 16:45 - 2016-08-12 22:17 - 011410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-09-20 16:45 - 2016-08-12 22:01 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-09-20 16:45 - 2016-08-12 22:01 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-09-20 16:45 - 2016-08-12 22:01 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-09-20 16:45 - 2016-08-12 21:51 - 000437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-09-20 16:45 - 2016-08-06 20:45 - 001178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-09-20 16:45 - 2016-08-06 20:45 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-09-20 16:45 - 2016-08-06 20:45 - 000214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-09-20 16:45 - 2016-08-06 20:45 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-09-20 16:45 - 2016-08-06 20:45 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-09-20 16:45 - 2016-08-06 20:23 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-09-20 16:45 - 2016-08-06 20:23 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-09-20 16:45 - 2016-08-06 20:23 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 001005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-09-20 16:45 - 2016-06-14 20:51 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-09-20 16:45 - 2016-06-14 20:47 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-09-20 16:45 - 2016-06-14 20:35 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-09-20 16:45 - 2016-06-14 20:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-09-20 16:45 - 2016-06-14 20:35 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-09-20 16:45 - 2016-06-14 20:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-09-20 16:45 - 2016-06-14 20:25 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-09-20 16:45 - 2016-06-14 20:24 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-09-20 16:45 - 2016-05-12 18:34 - 000249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-09-20 16:45 - 2016-03-24 04:12 - 000409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-09-20 16:45 - 2016-03-24 04:09 - 000470704 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-09-20 16:45 - 2016-01-22 11:34 - 000642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-09-20 16:45 - 2016-01-22 11:34 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2017-09-20 16:45 - 2016-01-22 11:32 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2017-09-20 16:45 - 2016-01-22 11:32 - 000114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-09-20 16:45 - 2015-07-30 23:27 - 001171456 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-09-20 16:45 - 2014-12-19 08:13 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2017-09-20 16:44 - 2014-09-04 10:34 - 000372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-09-20 16:44 - 2014-07-17 07:10 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2017-09-20 16:44 - 2014-07-17 07:09 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-09-20 16:44 - 2014-07-17 07:09 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-09-20 16:44 - 2014-07-17 07:09 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2017-09-20 16:44 - 2014-07-17 06:33 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2017-09-20 16:44 - 2014-07-17 06:32 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-09-20 16:43 - 2016-04-09 12:24 - 001011712 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-09-20 16:43 - 2016-01-07 00:11 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-09-20 16:43 - 2015-12-09 03:24 - 001620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 001568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 001325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 000902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 000740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-09-20 16:43 - 2015-12-09 03:24 - 000739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 000541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 000358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-09-20 16:43 - 2015-12-09 03:24 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2017-09-20 16:43 - 2015-12-09 03:23 - 000829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2017-09-20 16:43 - 2015-12-09 03:23 - 000609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2017-09-20 16:43 - 2015-12-09 03:23 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-09-20 16:43 - 2015-12-09 03:23 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-09-20 16:43 - 2015-12-09 03:23 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-09-20 16:43 - 2015-12-09 03:23 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-09-20 16:43 - 2015-12-09 03:23 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-09-20 16:43 - 2015-12-09 03:23 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2017-09-20 16:43 - 2015-12-09 03:13 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2017-09-20 16:43 - 2015-12-09 02:41 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2017-09-20 16:43 - 2015-12-09 02:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2017-09-20 16:43 - 2015-07-15 08:25 - 001390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-09-20 16:43 - 2015-07-15 08:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2017-09-20 16:43 - 2015-04-18 08:26 - 000342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-20 16:43 - 2014-10-25 07:02 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2017-09-20 16:43 - 2013-11-27 06:44 - 000258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-09-20 16:43 - 2013-11-27 06:43 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-09-20 16:43 - 2013-11-27 06:43 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-09-20 16:43 - 2013-11-27 06:43 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-09-20 16:43 - 2013-11-27 06:43 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-09-20 16:43 - 2013-11-27 06:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-09-20 16:43 - 2013-11-27 06:43 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-09-20 16:43 - 2013-10-12 07:33 - 000656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-09-20 16:43 - 2013-10-12 07:31 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-09-20 16:43 - 2013-10-12 07:31 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2017-09-20 16:42 - 2016-04-14 21:03 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-09-20 16:42 - 2016-04-06 16:06 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2017-09-20 16:42 - 2015-12-11 00:00 - 000981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 011033088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 006035968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 002088960 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 001267712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000624640 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000389120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000186368 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-20 16:42 - 2015-12-10 23:59 - 000132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-09-20 16:42 - 2015-12-10 23:59 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2017-09-20 16:42 - 2015-12-10 23:59 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-09-20 16:42 - 2015-12-10 23:58 - 001466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-20 16:42 - 2015-12-10 23:30 - 000386560 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-20 16:42 - 2015-12-10 23:15 - 001638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-20 16:42 - 2015-11-14 04:20 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-09-20 16:42 - 2015-11-14 04:20 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-09-20 16:42 - 2015-11-14 04:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-09-20 16:42 - 2014-06-18 07:21 