Jump to content

frustrated_nerd

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you very much for all your help! I really appreciate it Regards Lalitha
  2. The Sophos scan is completed as well and it says "Your Computer is Clean" and Number of Threats Found: 0. Thanks Lalitha
  3. Oh.. Sorry forgot to attach that report. Here it is! I am not sure I understand what you mean by the operating system status but the operating system running in my laptop is Windows 7 Enterprise Service pack 1 and it states that the windows is activated. As of now I am not having any remaining issues or concerns. The Sophos is still scanning. I shall update when it is done! Thanks Lalitha Fixlog.txt
  4. Hi Kevin Thank you very much for the links and the instructions. Am pasting the log report for the Zemana Antimalware scan. Will let you know the report of Sophos once its finished the scanning. Zemana AntiMalware 2.20.1.905 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/5/25 Operating System : Windows 7 64-bit Processor : 4X Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz BIOS Mode : Legacy CUID : 0035285EF70B214EC0D217 Scan Type : Scheduled Scan Duration : 1m 44s Scanned Objects : 20460 Detected Objects : 9 Excluded Objects : 0 Read Level : Normal Auto Upload : ON Detect All Extensions : OFF Scan Documents : OFF Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Firefox Homepage Status : Scanned Object : https://www.startpage.com/uk/ MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Firefox Homepage ld.exe Status : Scanned Object : %userprofile%\downloads\arduino-nightly-windows\arduino-nightly\hardware\tools\avr\avr\bin\ld.exe MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2 Publisher : - Size : 1084416 Version : - Detection : Malware:Win32/Vorniac.A!Tktk Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\arduino-nightly-windows\arduino-nightly\hardware\tools\avr\avr\bin\ld.exe ld.bfd.exe Status : Scanned Object : %userprofile%\downloads\arduino-nightly-windows\arduino-nightly\hardware\tools\avr\avr\bin\ld.bfd.exe MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2 Publisher : - Size : 1084416 Version : - Detection : Malware:Win32/Vorniac.A!Tktk Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\arduino-nightly-windows\arduino-nightly\hardware\tools\avr\avr\bin\ld.bfd.exe avr-ld.bfd.exe Status : Scanned Object : %userprofile%\downloads\arduino-nightly-windows\arduino-nightly\hardware\tools\avr\bin\avr-ld.bfd.exe MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2 Publisher : - Size : 1084416 Version : - Detection : Malware:Win32/Vorniac.A!Tktk Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\arduino-nightly-windows\arduino-nightly\hardware\tools\avr\bin\avr-ld.bfd.exe avr-ld.exe Status : Scanned Object : %userprofile%\downloads\arduino-nightly-windows\arduino-nightly\hardware\tools\avr\bin\avr-ld.exe MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2 Publisher : - Size : 1084416 Version : - Detection : Malware:Win32/Vorniac.A!Tktk Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\arduino-nightly-windows\arduino-nightly\hardware\tools\avr\bin\avr-ld.exe ld.bfd.exe Status : Scanned Object : %userprofile%\downloads\arduino-1.6.7-windows\arduino-1.6.7\hardware\tools\avr\avr\bin\ld.bfd.exe MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2 Publisher : - Size : 1084416 Version : - Detection : Malware:Win32/Vorniac.A!Tktk Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\arduino-1.6.7-windows\arduino-1.6.7\hardware\tools\avr\avr\bin\ld.bfd.exe ld.exe Status : Scanned Object : %userprofile%\downloads\arduino-1.6.7-windows\arduino-1.6.7\hardware\tools\avr\avr\bin\ld.exe MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2 Publisher : - Size : 1084416 Version : - Detection : Malware:Win32/Vorniac.A!Tktk Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\arduino-1.6.7-windows\arduino-1.6.7\hardware\tools\avr\avr\bin\ld.exe avr-ld.bfd.exe Status : Scanned Object : %userprofile%\downloads\arduino-1.6.7-windows\arduino-1.6.7\hardware\tools\avr\bin\avr-ld.bfd.exe MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2 Publisher : - Size : 1084416 Version : - Detection : Malware:Win32/Vorniac.A!Tktk Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\arduino-1.6.7-windows\arduino-1.6.7\hardware\tools\avr\bin\avr-ld.bfd.exe avr-ld.exe Status : Scanned Object : %userprofile%\downloads\arduino-1.6.7-windows\arduino-1.6.7\hardware\tools\avr\bin\avr-ld.exe MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2 Publisher : - Size : 1084416 Version : - Detection : Malware:Win32/Vorniac.A!Tktk Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\arduino-1.6.7-windows\arduino-1.6.7\hardware\tools\avr\bin\avr-ld.exe Cleaning Result ------------------------------------------------------- Cleaned : 9 Reported as safe : 0 Failed : 0 Have a good day. Thanks Regards Lalitha
