Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iassdo.dll.mui corrupt

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

iassdo.dll.mui corrupt

Unread postby tns1 » January 5th, 2017, 9:18 pm

I have a 7ult PC that is working fine, but an SFC scan marks file iassdo.dll.mui as corrupt. There are just a few posts out there about this including mine, but nothing to indicate if this issue is the result of malware or some other cause. I'd rather not reinstall or repair install unless there is a compelling reason to. I haven't found any problems with malwarebytes, superantispyware, msse.
FRST logs follow:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Administrator (administrator) on S7010-7U (05-01-2017 17:01:55)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: T & S & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2908888 2013-08-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableQuickReboot] 1
HKU\S-1-5-21-985333384-1090755428-1817767589-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-06] (SUPERAntiSpyware)
HKU\S-1-5-21-985333384-1090755428-1817767589-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts-x32: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A45F2E88-A792-4035-A9FB-4199616D3031}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-985333384-1090755428-1817767589-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ufvwl4sy.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ufvwl4sy.default [2017-01-05]
FF Session Restore: Mozilla\Firefox\Profiles\ufvwl4sy.default -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329192 2016-06-02] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-06-24] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2191832 2013-08-15] (Realtek Semiconductor Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 17:01 - 2017-01-05 17:02 - 00009829 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-01-05 17:01 - 2017-01-04 17:29 - 02418176 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2017-01-05 15:20 - 2017-01-04 17:50 - 04874935 _____ C:\Users\Administrator\Desktop\CrystalDiskInfo7_0_5.zip
2017-01-05 15:19 - 2017-01-04 12:11 - 00642632 _____ (EFD Software ) C:\Users\Administrator\Desktop\hdtune_255.exe
2017-01-04 17:35 - 2017-01-05 17:01 - 00000000 ____D C:\FRST
2017-01-04 13:18 - 2017-01-04 13:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-01-04 13:17 - 2017-01-04 13:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-04 13:17 - 2017-01-04 13:17 - 28821648 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
2017-01-04 13:17 - 2017-01-04 13:17 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-01-04 13:17 - 2017-01-04 13:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-04 13:17 - 2017-01-04 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-03 22:33 - 2017-01-03 22:23 - 564744309 _____ C:\Users\T\Documents\Windows6.1-KB947821-v34-x64.msu
2017-01-03 08:16 - 2017-01-03 08:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-12-31 09:47 - 2016-11-21 10:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-31 09:47 - 2016-11-21 10:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-31 09:47 - 2016-11-21 10:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-31 09:47 - 2016-11-21 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-31 09:47 - 2016-11-20 08:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-31 09:47 - 2016-11-20 08:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-31 09:47 - 2016-11-20 08:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-31 09:47 - 2016-11-20 08:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-31 09:47 - 2016-11-20 08:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-31 09:47 - 2016-11-20 08:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-31 09:47 - 2016-11-20 08:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-31 09:47 - 2016-11-20 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-31 09:47 - 2016-11-20 07:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-31 09:47 - 2016-11-20 07:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-31 09:47 - 2016-11-20 07:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-31 09:47 - 2016-11-20 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-31 09:47 - 2016-11-20 07:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-31 09:47 - 2016-11-20 06:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-31 09:47 - 2016-11-17 08:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-31 09:47 - 2016-11-14 15:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-31 09:47 - 2016-11-14 14:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-31 09:47 - 2016-11-12 11:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-31 09:47 - 2016-11-12 11:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-31 09:47 - 2016-11-12 11:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-31 09:47 - 2016-11-12 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-31 09:47 - 2016-11-12 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-31 09:47 - 2016-11-12 11:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-31 09:47 - 2016-11-12 11:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-31 09:47 - 2016-11-12 11:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-31 09:47 - 2016-11-12 11:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-31 09:47 - 2016-11-12 11:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-31 09:47 - 2016-11-12 11:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-31 09:47 - 2016-11-12 11:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-31 09:47 - 2016-11-12 11:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-31 09:47 - 2016-11-12 11:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-31 09:47 - 2016-11-12 11:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-31 09:47 - 2016-11-12 11:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-31 09:47 - 2016-11-12 10:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-31 09:47 - 2016-11-12 10:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-31 09:47 - 2016-11-12 10:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-31 09:47 - 2016-11-12 10:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-31 09:47 - 2016-11-12 10:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-31 09:47 - 2016-11-12 10:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-31 09:47 - 2016-11-12 10:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-31 09:47 - 2016-11-12 10:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-31 09:47 - 2016-11-12 10:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-31 