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2017-09-20 16:42 - 2014-03-04 14:47 - 000538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2017-09-20 16:42 - 2014-03-04 14:47 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2017-09-20 16:42 - 2014-03-04 14:47 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2017-09-20 16:42 - 2014-03-04 14:47 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2017-09-20 16:42 - 2014-03-04 14:47 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2017-09-20 16:42 - 2014-03-04 14:47 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2017-09-20 16:42 - 2014-03-04 14:47 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2017-09-20 16:41 - 2016-05-12 20:48 - 000606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-09-20 16:41 - 2016-05-12 20:48 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-09-20 16:41 - 2016-05-12 20:48 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-09-20 16:41 - 2016-05-12 20:48 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-09-20 16:41 - 2016-05-12 20:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-09-20 16:41 - 2016-05-12 20:48 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-09-20 16:41 - 2016-05-12 20:48 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-09-20 16:41 - 2016-05-12 20:27 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2017-09-20 16:41 - 2016-05-12 20:27 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2017-09-20 16:41 - 2016-05-11 20:49 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-09-20 16:41 - 2016-05-11 20:49 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-09-20 16:41 - 2016-05-11 20:49 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-09-20 16:41 - 2016-05-11 20:49 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-09-20 16:41 - 2016-02-09 15:20 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-09-20 16:41 - 2016-02-05 00:11 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-09-20 16:41 - 2016-02-03 23:29 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2017-09-20 16:41 - 2015-12-09 03:23 - 000509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-09-20 16:41 - 2015-11-06 00:32 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2017-09-20 16:41 - 2015-11-05 15:18 - 000117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-09-20 16:41 - 2015-11-04 00:25 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-09-20 16:41 - 2015-10-13 10:20 - 000712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-09-20 16:41 - 2015-08-05 23:11 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-09-20 16:41 - 2015-07-09 23:12 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-09-20 16:41 - 2015-07-09 23:12 - 000179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-09-20 16:41 - 2015-06-02 05:17 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2017-09-20 16:41 - 2015-04-13 08:49 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2017-09-20 16:41 - 2015-03-04 09:40 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2017-09-20 16:41 - 2015-02-04 08:24 - 000318464 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-09-20 16:41 - 2015-02-03 08:42 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2017-09-20 16:41 - 2014-12-11 23:17 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-09-20 16:41 - 2014-12-06 09:20 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2017-09-20 16:41 - 2014-10-14 07:20 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-09-20 16:41 - 2013-10-19 07:06 - 000159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2017-09-20 16:41 - 2013-10-12 07:34 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2017-09-20 16:41 - 2013-10-12 07:33 - 000163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2017-09-20 16:41 - 2013-10-12 06:45 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2017-09-20 16:41 - 2013-10-12 06:45 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2017-09-20 16:40 - 2015-11-12 00:09 - 001242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-09-20 16:40 - 2015-11-12 00:09 - 000487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-09-20 16:40 - 2015-07-10 23:04 - 003221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-09-20 16:40 - 2015-07-10 23:04 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-09-20 16:40 - 2015-07-10 23:03 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2017-09-20 16:40 - 2014-06-19 03:53 - 001131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2017-09-20 16:40 - 2014-06-19 03:53 - 000156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2017-09-20 16:40 - 2014-06-19 03:53 - 000081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2017-09-20 16:35 - 2015-04-24 23:26 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2017-09-20 16:30 - 2014-12-08 08:16 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2017-09-19 18:18 - 2013-08-29 07:20 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-09-19 18:10 - 2017-09-25 17:47 - 000000134 _____ C:\Users\teja\Desktop\Internet Explorer Troubleshooting.url
2017-09-18 16:24 - 2017-09-27 08:56 - 000000000 ____D C:\Users\teja\AppData\Roaming\vlc
2017-09-18 16:24 - 2017-09-18 16:24 - 000001024 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-09-18 16:24 - 2017-09-18 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-09-18 16:20 - 2017-09-18 16:20 - 000000000 ____D C:\Users\teja\AppData\Roaming\Digiarty
2017-09-18 16:15 - 2017-09-18 16:15 - 000000000 ____D C:\Windows\dog2 dir
2017-09-18 15:49 - 2017-09-18 16:06 - 000000000 ____D C:\KMPlayer
2017-09-18 15:30 - 2017-09-18 15:30 - 000000000 ____D C:\Users\teja\AppData\Local\FreemakeVideoConverter
2017-09-18 15:29 - 2017-09-18 16:20 - 000000000 ___DC C:\Program Files\Freemake
2017-09-18 15:22 - 2017-09-18 15:22 - 000000000 ____D C:\Users\teja\AppData\Roaming\AVS4YOU
2017-09-18 15:22 - 2017-09-18 15:22 - 000000000 ____D C:\ProgramData\AVS4YOU
2017-09-18 15:21 - 2017-09-18 15:27 - 000000000 ___DC C:\Program Files\Common Files\AVSMedia
2017-09-18 15:21 - 2017-09-18 15:27 - 000000000 ___DC C:\Program Files\AVS4YOU
2017-09-18 15:21 - 2011-06-23 12:26 - 001700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-09-18 15:21 - 2011-06-23 12:25 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2017-09-15 16:14 - 2017-09-15 16:14 - 000000000 ____D C:\ProgramData\Wondershare
2017-09-06 22:32 - 2017-09-06 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-09-05 10:01 - 2017-09-05 10:01 - 000000000 ____D C:\Users\teja\AppData\Local\Apps\2.0
2017-09-04 11:22 - 2017-09-04 11:23 - 000000000 ____D C:\Users\teja\AppData\Local\{49247F78-6D8C-13C0-0014-3628247CCAB0}
2017-09-04 10:17 - 2017-09-25 21:56 - 000000000 ____D C:\AdwCleaner
2017-09-03 17:06 - 2017-09-03 17:06 - 000001064 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2017-09-03 16:42 - 2017-09-28 08:42 - 000000000 ____D C:\FRST
2017-09-02 14:15 - 2017-09-02 14:15 - 000001794 _____ C:\Users\Public\Desktop\Vuze.lnk
2017-09-02 14:15 - 2017-09-02 14:15 - 000001794 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2017-09-02 14:15 - 2017-09-02 14:15 - 000000000 ____D C:\Users\teja\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2017-09-02 14:14 - 2017-09-02 14:15 - 000000000 ___DC C:\Program Files\Vuze
2017-09-02 13:01 - 2017-09-02 13:01 - 000000000 ____D C:\Users\teja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-09-02 13:01 - 2017-09-02 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-09-02 11:49 - 2017-09-26 15:18 - 000000000 ___DC C:\Program Files\Google
2017-09-01 21:09 - 2017-09-01 21:09 - 000000000 ____D C:\Users\teja\AppData\Roaming\Locktime
2017-09-01 21:08 - 2017-09-01 21:08 - 000000000 ____D C:\ProgramData\Locktime
2017-09-01 15:24 - 2017-09-01 15:24 - 000000000 ____D C:\Users\teja\AppData\Roaming\Locktime Software