  5. Hi Kevin Thank you very much for your response. I have attached the RKill log file and the Addition.txt file. The MalwareBytes scan results are as follows Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 24/05/2016 Scan Time: 21:31 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.05.24.06 Rootkit Database: v2016.05.20.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Lalitha Venugopalan Scan Type: Threat Scan Result: Completed Objects Scanned: 359483 Time Elapsed: 9 min, 26 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) The result of the FRST scan results are as follows Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-05-2016 01 Ran by Lalitha Venugopalan (administrator) on LP33430 (24-05-2016 21:44:13) Running from C:\Users\Lalitha Venugopalan\Desktop Loaded Profiles: Lalitha Venugopalan (Available Profiles: Lalitha Venugopalan & Administrator) Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\masvc.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (Verdiem Corporation) C:\Program Files (x86)\Verdiem\Surveyor Agent\Bin\PwrMgrService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\x86\macompatsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\x86\UpdaterUI.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\x86\mctray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Verdiem Corporation) C:\Program Files (x86)\Verdiem\Surveyor Agent\Bin\PwrMgrUserSession.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\x86\McScript_InUse.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [381272 2014-01-03] (Alps Electric Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-10-02] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [SoftGridTray] => C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTTray.exe [859304 2013-08-21] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\x86\UpdaterUI.exe [516432 2016-01-12] (McAfee, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe", Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2473402712-3529054256-170632053-1005\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2473402712-3529054256-170632053-1005\...\Run: [Google Update] => C:\Users\Lalitha Venugopalan\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) HKU\S-1-5-21-2473402712-3529054256-170632053-1005\...\Run: [ypswqa] => rundll32 "C:\Users\Lalitha Venugopalan\AppData\Roaming\colbact0.dll",Euhjdkxoo HKU\S-1-5-21-2473402712-3529054256-170632053-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.) HKU\S-1-5-21-2473402712-3529054256-170632053-1005\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-2473402712-3529054256-170632053-1005\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2015-12-16] ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BGInfo.vbs [2011-06-09] () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{0B139176-F814-463D-BC30-77966C4CFBB7}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{C6AE77CB-6D1A-4319-A982-31F76FE50694}: [DhcpNameServer] 10.254.10.8 10.254.10.13 Internet Explorer: ================== HKU\S-1-5-21-2473402712-3529054256-170632053-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKU\S-1-5-21-2473402712-3529054256-170632053-1005 -> {5756C4F9-49FB-4004-B889-E6C78F5573E6} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20160523103216.dll [2016-05-23] (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-21] (Oracle Corporation) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20160523103217.dll [2016-05-23] (McAfee, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-21] (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKLM-x32 - Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files (x86)\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll [2006-07-07] (Eduserv Technologies Limited) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Lalitha Venugopalan\AppData\Roaming\Mozilla\Firefox\Profiles\ue2yffru.default FF DefaultSearchEngine: StartPage - English UK FF Homepage: hxxps://www.startpage.com/uk/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-02-02] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2473402712-3529054256-170632053-1005: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lalitha Venugopalan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2473402712-3529054256-170632053-1005: @talk.google.com/O1DPlugin -> C:\Users\Lalitha Venugopalan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2473402712-3529054256-170632053-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Lalitha Venugopalan\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin HKU\S-1-5-21-2473402712-3529054256-170632053-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Lalitha Venugopalan\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-04-27] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-04-27] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-04-27] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-04-27] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-04-27] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-04-27] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-04-27] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Lalitha Venugopalan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Lalitha Venugopalan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF SearchPlugin: C:\Users\Lalitha Venugopalan\AppData\Roaming\Mozilla\Firefox\Profiles\ue2yffru.default\searchplugins\startpage---english-uk.xml [2016-03-23] FF SearchPlugin: C:\Users\Lalitha Venugopalan\AppData\Roaming\Mozilla\Firefox\Profiles\ue2yffru.default\searchplugins\yahoo-ysp.xml [2016-01-25] FF Extension: Adblock Plus - C:\Users\Lalitha Venugopalan\AppData\Roaming\Mozilla\Firefox\Profiles\ue2yffru.