09:47 - 2016-11-12 10:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-31 09:47 - 2016-11-12 10:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-31 09:47 - 2016-11-12 10:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-31 09:47 - 2016-11-12 10:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-31 09:47 - 2016-11-12 10:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-31 09:47 - 2016-11-12 10:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-31 09:47 - 2016-11-12 10:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-31 09:47 - 2016-11-12 10:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-31 09:47 - 2016-11-12 10:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-31 09:47 - 2016-11-12 10:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-31 09:47 - 2016-11-12 10:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-31 09:47 - 2016-11-12 10:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-31 09:47 - 2016-11-12 10:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-31 09:47 - 2016-11-12 10:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-31 09:47 - 2016-11-12 10:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-31 09:47 - 2016-11-12 10:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-31 09:47 - 2016-11-12 10:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-31 09:47 - 2016-11-12 10:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-31 09:47 - 2016-11-12 10:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-31 09:47 - 2016-11-12 10:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-31 09:47 - 2016-11-12 09:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-31 09:47 - 2016-11-12 09:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-31 09:47 - 2016-11-12 09:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-31 09:47 - 2016-11-12 09:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-31 09:47 - 2016-11-12 09:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-31 09:47 - 2016-11-12 09:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-31 09:47 - 2016-11-12 09:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-31 09:47 - 2016-11-12 09:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-31 09:47 - 2016-11-12 09:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-31 09:47 - 2016-11-12 09:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-31 09:47 - 2016-11-12 09:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-31 09:47 - 2016-11-12 09:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-31 09:47 - 2016-11-12 09:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-31 09:47 - 2016-11-12 09:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-31 09:47 - 2016-11-12 09:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-31 09:47 - 2016-11-12 09:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-31 09:47 - 2016-11-12 09:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-31 09:47 - 2016-11-12 09:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-31 09:47 - 2016-11-12 09:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-31 09:47 - 2016-11-10 08:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-31 09:47 - 2016-11-10 08:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-31 09:47 - 2016-11-09 08:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-31 09:47 - 2016-11-09 08:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-31 09:47 - 2016-11-09 08:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-31 09:47 - 2016-11-09 08:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-31 09:47 - 2016-11-09 08:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-31 09:47 - 2016-11-09 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-31 09:47 - 2016-11-09 08:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-31 09:47 - 2016-11-09 08:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-31 09:47 - 2016-11-09 08:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-31 09:47 - 2016-11-09 08:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-31 09:47 - 2016-11-09 08:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-31 09:47 - 2016-11-09 08:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-31 09:47 - 2016-11-09 08:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-31 09:47 - 2016-11-09 07:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-31 09:47 - 2016-11-06 08:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-31 09:47 - 2016-11-06 08:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-31 09:47 - 2016-11-06 08:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-31 09:47 - 2016-10-27 07:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-31 09:47 - 2016-10-27 07:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-31 09:47 - 2016-10-11 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-31 09:47 - 2016-10-11 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-31 09:47 - 2016-10-11 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-31 09:47 - 2016-10-11 07:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-31 09:47 - 2016-10-11 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-31 09:47 - 2016-10-11 07:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-31 09:47 - 2016-10-11 07:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 07:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-31 09:47 - 2016-10-11 07:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-31 09:47 - 2016-10-11 07:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-31 09:47 - 2016-10-11 06:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-31 09:47 - 2016-10-11 06:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-31 09:47 - 2016-10-11 06:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-31 09:47 - 2016-10-11 06:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-31 09:47 - 2016-10-11 06:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-31 09:47 - 2016-10-11 06:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-31 09:47 - 2016-10-11 06:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-31 09:47 - 2016-10-11 06:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-31 09:47 - 2016-10-11 06:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-31 09:47 - 2016-10-11 05:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-31 09:47 - 2016-10-11 05:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-31 09:47 - 2016-10-08 05:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-31 09:47 - 2016-10-04 07:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-31 09:47 - 2016-10-04 07:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-31 09:47 - 2016-10-04 07:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-31 09:47 - 2016-10-04 07:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-31 09:47 - 2016-10-04 07:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-31 09:47 - 2016-10-04 07:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-31 09:47 - 2016-10-04 07:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-31 09:47 - 2016-10-04 07:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-27 11:20 - 2016-12-27 11:20 - 00002717 _____ C:\Users\S\Desktop\OneNote 2013.lnk