2017-09-01 10:19 - 2017-09-01 10:25 - 000000000 ___HD C:\Users\teja\AppData\Local\SysHashTable
2017-08-30 02:23 - 2017-08-30 02:23 - 000875720 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-08-30 02:23 - 2017-08-30 02:23 - 000536768 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-08-30 02:23 - 2017-08-30 02:23 - 000028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-08-30 02:23 - 2017-08-30 02:23 - 000018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-08-30 02:23 - 2017-08-30 02:23 - 000018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-08-30 02:23 - 2017-08-30 02:23 - 000018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-28 08:32 - 2017-06-30 21:21 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-09-27 23:02 - 2009-07-14 10:04 - 000013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-27 23:02 - 2009-07-14 10:04 - 000013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-27 22:51 - 2014-04-16 00:29 - 000000000 ____D C:\Users\teja\AppData\Roaming\DMCache
2017-09-27 11:32 - 2013-11-07 15:44 - 000000000 ___DC C:\Program Files\Folder Lock
2017-09-27 11:31 - 2017-02-27 20:01 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-26 15:08 - 2013-10-27 02:06 - 000790384 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-26 15:08 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2017-09-26 15:07 - 2014-06-19 19:36 - 000000000 ___DC C:\Program Files\mozilla firefox
2017-09-26 13:59 - 2013-11-08 19:15 - 000000000 ____D C:\Users\teja\AppData\Roaming\Azureus
2017-09-25 17:56 - 2014-10-04 15:31 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-09-25 17:56 - 2014-10-04 15:31 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-09-25 17:56 - 2014-10-04 15:31 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-09-25 17:56 - 2013-10-27 17:10 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-25 17:44 - 2013-11-08 17:39 - 000000000 ___DC C:\Program Files\Microsoft Office
2017-09-24 08:39 - 2013-05-15 18:47 - 000000000 ____D C:\Users\teja\AppData\Local\ElevatedDiagnostics
2017-09-24 08:39 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\system32\NDF
2017-09-24 06:56 - 2009-07-14 10:16 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-23 17:42 - 2017-07-31 07:24 - 000451898 _____ C:\Windows\ntbtlog.txt
2017-09-23 06:30 - 2009-07-14 08:07 - 000000000 ___DC C:\Program Files\Common Files\System
2017-09-23 06:30 - 2009-07-14 07:34 - 000000478 _____ C:\Windows\win.ini
2017-09-23 00:14 - 2014-06-18 19:23 - 000000000 ____D C:\Users\Guest
2017-09-22 20:30 - 2017-02-10 11:42 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-22 20:18 - 2017-02-09 15:41 - 000000000 ___DC C:\Program Files\Common Files\AV
2017-09-22 20:14 - 2013-10-27 18:22 - 000111472 _____ C:\Users\teja\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-22 07:39 - 2009-07-14 10:03 - 000419240 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-22 06:36 - 2009-07-14 08:07 - 000000000 ___DC C:\Program Files\Common Files\microsoft shared
2017-09-22 06:35 - 2014-04-16 11:12 - 000000000 ___DC C:\Program Files\Microsoft Works
2017-09-21 21:29 - 2017-02-11 22:10 - 000000979 _____ C:\Users\teja\Desktop\Internet Download Manager.lnk
2017-09-21 20:11 - 2017-06-30 16:53 - 000000000 ____D C:\Users\teja\AppData\LocalLow\IObit
2017-09-21 20:11 - 2017-06-30 16:52 - 000000000 ____D C:\Users\teja\AppData\Roaming\IObit
2017-09-21 20:11 - 2009-07-14 10:22 - 000000000 ____D C:\Windows\Performance
2017-09-21 19:51 - 2013-08-20 23:50 - 000000000 ____D C:\Windows\rescache
2017-09-21 09:51 - 2014-10-02 10:33 - 000000000 ____D C:\Users\teja\Downloads\Compressed
2017-09-20 20:28 - 2014-10-11 10:56 - 000000000 ___DC C:\Program Files\Microsoft Silverlight
2017-09-20 20:23 - 2014-10-11 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-09-20 17:54 - 2009-07-14 13:20 - 000000000 ___DC C:\Program Files\Windows Journal
2017-09-20 17:54 - 2009-07-14 10:22 - 000000000 ___DC C:\Program Files\DVD Maker
2017-09-20 17:54 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\system32\migwiz
2017-09-20 17:54 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\system32\Dism
2017-09-20 17:54 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-20 16:58 - 2013-08-20 08:20 - 000000000 ____D C:\Windows\system32\MRT
2017-09-20 16:55 - 2013-05-19 17:38 - 135337392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-20 15:37 - 2013-10-27 15:24 - 000000000 ____D C:\Windows\Panther
2017-09-19 20:41 - 2014-10-02 10:33 - 000000000 ____D C:\Users\teja\Downloads\Video
2017-09-19 06:36 - 2017-06-30 16:52 - 000000000 ___DC C:\Program Files\IObit
2017-09-18 16:24 - 2014-07-03 18:12 - 000000000 ___DC C:\Program Files\VideoLAN
2017-09-18 16:15 - 2013-09-09 22:09 - 000012288 _____ C:\Windows\impborl.dll
2017-09-15 16:14 - 2017-05-14 11:10 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2017-09-15 15:48 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\Web
2017-09-09 21:09 - 2017-08-04 17:09 - 000000000 ____D C:\Users\teja\AppData\Roaming\WhatsApp
2017-09-06 22:32 - 2014-05-05 17:56 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-06 22:27 - 2017-08-26 13:06 - 000000000 ____D C:\Users\teja\AppData\Local\Plex Media Server
2017-09-04 10:21 - 2017-07-03 07:47 - 000000000 ____D C:\Users\Default\AppData\Roaming\IObit
2017-09-04 10:21 - 2017-07-03 07:47 - 000000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2017-09-04 10:21 - 2017-06-30 16:53 - 000000000 ___DC C:\Program Files\Common Files\IObit
2017-09-04 10:21 - 2013-12-10 23:54 - 000000000 ____D C:\Users\teja\AppData\LocalLow\Yahoo!
2017-09-04 10:21 - 2013-10-27 02:02 - 000000000 ____D C:\Users\teja
2017-09-04 10:07 - 2013-11-16 18:53 - 000000008 __RSH C:\Users\teja\ntuser.pol
2017-09-04 10:06 - 2014-03-28 07:04 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-09-04 10:05 - 2013-10-29 18:44 - 000000000 ____D C:\Users\teja\AppData\LocalLow\Temp
2017-09-04 10:00 - 2009-07-14 08:07 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-09-04 09:46 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\tracing
2017-09-03 17:06 - 2017-07-21 04:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2017-09-02 13:01 - 2013-09-19 22:29 - 000000000 ___DC C:\Program Files\WinRAR
2017-09-02 08:53 - 2017-08-19 22:03 - 000000000 ____D C:\Users\teja\AppData\Local\Ojics
2017-09-02 08:53 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\Resources
2017-09-01 23:26 - 2017-02-27 20:01 - 000001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-09-01 14:40 - 2013-11-13 19:14 - 000000000 ____D C:\ProgramData\DatacardService
2017-09-01 14:28 - 2017-04-17 13:09 - 000002089 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-09-01 10:21 - 2014-11-15 20:19 - 000001156 _____ C:\Users\teja\Desktop\Format Factory.lnk
2017-09-01 10:20 - 2016-02-27 14:47 - 000002261 _____ C:\Users\Public\Desktop\4Videosoft 3D Converter.lnk
2017-08-29 19:58 - 2017-04-17 13:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2017-09-26 13:09 - 2017-09-26 13:12 - 007649280 ____C () C:\Program Files\GUT3A14.tmp
2017-09-26 13:10 - 2017-09-26 13:12 - 007649280 ____C () C:\Program Files\GUTFFA4.tmp
2013-09-15 05:57 - 2017-02-09 12:29 - 000000351 _____ () C:\Users\teja\AppData\Roaming\WB.CFG
2017-07-30 16:26 - 2017-07-30 16:26 - 000140800 _____ () C:\Users\teja\AppData\Local\installer.dat
2013-09-04 17:29 - 2013-09-04 17:29 - 000001464 _____ () C:\Users\teja\AppData\Local\recently-used.xbel
2014-06-07 12:16 - 2014-06-07 12:16 - 000007606 _____ () C:\Users\teja\AppData\Local\Resmon.ResmonCfg
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\teja\AppData\Local\{3A800570-C286-4EFB-9553-C83C9E4013DA}
2013-12-20 19:47 - 2013-12-20 19:47 - 000000000 _____ () C:\Users\teja\AppData\Local\{8906D520-381E-4CB1-A53A-13B40D9876DE}
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\teja\AppData\Local\{97CC91D3-50AD-49A1-93AE-A133B710855D}