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-29] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2016-05-23] [not signed] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2011-05-19] <==== ATTENTION ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation) S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed] R2 macmnsvc; C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe [138576 2016-01-12] (McAfee, Inc.) R2 masvc; C:\Program Files (x86)\McAfee\Common Framework\masvc.exe [56656 2016-01-12] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R3 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\x86\macompatsvc.exe [213840 2016-01-12] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380928 2016-05-23] (McAfee, Inc.) S3 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-05-23] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 PwrMgrService; C:\Program Files (x86)\Verdiem\Surveyor Agent\Bin\PwrMgrService.exe [3341584 2015-09-07] (Verdiem Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation) R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [64272 2016-01-26] (Cypress Semiconductor) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-12-16] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [87696 2013-12-16] (O2Micro) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-12-16] (Intel Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-12-16] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-24] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-16] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [417064 2016-05-23] (McAfee, Inc.) R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [65320 2016-05-23] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [348968 2016-05-23] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841000 2016-05-23] (McAfee, Inc.) R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66344 2016-05-23] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114984 2016-05-23] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-05-23] (McAfee, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3586528 2013-12-16] (Intel Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation) R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [411208 2013-12-16] (Realsil Semiconductor Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-08-21] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-08-21] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2013-08-21] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-08-21] (Microsoft Corporation) S3 toshidpt; C:\Windows\system32\drivers\Toshidpt.sys [10232 2013-12-16] (TOSHIBA Corporation.) S1 btuzmtlz; \??\C:\Windows\system32\drivers\btuzmtlz.sys [X] S1 ccvilyvu; \??\C:\Windows\system32\drivers\ccvilyvu.sys [X] S1 cxxqbckm; \??\C:\Windows\system32\drivers\cxxqbckm.sys [X] S1 eoszovnj; \??\C:\Windows\system32\drivers\eoszovnj.sys [X] S1 ffvuvodk; \??\C:\Windows\system32\drivers\ffvuvodk.sys [X] S1 gereulru; \??\C:\Windows\system32\drivers\gereulru.sys [X] S1 hizggpxf; \??\C:\Windows\system32\drivers\hizggpxf.sys [X] S1 leospltr; \??\C:\Windows\system32\drivers\leospltr.sys [X] S1 njdkccup; \??\C:\Windows\system32\drivers\njdkccup.sys [X] S1 nuwrybqv; \??\C:\Windows\system32\drivers\nuwrybqv.sys [X] S1 qnusheec; \??\C:\Windows\system32\drivers\qnusheec.sys [X] S1 qxslycav; \??\C:\Windows\system32\drivers\qxslycav.sys [X] S1 sgpzapyf; \??\C:\Windows\system32\drivers\sgpzapyf.sys [X] S1 sneehotj; \??\C:\Windows\system32\drivers\sneehotj.sys [X] S1 tpidmufi; \??\C:\Windows\system32\drivers\tpidmufi.sys [X] S1 uumjdllf; \??\C:\Windows\system32\drivers\uumjdllf.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-24 21:44 - 2016-05-24 21:44 - 00024618 _____ C:\Users\Lalitha Venugopalan\Desktop\FRST.txt 2016-05-24 21:44 - 2016-05-24 21:44 - 00000000 ____D C:\FRST 2016-05-24 21:42 - 2016-05-24 21:43 - 02382848 _____ (Farbar) C:\Users\Lalitha Venugopalan\Desktop\FRST64.exe 2016-05-24 21:41 - 2016-05-24 21:41 - 00001102 _____ C:\Users\Lalitha Venugopalan\Desktop\malwarebytes scan history log 24052016 2131.txt 2016-05-24 21:24 - 2016-05-24 21:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Lalitha Venugopalan\Desktop\rkill.exe 2016-05-24 21:24 - 2016-05-24 21:24 - 00002046 _____ C:\Users\Lalitha Venugopalan\Desktop\Rkill.txt 2016-05-24 19:15 - 2016-05-24 19:15 - 00010849 _____ C:\Windows\wininit.ini 2016-05-24 18:51 - 2016-05-24 18:51 - 00000000 ____D C:\Program Files\Common Files\AV 2016-05-24 18:51 