Jump to content

Windows 8.1 cannot boot with mbamswissarmy.sys message


Recommended Posts

Hello,

My windows 8.1 cannot start and shows up error message with blue screen about:

 mbamswissarmy.sys is missing.

I can't succeed enter to windows also with safe mode :(

can I run FRST64 and send the logs here?

Thanks.

Roy

Link to post
Share on other sites

attached FRST.txt output :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-05-2017 02
Ran by SYSTEM on MININT-O3K6P8F (06-05-2017 14:06:39)
Running from f:\
Platform: Windows 8.1 Pro (Update) (X64) Language: עברית (ישראל)‏
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521968 2015-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [71312 2014-03-07] (Charity Engine)
HKLM-x32\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\charityengine.exe [3757712 2014-03-07] (Charity Engine)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-03-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe [1969888 2017-03-29] ()
Startup: C:\Users\פטל\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-04-03]
ShortcutTarget: MEGAsync.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Startup: C:\Users\פטל\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\גוזר מסך של OneNote 2007 ו- Launcher.lnk [2016-06-06]
ShortcutTarget: גוזר מסך של OneNote 2007 ו- Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1490592 2016-06-07] ()
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2017-03-10] (Freemake)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188264 2017-04-18] (McAfee, Inc.)
S3 mi-raysat_3dsmax2017_64; E:\3ds Max 2017\raysat_3dsmax2017_64server.exe [86016 2011-09-15] ()
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-09-08] (CyberLink)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] ()
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [37672 2015-07-31] (Intel)
S3 LifeCamTrueColor; C:\Windows\system32\DRIVERS\LifeCamTrueColor.sys [37936 2016-07-27] (Microsoft Corporation)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-14] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-27] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [0 2017-04-28] () <==== ATTENTION (zero byte File/Folder)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-04-28] () <==== ATTENTION (zero byte File/Folder)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S1 NEOFLTR_812_35781; C:\Windows\system32\Drivers\NEOFLTR_812_35781.SYS [108344 2015-04-13] (Pulse Secure, LLC)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-06 14:06 - 2017-05-06 14:06 - 00000000 ____D C:\FRST
2017-04-28 10:47 - 2017-04-28 10:47 - 00000000 _____ C:\Windows\System32\Drivers\29404693.sys
2017-04-27 23:27 - 2017-04-27 23:27 - 00000000 _____ C:\Windows\System32\Drivers\12763DB0.sys
2017-04-27 19:27 - 2017-04-27 19:29 - 00000095 _____ C:\Users\פטל\Desktop\קרן.vbs
2017-04-27 19:26 - 2017-04-27 19:27 - 00000094 _____ C:\Users\פטל\Desktop\KEREN.vbs
2017-04-27 19:21 - 2017-04-27 19:21 - 00000326 _____ C:\Users\פטל\Desktop\וירוס בשביל הצחוק.vbs
2017-04-27 16:26 - 2017-04-27 16:31 - 00000000 ____D C:\Users\פטל\Desktop\ווגס
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\fr
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\FileIO Plug-Ins
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\External Control Drivers
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\es
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\de
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\bdmux
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\Audio Hardware Drivers
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\2fca99749fdb49aeb121a5b63ef568f7
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\Desktop\15dd936825ad475ea34e35f3f54217a6
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\Users\פטל\AppData\Local\VEGAS
2017-04-27 16:26 - 2017-04-27 16:26 - 00000000 ____D C:\ProgramData\VEGAS
2017-04-27 16:19 - 2017-04-27 16:19 - 00000000 ____D C:\Users\פטל\Documents\MAGIX Downloads
2017-04-27 16:19 - 2017-04-27 16:19 - 00000000 ____D C:\Users\פטל\AppData\Roaming\MAGIX
2017-04-27 15:58 - 2017-04-27 15:58 - 00000000 ____D C:\Program Files\Sony
2017-04-27 15:14 - 2017-04-27 15:19 - 00000000 ____D C:\Users\פטל\AppData\Local\Sony
2017-04-27 15:14 - 2017-04-27 15:14 - 00000000 ____D C:\ProgramData\Sony
2017-04-27 15:14 - 2017-04-27 15:14 - 00000000 ____D C:\Program Files (x86)\Sony
2017-04-27 14:54 - 2017-04-27 16:31 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Sony
2017-04-27 13:43 - 2017-04-27 13:43 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-26 18:52 - 2017-04-27 13:31 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-26 18:48 - 2017-04-26 18:48 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-04-26 18:37 - 2017-04-26 18:37 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2017-04-26 18:19 - 2017-04-27 19:24 - 00000000 ____D C:\Users\פטל\Desktop\YO Gaming
2017-04-26 14:30 - 2017-04-26 14:30 - 00898337 _____ C:\Users\פטל\Desktop\קוד מגדרה.2png