2016-12-27 08:44 - 2016-12-27 08:44 - 05816846 _____ C:\Users\S\Desktop\20161223_172108.jpg
2016-12-21 07:39 - 2016-12-21 07:40 - 00000000 ____D C:\Users\T\AppData\Local\Adobe
2016-12-21 07:39 - 2016-12-21 07:39 - 00000000 ____D C:\Users\T\AppData\Local\Macromedia
2016-12-15 14:05 - 2016-12-15 14:05 - 00000000 ____D C:\Users\S\Desktop\Roth
2016-12-12 18:03 - 2016-12-12 18:03 - 00000000 ____D C:\Users\S\AppData\Local\Macromedia
2016-12-12 18:02 - 2016-12-21 07:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-12 18:02 - 2016-12-21 07:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-12 18:02 - 2016-12-21 07:40 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-12 18:01 - 2016-12-12 18:02 - 00000000 ____D C:\Users\S\AppData\Local\Adobe
2016-12-12 12:07 - 2016-12-12 12:07 - 01811391 _____ C:\Users\S\Downloads\deposit-slip.pdf
2016-12-10 11:12 - 2016-12-20 08:43 - 00001356 _____ C:\Users\S\Desktop\XP Documents - Shortcut.lnk
2016-12-10 11:12 - 2016-12-10 11:12 - 00036352 ___SH C:\Users\S\Documents\Thumbs.db
2016-12-08 14:05 - 2016-12-08 14:05 - 00014275 _____ C:\Users\Administrator\Desktop\sfcdetails brief.txt
2016-12-08 13:23 - 2016-12-08 13:23 - 00185224 _____ C:\Users\Administrator\Desktop\sfcdetails.txt
2016-12-08 12:45 - 2016-12-08 12:45 - 00000000 ____D C:\Windows\CheckSur
2016-12-08 12:42 - 2016-12-08 12:44 - 564744309 _____ C:\Users\Administrator\Downloads\Windows6.1-KB947821-v34-x64.msu
2016-12-08 12:39 - 2017-01-03 22:44 - 00000000 ____D C:\Users\T\AppData\LocalLow\Mozilla
2016-12-07 21:13 - 2009-07-13 17:41 - 00445440 _____ (Microsoft Corporation) C:\Users\S\Desktop\iassdo.dll
2016-12-07 20:50 - 2016-12-07 20:50 - 00092612 _____ C:\Users\S\Desktop\sfcdetails.txt
2016-12-07 12:45 - 2016-12-07 12:45 - 00000000 ____D C:\Users\S\Desktop\Misc pics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 16:59 - 2009-07-13 20:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-05 16:59 - 2009-07-13 20:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-05 16:55 - 2009-07-13 21:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-05 16:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-01-05 16:51 - 2016-06-24 02:37 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2017-01-05 16:51 - 2016-06-16 21:27 - 00000000 _RSHD C:\Office Activation Technologies
2017-01-05 16:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-05 16:41 - 2016-06-24 02:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\ClassicShell
2017-01-05 15:23 - 2016-06-23 11:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-05 15:21 - 2016-06-23 13:52 - 00000000 ____D C:\Program Files (x86)\0AAUtils
2017-01-05 11:59 - 2016-11-19 09:20 - 00000000 ____D C:\Users\S\AppData\LocalLow\Mozilla
2017-01-05 11:37 - 2016-06-24 16:48 - 00000000 ____D C:\Users\S\AppData\Local\ClassicShell
2017-01-05 08:32 - 2016-06-23 14:16 - 00000000 __SHD C:\Users\S\IntelGraphicsProfiles
2017-01-04 17:35 - 2016-12-01 17:35 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-01-04 14:01 - 2016-06-16 21:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-04 14:00 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2017-01-03 22:55 - 2016-06-24 05:42 - 00000000 ____D C:\Users\T\AppData\Local\ClassicShell
2017-01-03 22:31 - 2016-06-23 14:06 - 00000000 __SHD C:\Users\T\IntelGraphicsProfiles
2017-01-03 09:49 - 2016-11-14 20:16 - 00000000 ____D C:\Users\S\Desktop\Now 2
2017-01-03 09:15 - 2016-09-30 07:17 - 00000000 ____D C:\Users\S\Documents\OneNote Notebooks
2016-12-31 14:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-12-31 13:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-31 13:11 - 2016-06-17 01:05 - 00140288 ___SH C:\Users\Default\ntuser.dat.LOG1
2016-12-31 13:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\winsxs
2016-12-31 13:10 - 2009-07-13 20:45 - 00503080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-31 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
2016-12-31 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\en-US
2016-12-31 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-31 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-31 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-31 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-31 09:54 - 2016-06-16 22:29 - 00000000 ____D C:\Windows\system32\MRT
2016-12-31 09:52 - 2016-06-16 22:29 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-31 09:51 - 2016-06-24 06:50 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-31 09:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-29 07:39 - 2016-12-01 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-29 07:39 - 2016-06-23 12:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-28 22:41 - 2016-06-23 14:16 - 00000000 ___RD C:\Users\S\Downloads
2016-12-21 08:30 - 2016-09-29 08:09 - 00000000 ____D C:\Users\S\Desktop\Condo 2016
2016-12-21 07:40 - 2016-06-23 14:06 - 00000000 ___RD C:\Users\T\Downloads
2016-12-21 07:40 - 2016-06-17 00:11 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-21 07:39 - 2016-06-24 05:31 - 00000000 ___SD C:\Users\T\AppData\LocalLow\Microsoft
2016-12-21 07:39 - 2016-06-23 14:06 - 00000000 ___SD C:\Users\T\AppData\Roaming\Microsoft
2016-12-21 07:39 - 2016-06-23 14:06 - 00000000 ____D C:\Users\T\AppData\Local
2016-12-16 08:53 - 2016-06-23 14:16 - 00000000 ___HD C:\Users\S\AppData
2016-12-16 07:26 - 2016-11-18 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 07:26 - 2016-07-26 20:25 - 00008808 _____ C:\Windows\PFRO.log
2016-12-15 20:14 - 2016-09-28 20:38 - 00000000 ____D C:\Users\S\Documents\XP Documents
2016-12-12 18:03 - 2016-06-24 16:47 - 00000000 ___SD C:\Users\S\AppData\LocalLow\Microsoft
2016-12-12 18:03 - 2016-06-23 14:16 - 00000000 ___SD C:\Users\S\AppData\Roaming\Microsoft
2016-12-12 18:03 - 2016-06-23 14:16 - 00000000 ____D C:\Users\S\AppData\Local
2016-12-10 11:12 - 2016-06-23 14:16 - 00000000 ___RD C:\Users\S\Documents
2016-12-08 13:26 - 2016-06-24 02:37 - 00000000 ____D C:\Users\Administrator
2016-12-08 12:39 - 2016-06-23 14:06 - 00000000 ____D C:\Users\T\AppData\LocalLow