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-05-24 18:48 - 2016-05-24 19:15 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-05-24 18:48 - 2016-05-24 18:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-05-24 18:48 - 2016-05-24 18:48 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-05-24 18:48 - 2016-05-24 18:48 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2016-05-24 18:48 - 2016-05-24 18:48 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2016-05-24 18:48 - 2016-05-24 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-05-24 18:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2016-05-24 18:46 - 2016-05-24 18:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Lalitha Venugopalan\Downloads\spybot-2.4.exe 2016-05-24 16:57 - 2016-05-24 16:57 - 00000000 ____D C:\Program Files (x86)\Verdiem 2016-05-24 14:48 - 2016-05-24 14:48 - 00382408 _____ C:\Users\Lalitha Venugopalan\Downloads\45_nat_r2.pdf 2016-05-24 14:48 - 2016-05-24 14:48 - 00334081 _____ C:\Users\Lalitha Venugopalan\Downloads\44_nat.pdf 2016-05-24 12:02 - 2016-05-24 21:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-24 12:02 - 2016-05-24 12:02 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-05-24 12:02 - 2016-05-24 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-05-24 12:02 - 2016-05-24 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-05-24 12:02 - 2016-05-24 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-05-24 12:02 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-24 12:02 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-24 12:02 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-24 12:00 - 2016-05-24 12:01 - 22851472 _____ (Malwarebytes ) C:\Users\Lalitha Venugopalan\Downloads\mbam-setup-2.2.1.1043.exe 2016-05-24 11:46 - 2016-05-24 21:26 - 00002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2016-05-24 11:46 - 2016-05-24 21:26 - 00000000 ____D C:\Program Files\Microsoft Security Client 2016-05-24 11:46 - 2016-05-24 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2016-05-24 11:45 - 2016-05-24 11:45 - 00000000 ____D C:\7080674633e4289b66 2016-05-24 11:40 - 2016-05-24 11:40 - 49152216 _____ (Microsoft Corporation) C:\Users\Lalitha Venugopalan\Downloads\Windows-KB890830-x64-V5.36.exe 2016-05-24 11:33 - 2016-05-24 11:33 - 02526736 _____ (Trend Micro Inc.) C:\Users\Lalitha Venugopalan\Downloads\HousecallLauncher64.exe 2016-05-24 11:33 - 2016-05-24 11:33 - 00000036 _____ C:\Users\Lalitha Venugopalan\AppData\Local\housecall.guid.cache 2016-05-24 11:33 - 2015-05-29 08:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2016-05-23 10:34 - 2016-05-23 10:31 - 00114984 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys 2016-05-23 10:33 - 2016-05-23 10:31 - 00066344 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeplk.sys 2016-05-23 10:33 - 2016-05-23 10:31 - 00065320 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaacsk.sys 2016-05-23 10:32 - 2016-05-23 10:31 - 00243496 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys 2016-05-23 10:16 - 2016-05-23 10:16 - 00841000 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys 2016-05-23 10:16 - 2016-05-23 10:16 - 00417064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys 2016-05-23 10:16 - 2016-05-23 10:16 - 00348968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys 2016-05-23 10:16 - 2016-05-23 10:16 - 00279488 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe 2016-05-19 09:26 - 2016-05-19 10:09 - 00058880 ____H C:\Users\Lalitha Venugopalan\~WRL3199.tmp 2016-05-19 09:21 - 2016-05-19 09:22 - 13445678 _____ C:\Users\Lalitha Venugopalan\Downloads\How-to-Draw-the-Facial-Features.pdf 2016-05-19 09:21 - 2016-05-19 09:21 - 03411186 _____ C:\Users\Lalitha Venugopalan\Downloads\About Looking - A portrait drawing exercise.pdf 2016-05-12 19:38 - 2016-04-23 18:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-12 19:38 - 2016-04-23 17:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-12 19:38 - 2016-04-23 06:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-12 19:38 - 2016-04-23 06:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-12 19:38 - 2016-04-23 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-12 19:38 - 2016-04-23 06:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-12 19:38 - 2016-04-23 06:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-12 19:38 - 2016-04-23 06:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-12 19:38 - 2016-04-23 06:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-12 19:38 - 2016-04-23 06:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-12 19:38 - 2016-04-23 06:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-12 19:38 - 2016-04-23 05:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-12 19:38 - 2016-04-23 05:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-12 19:38 - 2016-04-23 05:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-12 19:38 - 2016-04-23 05:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-12 19:38 - 2016-04-23 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-12 