2013-12-25 15:53 - 2013-12-25 15:53 - 000000000 _____ () C:\Users\teja\AppData\Local\{C2D2986C-58D3-4103-837E-B6B1F008D2AC}
2014-01-15 19:13 - 2014-01-15 19:15 - 000000000 _____ () C:\Users\teja\AppData\Local\{C816D3BA-546D-49E3-B246-9627F865D714}
2013-12-20 19:47 - 2013-12-20 19:48 - 000000000 _____ () C:\Users\teja\AppData\Local\{E16B8D95-C12C-454D-8E8E-966CA1A8BCF6}
2017-06-30 21:25 - 2017-06-30 21:25 - 000000000 _____ () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Windows\Tasks\{677ECD92-B63E-4276-B1B9-0F61A31A7FB4}.job
C:\Windows\Tasks\{C1B9B019-7D14-4886-ABA9-AB327C5295EE}.job
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2017-09-20 16:45] - [2016-11-10 21:49] - 000811520 _____ (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2016-12-28 15:30
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2017
Ran by teja (28-09-2017 08:42:46)
Running from F:\progams\Joker prgms
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-10-26 20:32:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2309560818-624024024-290004726-500 - Administrator - Disabled)
Guest (S-1-5-21-2309560818-624024024-290004726-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2309560818-624024024-290004726-1004 - Limited - Enabled)
teja (S-1-5-21-2309560818-624024024-290004726-1000 - Administrator - Enabled) => C:\Users\teja
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4Videosoft 3D Converter 5.1.8 (HKLM\...\{8C9467CB-02EF-4948-B1F3-725EEFA6D571}_is1) (Version:  - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
FastStone Image Viewer 6.3 (HKLM\...\FastStone Image Viewer) (Version: 6.3 - FastStone Soft)
Folder Lock (HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Folder Lock) (Version:  - New Softwares.net Inc.)
FormatFactory 3.00 (HKLM\...\FormatFactory) (Version: 3.00 - Free Time)
Google Chrome (HKLM\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
Guardius (HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Guardius) (Version: 1.0.0.26 - Perion Ltd.)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
K-Lite Mega Codec Pack 13.4.0 (HKLM\...\KLiteCodecPack_is1) (Version: 13.4.0 - KLCP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NVIDIA PhysX (HKLM\...\{64F67489-76BB-4CDD-A236-F954BE774B35}) (Version: 9.09.0025 - NVIDIA Corporation)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plex Media Server (HKLM\...\{43DD2A09-F547-4E27-9320-0BD928E781D6}) (Version: 1.8.4235 - Plex, Inc.) Hidden
Plex Media Server (HKLM\...\{8b910e84-0e70-4ba1-bde8-87fb1efb9688}) (Version: 1.8.3.4235 - Plex, Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
SmartView for IE (HKLM\...\{E9563CD0-B68D-4554-8C17-7C79F9951EB3}) (Version: 1.0.0.0 - DeviceVM, Inc.)
Stopping Plex (HKLM\...\{C0D1A9A3-6C62-4231-A297-971C5535B29C}) (Version: 1.8.4235 - Plex, Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
WhatsApp (HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\WhatsApp) (Version: 0.2.5863 - WhatsApp)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\program files\ashShell.dll [2017-09-22] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\program files\ashShell.dll [2017-09-22] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\program files\ashShell.dll [2017-09-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\program files\ashShell.dll [2017-09-22] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BBE5E49-2346-4591-850D-C9C4156ED844} - System32\Tasks\RunAsStdUser Task => C:\Users\teja\AppData\Local\RavenBleuSA\bin\1.0.17.0\RavenBleuSA.exe
Task: {16DEB970-B7AF-4E35-8658-7B5DA26273C1} - System32\Tasks\{3FEE9B30-F97F-4D7B-90FE-F55F56318489} => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Task: {1777FF32-0D85-4230-9F58-73470E9AA33F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {2C941E1D-5F78-4D65-A2C6-4F8D7293EE59} - System32\Tasks\{19A99814-8650-40FB-94B8-3719F4A4B8FD} => C:\Windows\system32\pcalua.exe -a "E:\games\Need for Speed 6\Need For Speed Hot Pursuit 2.exe" -d "E:\games\Need for Speed 6"
Task: {3A9A6A1F-BCD3-4723-AF0A-C65697EDCDC9} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: {3AFB6964-AF6B-452C-BF95-4ED34BC3EA91} - System32\Tasks\{C8F25A5C-2ECF-46BD-8CC9-88DBA519998C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Folder Lock\Uninstall.exe"
Task: {3FACA027-D827-4A4B-B7B8-ADCB6653FD8F} - System32\Tasks\{F100057F-BE62-4CB7-BA2C-676C04921A7B} => C:\Windows\system32\pcalua.exe -a "D:\New folder (2)\Q T P KEY\QTP 10.0 pach file for vista & win7.EXE" -d "D:\New folder (2)\Q T P KEY"
Task: {46C1D18E-350B-406A-B6F2-AFB8E52F8FF4} - System32\Tasks\{7DEC0C76-03A8-4E30-BAC0-F114CC7DE5EC} => C:\Windows\system32\pcalua.exe -a "E:\Movies\Breaking bad\AOE 2\Age_Of_Empires_2_v2.02a_Update\update\age2upa.exe" -d "E:\Movies\Breaking bad\AOE 2\Age_Of_Empires_2_v2.02a_Update\update"
Task: {4FF2A021-7B19-48CD-8EC7-AACD98BDE53B} - System32\Tasks\{5CD85DA3-A233-4DA0-8FA2-44E0F4601C83} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Google\Picasa3\Uninstall.exe"
Task: {6B11719C-B7C7-441C-B5D3-099B09EABBB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-26] (Google Inc.)
Task: {6DDA9371-64F3-4A8B-9E8B-5742F804294F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2309560818-624024024-290004726-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {7CEAF955-65F4-4C76-82FE-95B24CCEBE15} - System32\Tasks\{8768D412-C628-45B9-955E-0A7CEB074A86} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {8F54D9C8-FD64-47AB-8F7F-4F24AC64E93C} - System32\Tasks\{93FF08A6-280F-4B89-8A1D-597F8F290EBD} => C:\Windows\system32\pcalua.exe -a C:\Users\teja\Downloads\Programs\AVS_Media_Player.exe -d C:\Users\teja\Downloads\Programs
Task: {930CAAF0-9873-4C71-AFAA-600D1A933BAD} - System32\Tasks\{4FEA8E22-0264-46F1-A24A-C54EAD850F9F} => C:\Windows\system32\pcalua.exe -a "E:\MS OFFICE 2007\setup.exe" -d "E:\MS OFFICE 2007"
Task: {9F603203-8E98-4D3D-8A37-CE4FBD0DBCF5} - System32\Tasks\{8DF121A9-575A-4515-A40E-EE90F8AC1C77} => C:\Windows\system32\pcalua.exe -a "D:\New folder (2)\MS OFFICE 2007\setup.exe" -d "D:\New folder (2)\MS OFFICE 2007"
Task: {A8026234-AD1C-49F0-A290-1939F95A8F8D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-25] (Adobe Systems Incorporated)
Task: {A88C83D9-E578-4080-B56E-EBEE166CF91B} - System32\Tasks\{E1CCD415-5E6A-43B7-9ED2-873E2E603E8E} => C:\Windows\system32\pcalua.exe -a "D:\New folder (2)\office 2003\MSDE2000\MSDE2KS3.EXE" -d "D:\New folder (2)\office 2003\MSDE2000"
Task: {BCFDFBE1-A6FF-44CC-8F0B-BB3A3BE9D431} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2309560818-624024024-290004726-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {CE16B9E3-AFD9-41D2-9222-175A3DF0552A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-26] (Google Inc.)
Task: {D2831301-8688-419E-A0D1-1CE32A4C9BFF} - System32\Tasks\{D4A931F2-8059-4B95-8D64-2A80E2492AD3} => C:\Windows\system32\pcalua.exe -a C:\Users\teja\Downloads\Programs\ymsgr1150_0228_us.exe -d C:\Users\teja\Downloads\Programs
Task: {DCC59B4F-A7C6-4C92-A6F2-392249F1701B} - System32\Tasks\{B1C62484-C94D-44D0-8A2D-8D6D64EA4253} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {E3A17FC6-2782-45D7-A45E-EB056DEEB318} - System32\Tasks\{7E1751F8-B046-4041-83B6-CFBA641AA150} => C:\Windows\system32\pcalua.exe -a "D:\New folder (2)\MS OFFICE 2007\setup.exe" -d "D:\New folder (2)\MS OFFICE 2007"
Task: {F84A6D4B-A83F-4563-8530-6930ED6FD9CC} - System32\Tasks\{3A04F88A-7B9C-46F8-89CC-1CC2E7B74525} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\FTdownloader V4.0\Uninstall.exe" -c /fromcontrolpanel=1
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Avast Emergency Update.job => D:\program files\AvEmUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => c:\users\teja\downloads\chrome_cleanup_tool.exe
Task: C:\Windows\Tasks\Paverle Mapper.job => C:\Program Files\Atwudomstertersh\kuient.exe