2017-04-26 14:09 - 2017-04-28 10:46 - 00000000 ____D C:\Users\פטל\AppData\Local\Adobe
2017-04-26 14:09 - 2017-04-26 18:57 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Adobe
2017-04-26 14:09 - 2017-04-26 18:37 - 00000000 ____D C:\ProgramData\Adobe
2017-04-25 14:04 - 2017-04-26 18:22 - 00000000 ____D C:\Users\פטל\AppData\Local\Mirillis
2017-04-25 14:04 - 2017-04-25 14:04 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Mirillis
2017-04-25 14:04 - 2017-04-25 14:04 - 00000000 ____D C:\ProgramData\Mirillis
2017-04-25 14:04 - 2017-04-25 14:04 - 00000000 ____D C:\Action!
2017-04-25 14:02 - 2017-04-25 14:02 - 00002015 _____ C:\Users\Public\Desktop\Action!.lnk
2017-04-25 14:02 - 2017-04-25 14:02 - 00000000 ____D C:\Program Files (x86)\Mirillis
2017-04-22 20:49 - 2017-04-22 20:49 - 00749612 _____ C:\Users\פטל\Desktop\מה קורה.wav
2017-04-22 20:01 - 2017-04-22 20:01 - 05040684 _____ C:\Users\פטל\Desktop\ליהלי.wav
2017-04-22 19:56 - 2017-04-22 19:56 - 00002671 _____ C:\Users\פטל\Desktop\ליהלי.aup
2017-04-22 19:56 - 2017-04-22 19:56 - 00000000 ____D C:\Users\פטל\Desktop\ליהלי_data
2017-04-22 13:22 - 2017-04-25 19:56 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Audacity
2017-04-21 13:38 - 2017-04-21 13:38 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Wondershare AllMyTube
2017-04-21 13:36 - 2017-04-21 13:44 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
2017-04-21 13:36 - 2017-04-21 13:36 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
2017-04-21 13:36 - 2017-04-21 13:36 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-04-19 17:50 - 2017-04-19 17:50 - 00002721 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-19 17:50 - 2017-04-19 17:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-19 17:50 - 2017-04-19 17:50 - 00000000 ____D C:\Users\פטל\Tracing
2017-04-19 17:50 - 2017-04-19 17:50 - 00000000 ____D C:\ProgramData\Skype
2017-04-19 17:49 - 2017-04-19 17:49 - 00003166 _____ C:\Windows\System32\Tasks\{42BDAC5C-90FE-4642-8C54-2146C7512568}
2017-04-18 16:20 - 2017-04-18 19:37 - 00000000 ____D C:\Users\פטל\Desktop\למצגת חלבונים
2017-04-18 15:11 - 2017-04-18 23:03 - 02745793 _____ C:\Users\פטל\Desktop\חלבונים.pptx
2017-04-18 14:42 - 2017-04-18 14:42 - 00053416 _____ C:\Users\פטל\Desktop\עבודה במדעים - מישל (2).pptx
2017-04-18 14:17 - 2017-04-18 14:16 - 00053176 _____ C:\Users\פטל\Documents\עבודה במדעים - מישל.pptx
2017-04-18 10:51 - 2017-04-18 14:51 - 00000000 ____D C:\Users\פטל\Documents\SugerLand
2017-04-18 10:51 - 2017-04-18 10:51 - 00000000 ____D C:\Users\פטל\AppData\LocalLow\DefaultCompany
2017-04-18 10:43 - 2017-04-18 10:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2017-04-18 10:41 - 2017-04-18 10:41 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-04-18 10:41 - 2017-04-18 10:41 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-04-18 10:38 - 2017-04-18 10:51 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Unity
2017-04-18 10:38 - 2017-04-18 10:51 - 00000000 ____D C:\Users\פטל\AppData\LocalLow\Unity
2017-04-18 10:38 - 2017-04-18 10:51 - 00000000 ____D C:\ProgramData\Unity
2017-04-18 10:38 - 2017-04-18 10:38 - 00000000 ____D C:\Users\פטל\AppData\Roaming\vstelemetry
2017-04-18 10:38 - 2017-04-18 10:38 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Visual Studio Setup
2017-04-18 10:38 - 2017-04-18 10:38 - 00000000 ____D C:\Users\פטל\AppData\Local\Unity
2017-04-18 10:38 - 2017-04-18 10:38 - 00000000 ____D C:\Users\פטל\AppData\Local\ServiceHub
2017-04-18 10:31 - 2017-04-18 10:31 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2017-04-16 15:24 - 2017-04-16 22:44 - 434759857 _____ C:\Users\פטל\Desktop\Artemis_v2_by_d6rrien.psd
2017-04-16 15:03 - 2017-04-20 18:09 - 00531716 _____ C:\Users\פטל\Desktop\לופה הפלגה.epb
2017-04-16 15:03 - 2017-04-20 18:07 - 00000000 ___HD C:\Users\פטל\Desktop\לופה הפלגה Files
2017-04-15 15:25 - 2017-04-15 15:25 - 00000112 ____H C:\63D57C9C0BA5
2017-04-15 11:14 - 2017-04-15 21:52 - 01227966 _____ C:\Users\פטל\Documents\למישמה החודשית.pptx
2017-04-14 22:57 - 2017-04-15 09:11 - 00000000 ___RD C:\Users\פטל\Creative Cloud Files
2017-04-14 22:56 - 2017-04-26 18:57 - 00000000 ____D C:\Users\פטל\Documents\Adobe
2017-04-14 22:43 - 2017-04-26 18:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-04-14 22:42 - 2017-04-27 13:36 - 00000000 ____D C:\Program Files\Adobe
2017-04-14 22:40 - 2017-04-14 22:40 - 00001193 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-04-14 21:51 - 2017-04-28 10:47 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-04-14 21:51 - 2017-04-28 10:47 - 00000000 _____ C:\Windows\System32\Drivers\mbam.sys
2017-04-14 21:51 - 2017-04-27 23:27 - 00111544 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-04-14 21:51 - 2017-04-15 09:47 - 00092096 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-04-14 21:51 - 2017-04-14 21:51 - 00186304 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-04-14 21:51 - 2017-04-14 21:51 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-14 21:51 - 2017-04-14 21:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-14 21:51 - 2017-04-14 21:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-14 21:51 - 2017-03-22 10:02 - 00077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-04-14 18:04 - 2017-04-21 12:03 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
2017-04-14 18:04 - 2017-04-16 12:10 - 00000000 ____D C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
2017-04-14 18:04 - 2017-04-15 21:52 - 00000000 ____D C:\Users\פטל\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
2017-04-12 19:14 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 19:14 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 19:14 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 19:14 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 19:14 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 19:14 - 2017-03-25 20:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-12 19:14 - 2017-03-25 20:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 19:14 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-04-12 19:14 - 2017-03-11 05:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-12 19:14 - 2017-03-04 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 19:14 - 2017-01-18 16:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 19:14 - 2017-01-14 22:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2017-04-12 19:14 - 2016-12-25 02:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-04-12 19:13 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 19:13 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 19:13 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 19:13 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 19:13 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 19:13 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 19:13 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 19:13 - 2017-03-24 20:24 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 19:13 - 2017-03-14 16:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 19:13 - 2017-03-13 17:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 19:13 - 2017-03-13 17:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 19:13 - 2017-03-13 17:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 19:13 - 2017-03-11 05:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 19:13 - 2017-03-09 21:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 19:13 - 2017-03-08 01:21 - 01212760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 19:13 - 2017-03-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 19:13 - 2017-03-03 17:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 19:13 - 2017-02-11 18:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-04-12 19:13 - 2017-02-04 19:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 19:13 - 2017-01-14 21:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-12 19:13 - 2017-01-11 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-04-12 19:13 - 2017-01-10 21:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-04-12 19:13 - 2017-01-10 21:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-04-12 19:13 - 2017-01-06 19:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-04-12 19:13 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2017-04-12 19:10 - 2017-01-12 17:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storvsp.sys
2017-04-12 19:10 - 2017-01-12 17:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vpcivsp.sys
2017-04-12 19:10 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\System32\winshfhc.dll
2017-04-12 19:09 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-04-12 19:09 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-04-12 19:09 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-04-12 19:09 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-04-12 19:09 - 2017-03-25 19:12 - 01033216 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2017-04-12 19:09 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-04-12 19:09 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-04-12 19:09 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-04-12 19:09 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-04-12 19:09 - 2017-03-14 21:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2017-04-12 19:09 - 2017-03-14 16:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2017-04-12 19:09 - 2017-03-14 16:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2017-04-12 19:09 - 2017-03-14 16:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2017-04-12 19:09 - 2017-03-13 18:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2017-04-12 19:09 - 2017-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2017-04-12 19:09 - 2017-03-13 18:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2017-04-12 19:09 - 2017-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2017-04-12 19:09 - 2017-03-11 05:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2017-04-12 19:09 - 2017-03-11 05:49 - 01549144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2017-04-12 19:09 - 2017-03-11 05:49 - 00388440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2017-04-12 19:09 - 2017-03-09 23:13 - 04169216 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-04-12 19:09 - 2017-03-04 21:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2017-04-12 19:09 - 2017-03-04 21:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2017-04-12 19:09 - 2017-03-04 18:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2017-04-12 19:09 - 2017-03-03 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\mfmjpegdec.dll
2017-04-12 19:09 - 2017-02-11 20:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2017-04-12 19:09 - 2017-02-11 19:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2017-04-12 19:09 - 2017-02-11 18:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\System32\DafPrintProvider.dll
2017-04-12 19:09 - 2017-02-10 21:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-04-12 19:09 - 2017-02-10 16:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2017-04-12 19:09 - 2017-02-01 21:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-04-12 19:09 - 2017-02-01 21:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-04-12 19:09 - 2017-01-21 21:22 - 00559104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys
2017-04-12 19:09 - 2017-01-19 04:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2017-04-12 19:09 - 2017-01-18 16:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2017-04-12 19:09 - 2017-01-14 16:37 - 00447095 _____ C:\Windows\System32\ApnDatabase.xml
2017-04-12 19:09 - 2017-01-12 18:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2017-04-12 19:09 - 2017-01-12 18:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys
2017-04-12 19:09 - 2017-01-11 21:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\SessEnv.dll
2017-04-12 19:09 - 2017-01-11 19:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2017-04-12 19:09 - 2017-01-10 23:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\System32\netlogon.dll
2017-04-12 19:09 - 2017-01-10 22:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\System32\mispace.dll
2017-04-12 19:09 - 2017-01-06 19:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\System32\storagewmi.dll
2017-04-12 19:09 - 2016-12-25 03:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2017-04-12 19:09 - 2016-12-25 03:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\System32\WinSCard.dll
2017-04-12 19:09 - 2016-12-25 02:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\certprop.dll
2017-04-12 19:09 - 2016-12-25 01:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\ScDeviceEnum.dll
2017-04-12 19:09 - 2016-12-09 10:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2017-04-12 19:08 - 2017-03-25 19:00 - 00378880 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-04-12 19:08 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-04-12 19:08 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-04-12 19:08 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-04-12 19:08 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-04-12 19:08 - 2017-03-25 06:43 - 01375960 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2017-04-12 19:08 - 2017-03-11 05:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2017-04-12 19:08 - 2017-03-09 23:08 - 00044032 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2017-04-12 19:08 - 2017-03-08 01:25 - 01661064 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2017-04-12 19:08 - 2017-03-03 17:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2017-04-12 19:08 - 2017-02-04 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\samlib.dll
2017-04-12 19:08 - 2017-02-04 19:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2017-04-12 19:08 - 2017-01-12 08:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2017-04-12 19:08 - 2017-01-11 00:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2017-04-12 19:07 - 2017-03-12 17:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys
2017-04-12 18:16 - 2017-04-12 18:16 - 00030912 _____ (Microsoft Corporation) C:\Windows\System32\aspnet_counters.dll
2017-04-12 18:16 - 2017-04-12 18:16 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-04-12 18:16 - 2017-04-12 18:16 - 00018600 _____ (Microsoft Corporation) C:\Windows\System32\msvcr100_clr0400.dll
2017-04-12 18:16 - 2017-04-12 18:16 - 00018592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-04-09 07:23 - 2017-04-21 00:10 - 699101291 _____ C:\Users\פטל\Desktop\PACK GFX CLASH ROYALE.psd
2017-04-08 18:28 - 2017-04-08 18:28 - 00000000 ___HD C:\$AV_ASW
2017-04-08 14:01 - 2017-04-08 14:01 - 84720431 _____ C:\Users\פטל\Desktop\Pack CR Dias Gamer.zip
2017-04-08 07:53 - 2017-04-27 16:10 - 00000000 ____D C:\Users\פטל\Desktop\New folder (2)
2017-04-06 17:17 - 2017-04-21 18:37 - 00000000 ____D C:\Users\פטל\Desktop\עיצובים

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-28 10:53 - 2016-10-26 20:23 - 00000000 ____D C:\Users\פטל\AppData\Roaming\Skype
2017-04-28 10:46 - 2016-10-03 10:40 - 00000000 ____D C:\ProgramData\BOINC
2017-04-28 00:01 - 2016-06-05 19:14 - 00000000 ____D C:\Users\פטל\AppData\Roaming\ClassicShell
2017-04-28 00:01 - 2016-06-05 18:43 - 00000000 ____D C:\users\פטל
2017-04-27 16:36 - 2016-06-05 18:48 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2842843405-2964105787-4272361244-1001
2017-04-27 16:30 - 2017-03-18 10:43 - 00000000 ____D C:\Users\פטל\AppData\Local\CrashDumps
2017-04-27 16:26 - 2016-06-05 19:51 - 08063488 ___SH C:\Users\פטל\Desktop\Thumbs.db
2017-04-27 15:29 - 2017-01-23 16:18 - 00002243 _____ C:\Users\פטל\Desktop\Gmail.lnk
2017-04-27 15:29 - 2016-07-06 05:54 - 00001351 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-04-27 15:26 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-04-27 14:58 - 2016-10-26 20:23 - 00000000 ____D C:\Users\פטל\AppData\Roaming\MPC-HC
2017-04-27 13:34 - 2016-06-05 18:48 - 00865068 _____ C:\Windows\System32\PerfStringBackup.INI
2017-04-27 13:34 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-04-27 13:28 - 2017-03-10 16:39 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-04-27 13:28 - 2016-06-25 19:28 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-04-27 13:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-27 13:28 - 2013-08-22 16:44 - 00580000 _____ C:\Windows\System32\FNTCACHE.DAT
2017-04-26 19:06 - 2017-03-04 09:17 - 00000000 ____D C:\Users\פטל\AppData\Roaming\WhatsApp
2017-04-26 14:31 - 2017-04-04 17:05 - 00000132 _____ C:\Users\פטל\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-04-25 15:12 - 2017-01-01 18:03 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-04-25 15:11 - 2017-01-01 18:03 - 00000552 _____ C:\Users\פטל\AppData\Local\TroubleshooterConfig.json
2017-04-23 16:10 - 2017-01-01 18:18 - 00000000 ____D C:\Users\פטל\AppData\Local\Troubleshooter
2017-04-21 13:43 - 2017-03-10 16:21 - 00005234 _____ C:\Users\פטל\Documents\starburn.txt
2017-04-21 13:36 - 2017-03-10 16:21 - 00000000 ____D C:\ProgramData\Wondershare
2017-04-21 13:36 - 2017-03-10 15:52 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-04-21 13:26 - 2016-11-05 09:14 - 00000000 ____D C:\Users\פטל\Documents\Bandicam
2017-04-20 19:08 - 2016-10-26 20:02 - 00015872 _____ C:\Users\פטל\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-20 17:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\System32\FxsTmp
2017-04-18 21:00 - 2013-08-22 17:36 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-04-18 16:18 - 2017-03-04 09:29 - 00035840 ___SH C:\Users\פטל\Documents\Thumbs.db
2017-04-18 15:27 - 2016-10-25 14:15 - 00158312 _____ C:\Users\פטל\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-18 10:43 - 2016-10-25 12:16 - 00000000 ____D C:\Users\פטל\AppData\Local\VirtualStore
2017-04-18 10:42 - 2016-06-05 18:49 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-18 10:41 - 2016-06-05 19:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-18 10:41 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-18 10:39 - 2016-06-05 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-04-18 10:30 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-04-15 09:20 - 2017-03-10 16:16 - 00002493 _____ C:\Users\פטל\Desktop\My Movie.wlmp
2017-04-14 22:57 - 2017-03-18 10:45 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-04-14 22:39 - 2017-04-04 07:57 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-14 11:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-04-13 20:22 - 2017-02-14 19:37 - 03344493 _____ C:\Users\פטל\Desktop\לוגו ליהלי.pptx
2017-04-13 08:51 - 2016-07-04 20:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-13 08:51 - 2016-07-04 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 22:40 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-04-12 22:40 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-12 22:40 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 22:40 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\System32\config\BBI
2017-04-12 18:56 - 2016-06-07 13:24 - 00000000 ____D C:\Windows\System32\MRT
2017-04-12 18:55 - 2016-06-07 13:24 - 148601744 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-04-11 22:27 - 2016-11-18 15:34 - 00010240 ___SH C:\Users\פטל\Thumbs.db
2017-04-11 22:14 - 2016-06-05 19:21 - 00003360 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:14 - 2016-06-05 19:21 - 00003232 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 11:44 - 2016-12-31 20:15 - 00150528 _____ C:\Users\פטל\Desktop\תשלום יפה ספטמבר.xls
2017-04-09 07:08 - 2017-03-22 20:02 - 00000000 ____D C:\Users\פטל\Desktop\חולצה
2017-04-09 06:43 - 2016-12-10 10:32 - 00003162 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-09 06:43 - 2016-10-03 10:48 - 00003170 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2842843405-2964105787-4272361244-1001
2017-04-07 17:35 - 2016-07-06 05:54 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1467777295
2017-04-06 23:51 - 2017-04-01 12:05 - 01158836 _____ C:\Users\פטל\Desktop\gucsv 1.pptx
2017-04-06 16:27 - 2016-06-05 19:25 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 8119.7 MB
Available physical RAM: 7253.86 MB
Total Virtual: 8119.7 MB
Available Virtual: 7331.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:0.02 GB) NTFS
Drive d: (‏‏שמור על-ידי המערכת) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:931.51 GB) (Free:686.85 GB) NTFS
Drive f: (ESD-USB) (Removable) (Total:7.22 GB) (Free:3.95 GB) FAT32
Drive h: () (Fixed) (Total:244.04 GB) (Free:118.01 GB) NTFS
Drive i: () (Fixed) (Total:221.62 GB) (Free:178.75 GB) NTFS
Drive j: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 383E486D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D0BCA43F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9FF9A5B4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-04-20 15:43

==================== End of FRST.txt ============================

Link to post
Share on other sites
Hello rt2011 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Let me see that log in your reply....

Reboot and see if windows opens normally

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

 

Thanks for your reply.

I tried and still the same error about mbamswissarmy.sys.

Fixlog.txt ->

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-05-2017 02
Ran by SYSTEM (07-05-2017 18:38:31) Run:1
Running from f:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
Start
LastRegBack: 2017-04-20 15:43 
end

*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => Could not copy
SOFTWARE => restored successfully from registry back up
SYSTEM => Could not copy
SYSTEM => restored successfully from registry back up

==== End of Fixlog 18:38:35 ====

Link to post
Share on other sites

Boot to System Recovery Options and run FRST as you did to get the log.

Type the following in the edit box after "Search:".

mbamswissarmy.sys

Click Search files button and post the log (Search.txt) it makes to your reply.

Link to post
Share on other sites

Hi,

 

Search.txt ->

Farbar Recovery Scan Tool (x64) Version: 05-05-2017 02
Ran by SYSTEM (07-05-2017 23:48:15)
Running from f:\
Boot Mode: Recovery

================== Search Files: "mbamswissarmy.sys" =============

C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017-04-14 11:51][2017-04-28 00:47] 0000000 _____ () 

====== End of Search ======

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Re-Boot, does windows boot normally...?

 

fixlist.txt

Link to post
Share on other sites

We need to re-install Malwarebytes, run a scan and see what shows in the log.... I `d also like you to run FRST with your system in Normal Mode...

Before those scans make a registry back up as follows:

Tweaking.com Registry Backup
 
  • Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on hPxdDvj.png and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.(Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.)
  • A screen like this should appear:
    user posted image
     
  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.


Next,

Totally Remove Malwarebytes from your system:

Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop..
 
  • Double-click mb-clean.exe to run it
  • A prompt to confirm the cleanup will appear, select Yes or No
  • Yes - will proceed with the cleanup process <---- Select this option to start the tool
  • No - will exit the utility
  • The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes.
  • Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot
  • We recommend an immediate reboot <--- Do Not miss out this step
  • Suppressing the reboot may result in an incomplete cleanup
  • Upon reboot Malwarebytes will be totally removed from your system


To re-install Malwarebytes:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/
 
  • Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....
  • When the install completes and is updated do the following:
  • Open Malwarebytes, select > "settings" > "protection tab"
  • Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....
  • Go back to "DashBoard" select the Blue "Scan Now" tab......


When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your next reply...

Thank you,

Kevin....
Link to post
Share on other sites

Hiya Roy

How long are you away..? I`d like to see the logs to see what is happening with your System... Post back when you`re ready, if it will be more thatn 3 days please let me know.

Thank you,

Kevin

Edited by kevinf80
Link to post
Share on other sites
  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.