19:38 - 2016-04-23 05:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-12 19:38 - 2016-04-23 05:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-12 19:38 - 2016-04-23 05:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-12 19:38 - 2016-04-23 05:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-12 19:38 - 2016-04-23 05:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-12 19:38 - 2016-04-23 05:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-12 19:38 - 2016-04-23 05:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-12 19:38 - 2016-04-23 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-12 19:38 - 2016-04-23 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-12 19:38 - 2016-04-23 05:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-12 19:38 - 2016-04-23 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-12 19:38 - 2016-04-23 05:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-12 19:38 - 2016-04-23 05:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-12 19:38 - 2016-04-23 05:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-12 19:38 - 2016-04-23 05:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-12 19:38 - 2016-04-23 05:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-12 19:38 - 2016-04-23 05:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-12 19:38 - 2016-04-23 05:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-12 19:38 - 2016-04-23 05:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-12 19:38 - 2016-04-23 05:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-12 19:38 - 2016-04-23 05:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-12 19:38 - 2016-04-23 05:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-12 19:38 - 2016-04-23 05:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-12 19:38 - 2016-04-23 05:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-12 19:38 - 2016-04-23 05:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-12 19:38 - 2016-04-23 05:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-12 19:38 - 2016-04-23 05:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-12 19:38 - 2016-04-23 04:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-12 19:38 - 2016-04-23 04:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-12 19:38 - 2016-04-23 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-12 19:38 - 2016-04-23 04:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-12 19:38 - 2016-04-23 04:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-12 19:38 - 2016-04-23 04:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-12 19:38 - 2016-04-23 04:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-12 19:38 - 2016-04-23 04:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-12 19:38 - 2016-04-23 04:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-12 19:38 - 2016-04-23 04:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-12 19:38 - 2016-04-23 04:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-12 19:38 - 2016-04-23 04:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-12 19:38 - 2016-04-23 04:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-12 19:38 - 2016-04-23 04:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-12 19:38 - 2016-04-23 04:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-12 19:38 - 2016-04-23 04:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-12 19:38 - 2016-04-23 04:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-12 19:38 - 2016-04-23 04:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-12 19:38 - 2016-04-23 04:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-12 19:38 - 2016-04-23 04:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-12 19:38 - 2016-04-23 04:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-12 19:38 - 2016-04-23 04:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-12 19:38 - 2016-04-23 04:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-12 19:38 - 2016-04-14 14:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-12 19:38 - 2016-04-14 14:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-12 19:38 - 2016-04-09 08:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-12 19:38 - 2016-04-09 08:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-12 19:38 - 2016-04-09 08:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-12 19:38 - 2016-04-09 08:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-12 19:38 - 2016-04-09 08:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-12 19:38 - 2016-04-09 08:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-12 19:38 - 2016-04-09 08:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-12 19:38 - 2016-04-09 07:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-12 19:38 - 2016-04-09 07:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-12 19:38 - 2016-04-09 07:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-12 19:38 - 2016-04-09 07:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-12 19:38 - 2016-04-09 07:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-12 