==================== Files in the root of some directories =======

2016-06-17 00:11 - 2001-05-24 11:59 - 0162304 _____ () C:\Program Files (x86)\UNWISE.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2017-01-03 08:58

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Administrator (05-01-2017 17:02:40)
Running from C:\Users\Administrator\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-06-17 05:16:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-985333384-1090755428-1817767589-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-985333384-1090755428-1817767589-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-985333384-1090755428-1817767589-1004 - Limited - Enabled)
S (S-1-5-21-985333384-1090755428-1817767589-1002 - Administrator - Enabled) => C:\Users\S
T (S-1-5-21-985333384-1090755428-1817767589-1001 - Administrator - Enabled) => C:\Users\T

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
K-Lite Codec Pack 4.7.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.7.0 - )
LibreOffice 5.1.4.2 (HKLM-x32\...\{D5D4AC5C-C757-4EB2-857C-B021DB22482C}) (Version: 5.1.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Mozilla Thunderbird 45.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 en-US)) (Version: 45.6.0 - Mozilla)
MRT Windows (HKLM-x32\...\MRT Windows) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5985 - Realtek Semiconductor Corp.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-985333384-1090755428-1817767589-500_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041C6467-F5D7-4C35-B2F7-01F871652FCC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1246DFCA-2E7E-4B83-9028-C0B470D9B824} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {86C6C83E-08C7-4C3A-933C-5D4D360584FE} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {87D957B0-DABD-4291-976C-6820998239B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {91F8F37F-C4F1-40BF-8F92-F5E16DB83A6F} - System32\Tasks\{EF9774B6-47F2-436C-8F4B-D2767AD311D1} => pcalua.exe -a C:\PROGRA~2\UNWISE.EXE -c C:\PROGRA~2\INSTALL.LOG
Task: {C1909E30-D895-4EE7-96B7-0297F77B5719} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F9AEA1CE-31C6-47A1-8CEF-313B0A657492} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask =>