Task: C:\Windows\Tasks\RunAsStdUser Task.job => C:\Program Files\IObit\Driver Booster\4.4.0\NoteIcon.exe C:\Program Files\IObit\Driver Booster\4.4.0\DriverBooster.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{443DF6D2-B0B4-47E8-9281-BCF0DDF609C6}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\{677ECD92-B63E-4276-B1B9-0F61A31A7FB4}.job => c:\program files\google\chrome\application\chrome.exeWhxxps:/www.skype.com/go/
Task: C:\Windows\Tasks\{C1B9B019-7D14-4886-ABA9-AB327C5295EE}.job => c:\program files\google\chrome\application\chrome.exeWhxxps:/www.skype.com/go/
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-22 20:17 - 2017-09-22 20:17 - 000059040 _____ () D:\program files\module_lifetime.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 000167096 _____ () D:\program files\JsonRpcServer.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 000211904 _____ () D:\program files\event_routing_rpc.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 000241960 _____ () D:\program files\tasks_core.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 000149568 _____ () D:\program files\network_notifications.dll
2017-09-27 22:35 - 2017-09-27 22:35 - 005904352 _____ () D:\program files\defs\17092704\algo.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 000685688 _____ () D:\program files\ffl2.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 000241448 _____ () D:\program files\streamback.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000083432 ____C () C:\Program Files\Plex\Plex Media Server\zlib.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000203240 ____C () C:\Program Files\Plex\Plex Media Server\libidn.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 000142792 _____ () d:\program files\vaarclient.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 067109376 _____ () D:\program files\libcef.dll
2017-09-22 20:17 - 2017-09-22 20:17 - 000233768 _____ () D:\program files\gaming_mode_ui.dll
2013-10-27 02:05 - 2015-06-01 21:00 - 000102912 _____ () C:\Windows\System32\IccLibDll.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 001083368 ____C () C:\Program Files\Plex\Plex Media Server\libxml2.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000115688 ____C () C:\Program Files\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000059880 ____C () C:\Program Files\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 001549104 ____C () C:\Program Files\Plex\Plex Media Server\libstdc++-6.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000127136 ____C () C:\Program Files\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000772072 ____C () C:\Program Files\Plex\Plex Media Server\tag.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 001741288 ____C () C:\Program Files\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 001962984 ____C () C:\Program Files\Plex\Plex Media Server\opencv_core2411.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000025576 ____C () C:\Program Files\Plex\Plex Media Server\lyric_lite.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000050152 ____C () C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000071656 ____C () C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000024552 ____C () C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000041448 ____C () C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000930280 ____C () C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000074728 ____C () C:\Program Files\Plex\Plex Media Server\libexslt.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000190952 ____C () C:\Program Files\Plex\Plex Media Server\libxslt.dll
2017-09-04 02:20 - 2017-09-04 02:20 - 000218088 ____C () C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000018920 ____C () C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000095720 ____C () C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000143336 ____C () C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000694248 ____C () C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-09-04 02:20 - 2017-09-04 02:20 - 000064488 ____C () C:\Program Files\Plex\Plex Media Server\TeVii.dll
2017-09-26 15:18 - 2017-09-21 10:27 - 003011928 ____C () C:\Program Files\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 15:18 - 2017-09-21 10:27 - 000086872 ____C () C:\Program Files\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-08-19 14:07 - 2017-08-01 14:30 - 000273920 ____C () C:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll
2017-08-19 14:07 - 2015-10-24 21:30 - 003502592 ____C () C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
2017-08-19 14:07 - 2016-11-15 14:30 - 003953664 ____C () C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffmpeg.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2017-09-21 09:52 - 000001866 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\teja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.28.28.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0163C973-E8CD-4D6D-B05C-DE261EA6128D}] => (Allow) LPort=135
FirewallRules: [{AFB9FA14-2459-49D0-9234-6201A4700312}] => (Allow) C:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe
FirewallRules: [{87A71D39-FE18-404E-B5D4-6541F4C0C10F}] => (Allow) C:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe
FirewallRules: [TCP Query User{37600526-31DE-4280-AE3D-3736707DC127}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{9826E9A5-3ABE-4E1A-9D3F-9711993E9577}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [{21379E60-D16B-4C94-AA3C-7EB96B9A5720}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{8FAFD9E6-0163-41E7-9BBA-3B7AB37D63F3}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{6F6AEDD3-59BC-4537-B7AE-3424003EAA47}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C9E2EFCD-4762-4F90-8CBD-E5825FD2ED12}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{E2C272FC-1C80-4F5F-B4C1-BDAAC55D6424}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{22DD7124-6023-48A1-9519-055854D1A667}] => (Block) LPort=445
FirewallRules: [{4C740D0B-64A8-48DB-967D-A53A68340C3A}] => (Block) LPort=445
FirewallRules: [{7A70AFB1-2ECF-4834-B24E-83E560629BB9}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{7D2FDFAC-2DA7-4CC6-A6F0-862A960DABC6}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{13C94155-EDEB-4123-A9AF-01D1656FF8FE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{0D264B67-288A-4A75-83C1-D73A55FEABEE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{83D41171-F620-4E15-83EE-36E28E1DAC45}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{4E792840-BCC6-486F-AF07-C3D9F0DD2DF3}] => (Allow) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{0D3A81CF-FDCF-46D8-93DB-217CCB7A23D6}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{C7FDF61F-7C8D-4D69-9795-5EA483063879}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{0F4C27D5-B579-460C-AD1A-72D7A8B30D5C}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{991FBB27-9DB3-4561-834D-2C694164D2D0}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{07BED21D-09CF-4E97-BF8C-31C01E887926}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{E24A83E6-6764-44D0-9F12-27A361E580A2}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{4DED7832-87E6-428B-AAB7-990A4725565D}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{008AECFE-1A08-44CD-9F15-D8BA703F7158}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{05EB9122-8DC2-4DB0-A98A-9D1984F92CA7}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{A47B89E5-D364-4107-9C79-70ECAB27C174}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{763D9EA4-AF44-4168-98C7-B7CD8B518F05}] => (Allow) C:\Program Files\mozilla firefox\firefox.exe
FirewallRules: [{129FA184-420F-4F20-AFCC-96075B9F1D83}] => (Allow) C:\Program Files\mozilla firefox\firefox.exe
FirewallRules: [{72EFF5B1-1CD9-4BFA-A292-D97B5C672327}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The service name is invalid.
 