19:38 - 2016-04-09 07:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-12 19:38 - 2016-04-09 06:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-12 19:38 - 2016-04-09 06:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-12 19:38 - 2016-04-09 06:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-12 19:38 - 2016-04-09 06:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-12 19:38 - 2016-04-09 06:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-12 19:38 - 2016-04-09 06:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-12 19:38 - 2016-04-09 06:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-12 19:38 - 2016-04-09 06:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-12 19:38 - 2016-03-09 19:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-12 19:38 - 2016-03-09 19:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 06:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-12 19:37 - 2016-04-09 06:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-12 19:37 - 2016-04-09 06:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-12 19:37 - 2016-04-09 06:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-12 19:37 - 2016-04-09 06:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-12 19:37 - 2016-04-09 06:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-12 19:37 - 2016-04-09 06:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-12 19:37 - 2016-04-09 06:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-12 19:37 - 2016-04-09 06:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-12 19:37 - 2016-04-09 06:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-12 19:37 - 2016-04-09 06:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 06:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 06:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 06:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-12 19:37 - 2016-04-09 05:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-12 19:37 - 2016-04-09 04:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-09 08:00 - 2016-05-09 08:00 - 00061909 _____ C:\Users\Lalitha Venugopalan\Desktop\LV National Express ticket.pdf 2016-05-07 02:51 - 2016-05-07 02:51 - 00028759 _____ C:\Users\Lalitha Venugopalan\Downloads\Travel Reservation May 11 for MRS LALITHA VENUGOPALAN.pdf 2016-05-05 06:09 - 2016-04-04 19:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-05-05 06:09 - 2016-04-04 19:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-05-05 06:09 - 2016-04-02 14:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-05-05 06:09 - 2016-03-23 15:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-05-05 06:09 - 2016-03-17 23:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-05-05 06:09 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-05-05 06:09 - 2016-03-17 19:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-05-05 06:09 - 2016-03-17 19:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-05-05 06:09 - 2016-03-17 19:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-05-05 06:09 - 2016-03-17 19:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-05-05 06:09 - 2016-03-16 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-05-05 06:09 - 2016-03-16 19:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-05-05 06:09 - 2016-03-16 19:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-05-05 06:09 - 2016-03-16 01:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2016-05-05 06:09 - 2016-03-16 01:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2016-05-05 06:09 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2016-05-05 06:09 - 2016-03-06 19:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2016-05-05 06:09 - 2016-03-06 19:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2016-05-05 06:09 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2016-05-05 06:09 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2016-05-05 06:09 - 2016-02-05 20:03 - 00147904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2016-05-05 06:09 - 2016-02-05 19:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2016-05-05 06:09 - 2016-02-05 19:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll 2016-05-05 06:09 - 2016-02-05 18:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll 2016-05-05 06:09 - 2016-02-02 19:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2016-05-05 06:09 - 2016-01-21 01:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2016-05-05 06:09 - 2015-06-03 21:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-24 21:36 - 2009-07-14 06:13 - 00786016 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-24 21:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-05-24 21:35 - 2009-07-14 05:45 - 00024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-24 21:35 - 2009-07-14 05:45 - 00024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-24 21:29 - 2014-12-27 15:07 - 00000000 ____D C:\Users\Lalitha Venugopalan\AppData\Roaming\Skype 2016-05-24 21:29 - 2014-12-09 12:04 - 00000470 _____ C:\Windows\SMSCFG.ini 2016-05-24 21:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-24 21:26 - 2015-09-18 10:47 - 00001945 _____ C:\Windows\epplauncher.mif 2016-05-24 21:26 - 2014-12-09 13:35 - 00000000 ____D C:\Users\Lalitha Venugopalan\AppData\Roaming\SoftGrid Client 2016-05-24 21:15 - 2014-12-09 12:01 - 00002148 __RSH C:\ProgramData\ntuser.pol 2016-05-24 21:14 - 2014-12-09 13:35 - 00000000 ____D C:\Users\Lalitha Venugopalan 2016-05-24 20:53 - 2014-12-09 21:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-24 20:53 - 2014-12-09 20:59 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2473402712-3529054256-170632053-1005UA.job 2016-05-24 16:55 - 2015-05-01 19:46 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2016-05-24 16:55 - 2015-05-01 19:45 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-05-24 16:54 - 2012-04-27 10:03 - 00000000 ____D C:\ProgramData\Apple 2016-05-24 11:44 - 2012-03-15 17:59 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-24 11:31 - 2012-04-27 10:05 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-05-23 15:31 - 2015-12-04 11:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-23 15:31 - 2012-04-27 10:05 - 00000000 ____D C:\ProgramData\McAfee 2016-05-23 10:32 - 2012-04-27 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-23 10:31 - 2012-04-27 10:05 - 00122928 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll 2016-05-23 10:31 - 2012-04-27 10:05 - 00094600 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll 2016-05-23 10:31 - 2012-04-27 10:05 - 00025088 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll 2016-05-23 10:16 - 2012-04-27 10:05 - 00000000 ____D C:\Program Files\Common Files\McAfee 2016-05-23 07:13 - 2014-12-09 20:59 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2473402712-3529054256-170632053-1005Core.job 2016-05-20 14:53 - 2015-06-01 09:51 - 00000000 ____D C:\Users\Lalitha Venugopalan\AppData\LocalLow\Adblock Plus for IE 2016-05-17 09:44 - 2015-06-19 14:37 - 00015360 _____ C:\Users\Lalitha Venugopalan\Documents\PW.xlsx 2016-05-13 14:54 - 2014-12-09 21:43 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-13 14:54 - 2014-12-09 21:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-13 14:54 - 2012-04-27 09:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-13 12:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2016-05-13 06:49 - 2015-06-24 15:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-13 06:35 - 2009-07-14 05:45 - 00416000 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-13 06:34 - 2015-01-12 09:59 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-11 06:48 - 2014-12-09 20:59 - 00003962 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2473402712-3529054256-170632053-1005UA 2016-05-11 06:48 - 2014-12-09 20:59 - 00003566 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2473402712-3529054256-170632053-1005Core 2016-05-09 08:00 - 2014-12-19 11:43 - 00000000 ____D C:\Users\Lalitha Venugopalan\AppData\Local\CutePDF Writer 2016-05-07 03:32 - 2014-12-27 15:07 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-07 03:32 - 2014-12-27 15:07 - 00000000 ____D C:\ProgramData\Skype 2016-05-03 05:43 - 2016-04-14 02:35 - 00024567 _____ C:\Users\Lalitha Venugopalan\Desktop\Santhosh Fluids Chart.xlsx ==================== Files in the root of some directories ======= 2012-04-27 09:59 - 2011-06-29 12:25 - 0000134 _____ () C:\Program Files\Mozilla Firefox 2015-07-24 13:37 - 2015-07-24 13:37 - 0303104 __RSH () C:\Users\Lalitha Venugopalan\AppData\Roaming\colbact0.dll 2016-05-24 11:33 - 2016-05-24 11:33 - 0000036 _____ () C:\Users\Lalitha Venugopalan\AppData\Local\housecall.guid.cache 2016-03-15 19:01 - 2016-03-15 19:01 - 0001275 _____ () C:\Users\Lalitha Venugopalan\AppData\Local\recently-used.xbel 2016-01-26 15:40 - 2016-01-26 15:40 - 0000017 _____ () C:\Users\Lalitha Venugopalan\AppData\Local\resmon.resmoncfg 2014-12-09 19:59 - 2014-12-09 19:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-10-14 09:59 - 2015-10-14 10:01 - 0000369 _____ () C:\ProgramData\hpzinstall.log 2016-02-26 17:00 - 2016-02-26 17:00 - 0010346 _____ () C:\ProgramData\regid.1996-09.com.picotech_{5922be1e-9160-4e90-a24e-60225d029737}.swidtag ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-23 17:20 ==================== End of FRST.txt ============================ Thanks and Regards Lalitha Rkill.txt Addition.txt
  6. HI I installed Malwarebytes today which detected and quarantined two malwares. Subsequent scans do not detect any malwares. However ever half an hour or so I am getting promtps that say it has blocked a malicious webite. The exact message reads as follows: Domain: mqt.me IP: 46.229.172.105 Port: 60576 Type: Outbound process: C:\Windows\sysWOW32\rundll.exe Domain: IP: 207.244.91.139 Port: 60558 Type: Outbound process: C:\Windows\sysWOW32\rundll.exe Domain: IP: 207.244.91.139 Port: 60602 Type: Outbound process: C:\Windows\sysWOW32\rundll.exe Can someone please help me in getting rid of these malwares? Thanks and Regards Lalitha
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.