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-06-06 06:20 - 2010-06-06 06:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2016-06-14 09:37 - 2016-06-14 09:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-06-17 00:11 - 2008-05-16 15:06 - 00043008 _____ () C:\Program Files (x86)\WinRar\rarext64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-05-29 09:07 - 00506672 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 www.myfreecams.com0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net

There are 12010 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-985333384-1090755428-1817767589-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1C77C94-8828-41E6-944C-AD6D030B811E}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7F685993-C8E2-43A7-A538-EC67E4571B6A}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1FCB7ACE-06A5-4FD4-8401-F08BE95EFE88}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{376CBCE2-31E8-41CA-8E1B-F9A593FA4885}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{401C1B2E-37F1-4F31-842C-587C57E7E972}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{58BE2F95-2C6F-4878-BA2F-F258347F1936}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

19-12-2016 20:44:15 Windows Update
23-12-2016 10:42:41 Windows Update
27-12-2016 08:23:12 Windows Update
31-12-2016 09:47:23 Windows Update
03-01-2017 17:47:35 Windows Update
03-01-2017 22:34:40 Windows Update
04-01-2017 13:58:26 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2016 05:33:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 930

Start Time: 01d24c3bfd498b45

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 50208d93-b82f-11e6-a988-b8ca3a95e8f6

Error: (11/25/2016 01:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0xd28
Faulting application start time: 0x01d24731ee79d330
Faulting application path: C:\Windows\system32\SearchIndexer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6ecc68f2-b35a-11e6-a0c8-b8ca3a95e8f6

Error: (11/20/2016 02:07:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c98

Start Time: 01d24351bfb27bf9

Termination Time: 42

Application Path: C:\Windows\Explorer.EXE

Report Id: b50899d8-af6d-11e6-8c73-b8ca3a95e8f6

Error: (11/08/2016 09:54:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4867.1002, time stamp: 0x57ea36bc
Faulting module name: mso.dll, version: 15.0.4569.1506, time stamp: 0x52e0dcca
Exception code: 0xc0000005
Fault offset: 0x0000000000139049
Faulting process id: 0xdf4
Faulting application start time: 0x01d239e8b618f360
Faulting application path: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
Faulting module path: C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
Report Id: 5e29bf40-a5dc-11e6-bb45-b8ca3a95e8f6

Error: (11/08/2016 09:51:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4867.1002, time stamp: 0x57ea36bc
Faulting module name: mso.dll, version: 15.0.4569.1506, time stamp: 0x52e0dcca
Exception code: 0x80000001
Fault offset: 0x0000000000139049
Faulting process id: 0x3d0
Faulting application start time: 0x01d239e88da65178
Faulting application path: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
Faulting module path: C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
Report Id: ec38a0e2-a5db-11e6-bb45-b8ca3a95e8f6

Error: (11/08/2016 09:49:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4867.1002, time stamp: 0x57ea36bc
Faulting module name: mso.dll, version: 15.0.4569.1506, time stamp: 0x52e0dcca
Exception code: 0xc0000005
Fault offset: 0x0000000000139049
Faulting process id: 0x7d0
Faulting application start time: 0x01d239e8478d70b1
Faulting application path: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
Faulting module path: C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
Report Id: c19fc359-a5db-11e6-bb45-b8ca3a95e8f6

Error: (10/31/2016 10:39:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0xc9c
Faulting application start time: 0x01d2339d45e64591
Faulting application path: C:\Windows\system32\SearchIndexer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6673c581-9f99-11e6-9288-b8ca3a95e8f6

Error: (10/19/2016 03:28:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: ole32.dll, version: 6.1.7601.23392, time stamp: 0x56eb3627
Exception code: 0xc0000005
Fault offset: 0x000000000016fb72
Faulting process id: 0xdd0
Faulting application start time: 0x01d22a131fc53c29
Faulting application path: C:\Windows\system32\SearchIndexer.exe
Faulting module path: C:\Windows\system32\ole32.dll
Report Id: c6c934c6-9653-11e6-bd41-b8ca3a95e8f6