More help is available by typing NET HELPMSG 2185.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 56%
Total physical RAM: 2922.64 MB
Available physical RAM: 1276.95 MB
Total Virtual: 5843.61 MB
Available Virtual: 4088.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.19 GB) (Free:0.51 GB) NTFS
Drive d: () (Fixed) (Total:145.49 GB) (Free:23.21 GB) NTFS
Drive e: () (Fixed) (Total:145.49 GB) (Free:38.38 GB) NTFS
Drive f: () (Fixed) (Total:145.49 GB) (Free:82.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 08620861)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=436.5 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 30 September 2017 - 07:37 PM

Greetings monkeyjoker and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

MGADiag Tool

-------------------
  • Download MGADiag Tool and save it to your desktop
  • Double click the icon then if necessary click OK on the Executable File warning
  • Click Run, then Continue
  • Once completed a Microsoft Genuine Advantage Diagnostic Tool screen will open
  • Click the Windows tab and click Copy
  • Paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • MGADiag report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 monkeyjoker

monkeyjoker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 02 October 2017 - 03:31 AM

Hai, Thank you for your consideration Gary. You can call me by my first name.

 

CKScanner report :

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.UVAAR0
 ----- EOF ----- 
 
MGADiag report shows this error. 
 
Failed to create output files, hr = 0*800706ba. Please contact support.
 
I ran MGADiag tool some times but it is showing the same error.

Edited by monkeyjoker, 02 October 2017 - 03:34 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 02 October 2017 - 08:54 AM

Greetings.

Please do this.

===================================================

Belarc Advisor

--------------------
  • Download Belarc Advisor and save it to your Desktop
  • Right click on the advisorinstaller icon and select Run as administrator
  • Click I Agree then Install
  • Allow the program to check for updates
  • If asked which browser you want to use to open the file select any browser installed on your computer
  • Hit the ctrl + S keys at the same time and save the web page with the default name to your Desktop
  • Please upload the file here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uploaded file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 monkeyjoker

monkeyjoker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 02 October 2017 - 10:15 AM

Greetings. I uploaded the file there. :guitar:  :guitar:



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 02 October 2017 - 11:44 AM

Thank you.

Please click Start, Control Panel, then System. Expand the window so it includes all information. Please take a screen shot of this window and attach it to your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 monkeyjoker

monkeyjoker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 02 October 2017 - 12:35 PM

Attached File  screen shot.jpg.png   493.38KB   0 downloads



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 02 October 2017 - 01:50 PM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {07383e37-ab94-11e5-a593-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {0d3f743f-c573-11e3-94e8-00177c0f22b2} - J:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {2632f500-fb72-11e3-891d-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {281ba21d-5b47-11e3-87c3-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {55fd480b-c55e-11e2-bd0b-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {573cef48-3efa-11e3-acb9-00177c0f22b2} - H:\Setup.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {6662b2a1-2ade-11e4-a9a7-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {6f9cd4cb-fb71-11e3-9cc5-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {70e79e54-3a33-11e4-82a3-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {73c59382-4c69-11e3-88ae-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {aa13cca1-bfc9-11e2-9a8c-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {c485de1a-3fb6-11e3-a980-00177c0f22b2} - H:\Setup.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {c635828f-5b47-11e3-b9f7-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e1cdb0a2-1b2b-11e6-8278-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e4087d13-53cd-11e4-9bf8-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e9ff6fb6-2add-11e4-be9a-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {fcb4530d-4c69-11e3-af17-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {fdaa2210-3f03-11e3-8cba-00177c0f22b2} - H:\Setup.exe /Auto
URLSearchHook: [S-1-5-21-2309560818-624024024-290004726-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = 
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SpeedBit Video Downloader\SPFireFox => not found
FF HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
U3 afgksc4i; C:\Windows\system32\Drivers\afgksc4i.sys [0 ] (Microsoft Corporation)
C:\Windows\system32\Drivers\afgksc4i.sys
S2 UefGdstor; \??\C:\Windows\system32\drivers\UefGdstor.sys [X]
C:\Windows\system32\drivers\UefGdstor.sys
2017-09-26 13:10 - 2017-09-26 13:12 - 007649280 ____C C:\Program Files\GUTFFA4.tmp
2017-09-26 13:10 - 2017-09-26 13:10 - 000000000 ___DC C:\Program Files\GUMFFA3.tmp
2017-09-26 13:09 - 2017-09-26 13:12 - 007649280 ____C C:\Program Files\GUT3A14.tmp
2017-09-26 13:09 - 2017-09-26 13:09 - 000000000 ___DC C:\Program Files\GUM3A13.tmp
C:\Users\teja\AppData\Local\{49247F78-6D8C-13C0-0014-3628247CCAB0}
C:\Users\teja\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\teja\AppData\Local\{3A800570-C286-4EFB-9553-C83C9E4013DA}
2013-12-20 19:47 - 2013-12-20 19:47 - 000000000 _____ () C:\Users\teja\AppData\Local\{8906D520-381E-4CB1-A53A-13B40D9876DE}
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\teja\AppData\Local\{97CC91D3-50AD-49A1-93AE-A133B710855D}
2013-12-25 15:53 - 2013-12-25 15:53 - 000000000 _____ () C:\Users\teja\AppData\Local\{C2D2986C-58D3-4103-837E-B6B1F008D2AC}
2014-01-15 19:13 - 2014-01-15 19:15 - 000000000 _____ () C:\Users\teja\AppData\Local\{C816D3BA-546D-49E3-B246-9627F865D714}
2013-12-20 19:47 - 2013-12-20 19:48 - 000000000 _____ () C:\Users\teja\AppData\Local\{E16B8D95-C12C-454D-8E8E-966CA1A8BCF6}
Task: C:\Windows\Tasks\{677ECD92-B63E-4276-B1B9-0F61A31A7FB4}.job => c:\program files\google\chrome\application\chrome.exeWhxxps:/www.skype.com/go/
Task: C:\Windows\Tasks\{C1B9B019-7D14-4886-ABA9-AB327C5295EE}.job => c:\program files\google\chrome\application\chrome.exeWhxxps:/www.skype.com/go/
c:\program files\google\chrome\application\chrome.exeWhxxps:
Folder: C:\Windows\dog2 dir
Folder: C:\Users\teja\AppData\Local\Ojics
hosts:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 monkeyjoker

monkeyjoker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 02 October 2017 - 11:43 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 01-10-2017
Ran by teja (03-10-2017 10:05:35) Run:1
Running from F:\progams\Joker prgms\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: teja (Available Profiles: teja & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {07383e37-ab94-11e5-a593-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {0d3f743f-c573-11e3-94e8-00177c0f22b2} - J:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {2632f500-fb72-11e3-891d-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {281ba21d-5b47-11e3-87c3-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {55fd480b-c55e-11e2-bd0b-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {573cef48-3efa-11e3-acb9-00177c0f22b2} - H:\Setup.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {6662b2a1-2ade-11e4-a9a7-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {6f9cd4cb-fb71-11e3-9cc5-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {70e79e54-3a33-11e4-82a3-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {73c59382-4c69-11e3-88ae-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {aa13cca1-bfc9-11e2-9a8c-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {c485de1a-3fb6-11e3-a980-00177c0f22b2} - H:\Setup.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {c635828f-5b47-11e3-b9f7-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e1cdb0a2-1b2b-11e6-8278-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e4087d13-53cd-11e4-9bf8-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e9ff6fb6-2add-11e4-be9a-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {fcb4530d-4c69-11e3-af17-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {fdaa2210-3f03-11e3-8cba-00177c0f22b2} - H:\Setup.exe /Auto
URLSearchHook: [S-1-5-21-2309560818-624024024-290004726-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = 
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SpeedBit Video Downloader\SPFireFox => not found
FF HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
U3 afgksc4i; C:\Windows\system32\Drivers\afgksc4i.sys [0 ] (Microsoft Corporation)
C:\Windows\system32\Drivers\afgksc4i.sys
S2 UefGdstor; \??\C:\Windows\system32\drivers\UefGdstor.sys [X]
C:\Windows\system32\drivers\UefGdstor.sys
2017-09-26 13:10 - 2017-09-26 13:12 - 007649280 ____C C:\Program Files\GUTFFA4.tmp
2017-09-26 13:10 - 2017-09-26 13:10 - 000000000 ___DC C:\Program Files\GUMFFA3.tmp
2017-09-26 13:09 - 2017-09-26 13:12 - 007649280 ____C C:\Program Files\GUT3A14.tmp
2017-09-26 13:09 - 2017-09-26 13:09 - 000000000 ___DC C:\Program Files\GUM3A13.tmp
C:\Users\teja\AppData\Local\{49247F78-6D8C-13C0-0014-3628247CCAB0}
C:\Users\teja\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\teja\AppData\Local\{3A800570-C286-4EFB-9553-C83C9E4013DA}
2013-12-20 19:47 - 2013-12-20 19:47 - 000000000 _____ () C:\Users\teja\AppData\Local\{8906D520-381E-4CB1-A53A-13B40D9876DE}
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\teja\AppData\Local\{97CC91D3-50AD-49A1-93AE-A133B710855D}
2013-12-25 15:53 - 2013-12-25 15:53 - 000000000 _____ () C:\Users\teja\AppData\Local\{C2D2986C-58D3-4103-837E-B6B1F008D2AC}
2014-01-15 19:13 - 2014-01-15 19:15 - 000000000 _____ () C:\Users\teja\AppData\Local\{C816D3BA-546D-49E3-B246-9627F865D714}
2013-12-20 19:47 - 2013-12-20 19:48 - 000000000 _____ () C:\Users\teja\AppData\Local\{E16B8D95-C12C-454D-8E8E-966CA1A8BCF6}
Task: C:\Windows\Tasks\{677ECD92-B63E-4276-B1B9-0F61A31A7FB4}.job => c:\program files\google\chrome\application\chrome.exeWhxxps:/www.skype.com/go/
Task: C:\Windows\Tasks\{C1B9B019-7D14-4886-ABA9-AB327C5295EE}.job => c:\program files\google\chrome\application\chrome.exeWhxxps:/www.skype.com/go/
c:\program files\google\chrome\application\chrome.exeWhxxps:
Folder: C:\Windows\dog2 dir
Folder: C:\Users\teja\AppData\Local\Ojics
hosts:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => key removed successfully.
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I => key removed successfully.
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07383e37-ab94-11e5-a593-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{07383e37-ab94-11e5-a593-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d3f743f-c573-11e3-94e8-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{0d3f743f-c573-11e3-94e8-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2632f500-fb72-11e3-891d-806e6f6e6963} => key removed successfully.
HKLM\Software\Classes\CLSID\{2632f500-fb72-11e3-891d-806e6f6e6963} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{281ba21d-5b47-11e3-87c3-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{281ba21d-5b47-11e3-87c3-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55fd480b-c55e-11e2-bd0b-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{55fd480b-c55e-11e2-bd0b-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{573cef48-3efa-11e3-acb9-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{573cef48-3efa-11e3-acb9-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6662b2a1-2ade-11e4-a9a7-806e6f6e6963} => key removed successfully.
HKLM\Software\Classes\CLSID\{6662b2a1-2ade-11e4-a9a7-806e6f6e6963} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f9cd4cb-fb71-11e3-9cc5-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{6f9cd4cb-fb71-11e3-9cc5-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70e79e54-3a33-11e4-82a3-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{70e79e54-3a33-11e4-82a3-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c59382-4c69-11e3-88ae-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{73c59382-4c69-11e3-88ae-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa13cca1-bfc9-11e2-9a8c-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{aa13cca1-bfc9-11e2-9a8c-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c485de1a-3fb6-11e3-a980-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{c485de1a-3fb6-11e3-a980-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c635828f-5b47-11e3-b9f7-806e6f6e6963} => key removed successfully.
HKLM\Software\Classes\CLSID\{c635828f-5b47-11e3-b9f7-806e6f6e6963} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1cdb0a2-1b2b-11e6-8278-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{e1cdb0a2-1b2b-11e6-8278-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4087d13-53cd-11e4-9bf8-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{e4087d13-53cd-11e4-9bf8-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9ff6fb6-2add-11e4-be9a-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{e9ff6fb6-2add-11e4-be9a-00177c0f22b2} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcb4530d-4c69-11e3-af17-806e6f6e6963} => key removed successfully.
HKLM\Software\Classes\CLSID\{fcb4530d-4c69-11e3-af17-806e6f6e6963} => key not found. 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdaa2210-3f03-11e3-8cba-00177c0f22b2} => key removed successfully.
HKLM\Software\Classes\CLSID\{fdaa2210-3f03-11e3-8cba-00177c0f22b2} => key not found. 
Could not restore Default URLSearchHook.
HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key removed successfully.
HKLM\Software\Classes\CLSID\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value removed successfully.
HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value removed successfully.
afgksc4i => service not found.
"C:\Windows\system32\Drivers\afgksc4i.sys" => not found.
UefGdstor => service not found.
"C:\Windows\system32\drivers\UefGdstor.sys" => not found.
C:\Program Files\GUTFFA4.tmp => moved successfully
C:\Program Files\GUMFFA3.tmp => moved successfully
C:\Program Files\GUT3A14.tmp => moved successfully
C:\Program Files\GUM3A13.tmp => moved successfully
"C:\Users\teja\AppData\Local\{49247F78-6D8C-13C0-0014-3628247CCAB0}" => not found.
"C:\Users\teja\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}" => not found.
"C:\Users\teja\AppData\Local\{3A800570-C286-4EFB-9553-C83C9E4013DA}" => not found.
"C:\Users\teja\AppData\Local\{8906D520-381E-4CB1-A53A-13B40D9876DE}" => not found.
"C:\Users\teja\AppData\Local\{97CC91D3-50AD-49A1-93AE-A133B710855D}" => not found.
"C:\Users\teja\AppData\Local\{C2D2986C-58D3-4103-837E-B6B1F008D2AC}" => not found.
"C:\Users\teja\AppData\Local\{C816D3BA-546D-49E3-B246-9627F865D714}" => not found.
"C:\Users\teja\AppData\Local\{E16B8D95-C12C-454D-8E8E-966CA1A8BCF6}" => not found.
C:\Windows\Tasks\{677ECD92-B63E-4276-B1B9-0F61A31A7FB4}.job => not found.
C:\Windows\Tasks\{C1B9B019-7D14-4886-ABA9-AB327C5295EE}.job => not found.
"c:\program files\google\chrome\application\chrome.exeWhxxps:" => not found.
 
========================= Folder: C:\Windows\dog2 dir ========================
 
2017-09-18 16:15 - 2017-09-18 16:15 - 001688899 _____ () C:\Windows\dog2 dir\installer.scf
2017-09-18 16:15 - 2017-09-18 16:15 - 000000079 _____ () C:\Windows\dog2 dir\saver.ini
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\teja\AppData\Local\Ojics ========================
 
not found.
 
====== End of Folder: ======
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:06:37 ====
 
 
system performance little better. but still needs some tasks

Edited by monkeyjoker, 03 October 2017 - 02:28 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 03 October 2017 - 09:07 AM

Thanks.

Do these look familiar to you?
 

C:\Windows\dog2 dir\installer.scf
C:\Windows\dog2 dir\saver.ini


-----
 

but still needs some tasks

What does this mean?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 monkeyjoker

monkeyjoker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 03 October 2017 - 10:11 AM

Greetings.

 

Yes, C:\ windows\dog2 installer saver are familiar. 

 Still need some tasks means we need to perform some scannings, programs to remove the malware completely.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 03 October 2017 - 01:09 PM

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 monkeyjoker

monkeyjoker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 03 October 2017 - 08:57 PM

Hai, Greetings. little bit better. Main issue is with internet. I think it is consuming bandwidth. I am sending you two pics of Realtek HD Audio Manager. This happened after infection with malware. ''https://bestwinsoft.com/system/drivers/realtek-high-definition-audio-drivers/summary' Is this site is safe to download Realtek HD Audio Drivers or am I have to install it with a disk. Actually I had a disk.

Attached Files



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,449 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 04 October 2017 - 09:19 AM

Your pictures don't really explain what you are saying. To update drivers do this.

===================================================

Updating Driver Through Device Manager

----------
  • Press windows key Windows Key + R at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Sound, video and game controllers device by clicking the + sign
  • Right click on the below entry and select Update driver

HD Audio Manager

  • Allow the computer to check Windows Update by selecting Yes, this time only then click Next
  • Select Install the software automatically (Recommended) then click Next
  • Reboot your computer and check for symptoms (if no driver was found and installed let me know)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#15 monkeyjoker

monkeyjoker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 04 October 2017 - 10:52 AM

Greetings :guitar:  :guitar: ,  watch the pictures I rounded it up with red ink. "Sound effects, Room correction'' are not appearing now. And I tried to update driver HD Audio Manager but it showed the message ''it is already up to date'' some changes occurred to my system after infection with malware. 

 

1. It damaged Realtek HD audio manager, Internet download manager.

2. It is moving my files from folder to folder and renaming them without my permission.

3. It is slowly consuming internet bandwidth.

                                         

The malware installed automatically. I do not even know how it is happened. This is crazy malware. :killcomp:   

Attached Files


Edited by monkeyjoker, 04 October 2017 - 11:20 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users