Error: (10/18/2016 05:29:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: StructuredQuery.dll, version: 7.0.7601.23451, time stamp: 0x573365bb
Exception code: 0xc0000005
Fault offset: 0x000000000003b319
Faulting process id: 0xb14
Faulting application start time: 0x01d22943a3d84ac6
Faulting application path: C:\Windows\system32\SearchIndexer.exe
Faulting module path: C:\Windows\System32\StructuredQuery.dll
Report Id: e1ad2dca-9536-11e6-8a25-b8ca3a95e8f6

Error: (10/18/2016 05:29:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: ntdll.dll, version: 6.1.7601.23539, time stamp: 0x57c99b8f
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0xa08
Faulting application start time: 0x01d22940bd3fe537
Faulting application path: C:\Windows\system32\SearchIndexer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: e0c23174-9536-11e6-8a25-b8ca3a95e8f6


System errors:
=============
Error: (01/02/2017 01:50:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 116.72.0.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: Network Inspection System

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 2.1.12706.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (01/02/2017 01:50:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.233.3748.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.13303.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (01/02/2017 01:50:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.233.3748.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.13303.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (12/31/2016 09:42:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

Error: (12/25/2016 12:54:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 116.72.0.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: Network Inspection System

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 2.1.12706.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (12/25/2016 12:54:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.233.3284.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.13303.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (12/25/2016 12:54:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.233.3284.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.13303.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (12/23/2016 10:43:32 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 116.72.0.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: Network Inspection System

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 2.1.12706.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (12/22/2016 10:38:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.233.3066.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.13303.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (12/22/2016 10:38:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.233.3066.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.13303.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 17%
Total physical RAM: 8078.45 MB
Available physical RAM: 6681.22 MB
Total Virtual: 16155.09 MB
Available Virtual: 14709.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:190.99 GB) NTFS
Drive e: (TC17) (Removable) (Total:14.55 GB) (Free:0.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A718B14A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
tns1
Active Member
 
Posts: 9
Joined: January 1st, 2017, 6:21 pm
Advertisement
Register to Remove

Re: iassdo.dll.mui corrupt

Unread postby Gary R » January 6th, 2017, 5:25 am

iasso.dll is a legitimate system file.

iassdo.dll.mui is a "foreign language" version of the same file which Windows will use when or if it is needed to deal with a situation where you are dealing with a "foreign" language. Windows contains a whole lot of them for any number of different languages. For the most part they are unused, and the fact that one has been corrupted is unlikely to interfere much with the day to day functionality of your machine.

If you wish we can scan your machine, and see if there is a suitable replacement for it on your computer (Windows often has multiple copies of files), and if there is then we can replace the corrupt one (provided we can properly identify which one it is).
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: iassdo.dll.mui corrupt

Unread postby tns1 » January 6th, 2017, 12:15 pm

This makes some sense. The PC was purchased used, and it had some tools for supporting the Persian language. It may have had that language pack, but I uninstalled it. Perhaps this mui file is a leftover from that prior use? If it can be said for sure that there is no malware on this PC, I can live with the one corrupt file since no one has reported fixing this successfully short of a full re-install.

I believe the file exists at 4 different places on this PC, but some of those are links of some kind (symbolic, hard, ..)and not real files, making it a more difficult fix. Others have reported that you just end up in a loop when you try to copy over these files. I looked at my install media and it seems to have versions of this file buried in a cab.

To be clear, my main purpose is to make sure there is no malware. If this is just some uninstall remnant, I'll wait until I eventually do a clean install.
tns1
Active Member
 
Posts: 9
Joined: January 1st, 2017, 6:21 pm

Re: iassdo.dll.mui corrupt

Unread postby Gary R » January 6th, 2017, 12:26 pm

Well there's no obvious signs of malware in your FRST logs. There's a couple of minor issues showing, but nothing malicious.

As a check to make sure that I haven't missed something, I'd like you to run an online scan for me ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: iassdo.dll.mui corrupt

Unread postby tns1 » January 6th, 2017, 2:30 pm

Looks like a couple of adware, but I am surprised about the winrar since I have used this a lot. Should I just let ESET clean these?

Eset.txt:
C:\$RECYCLE.BIN\S-1-5-21-985333384-1090755428-1817767589-1002\$RUFS01A.exe Win32/InstallMonetizer.AQ potentially unwanted application,Win32/OpenCandy potentially unsafe application
C:\Program Files (x86)\WinRar\Setup.rar a variant of Win32/HackTool.Patcher.CP potentially unsafe application
C:\Sandbox\T\DefaultBox\drive\C\Program Files (x86)\WinRar\Setup.rar a variant of Win32/HackTool.Patcher.CP potentially unsafe application
C:\Users\S\Documents\XP Documents\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application
tns1
Active Member
 
Posts: 9
Joined: January 1st, 2017, 6:21 pm

Re: iassdo.dll.mui corrupt

Unread postby Gary R » January 6th, 2017, 7:50 pm

It's easier and quicker if we just remove them using FRST.

Installer files are often flagged as malicious, even if they're not, because of their functionality, which resembles closely the actions of malware. Whether you wish to delete the winrar files is up to you. They may have been "altered" or e-set may just be "confused" about them.

I'll script for their removal, but if you don't want to delete them, then just remove the relevant lines from the script I give you for FRST.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\$RECYCLE.BIN\S-1-5-21-985333384-1090755428-1817767589-1002\$RUFS01A.exe
C:\Program Files (x86)\WinRar\Setup.rar
C:\Sandbox\T\DefaultBox\drive\C\Program Files (x86)\WinRar\Setup.rar 
C:\Users\S\Documents\XP Documents\Downloads\CuteWriter.exe
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
GroupPolicyScripts-x32: Restriction <======= ATTENTION

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: iassdo.dll.mui corrupt

Unread postby tns1 » January 6th, 2017, 10:19 pm

Before I got your reply, I let ESET fix those issues and when I ran it again it was clean.
I ran the FRST script anyway without edits:


Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Administrator (06-01-2017 18:09:28) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: T & S & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\$RECYCLE.BIN\S-1-5-21-985333384-1090755428-1817767589-1002\$RUFS01A.exe
C:\Program Files (x86)\WinRar\Setup.rar
C:\Sandbox\T\DefaultBox\drive\C\Program Files (x86)\WinRar\Setup.rar
C:\Users\S\Documents\XP Documents\Downloads\CuteWriter.exe
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
GroupPolicyScripts-x32: Restriction <======= ATTENTION
*****************

"C:\$RECYCLE.BIN\S-1-5-21-985333384-1090755428-1817767589-1002\$RUFS01A.exe" => not found.
"C:\Program Files (x86)\WinRar\Setup.rar" => not found.
"C:\Sandbox\T\DefaultBox\drive\C\Program Files (x86)\WinRar\Setup.rar" => not found.
"C:\Users\S\Documents\XP Documents\Downloads\CuteWriter.exe" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1926369 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 344815175 B
Edge => 0 B
Chrome => 0 B
Firefox => 141877999 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 690102 B
T => 10333850 B
S => 26008607 B
Administrator => 4302345 B

RecycleBin => 544 B
EmptyTemp: => 513.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:09:35 ====
tns1
Active Member
 
Posts: 9
Joined: January 1st, 2017, 6:21 pm

Re: iassdo.dll.mui corrupt

Unread postby Gary R » January 7th, 2017, 5:46 pm

Looks like everything found by e-set has been removed, and the script for FRST has also completed successfully.

As there are no further signs of malware in any of the scans we've run, I would surmise that your computer is now clean of infection. If you have any remaining problems please let me know, if not ....

To remove FRST ...
  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes ...
    • Remove disinfection tools

    ... then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: iassdo.dll.mui corrupt

Unread postby tns1 » January 7th, 2017, 7:24 pm

The delfix link did not work, so I got it from bleepingcomputer. Such a relief to clean this up, thanks.


# DelFix v1.010 - Logfile created 07/01/2017 at 15:16:08
# Updated 26/04/2015 by Xplode
# Username : Administrator - S7010-7U
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Administrator\Desktop\Addition.txt
Deleted : C:\Users\Administrator\Desktop\Fixlog.txt
Deleted : C:\Users\Administrator\Desktop\FRST.txt
Deleted : C:\Users\Administrator\Desktop\FRST64.exe

########## - EOF - ##########
tns1
Active Member
 
Posts: 9
Joined: January 1st, 2017, 6:21 pm

Re: iassdo.dll.mui corrupt

Unread postby Gary R » January 8th, 2017, 2:52 am

Sorry about that, the author of the tool seems to have shut down his original site.

Thanks for letting me know, I'll change the link in my speech to the BC link so that others aren't inconvenienced as you were.

Glad to hear that everything appears to be OK now. So since you appear to have no further problems to deal with ....

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware