Jump to content

cannot open any security or anti virus programs due to running resource mes


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Micke (administrator) on DESKTOP-BLBF82Q (07-09-2017 22:26:01)
Running from M:\
Loaded Profiles: Micke (Available Profiles: defaultuser0 & Micke)
Platform: Windows 10 Pro Version 1607 (X64) Language: Spanish (Mexico)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
() C:\Windows\System32\mshrjxt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [vmaytuh] => "C:\Users\Micke\AppData\Local\ntuserlitelist\vmaytuh\vmaytuh.exe" -starup
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3920672 2017-03-30] (IObit)
HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-07-05] (The NWJS Community)
HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{a1979b52-5b6c-42c8-9520-b0ec26bb7c56}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{f2b1199e-d825-4da4-8222-57774f1ec9c0}: [DhcpNameServer] 208.67.222.222 208.67.220.220

Internet Explorer:
==================
HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~2\IObit\IOBITM~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL => No File
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll => No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-05-01]

FireFox:
========
FF DefaultProfile: 0knd2vyl.default
FF ProfilePath: C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default [2017-09-07]
FF Homepage: Mozilla\Firefox\Profiles\0knd2vyl.default -> hxxp://www.bbc.co.uk/
FF Extension: (SwytShop) - C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\Extensions\323D625D490FE8DD@ext.u.xpi [2017-08-21]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2017-07-05]
FF Extension: (Toolbar Button for Facebook™) - C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\Extensions\{72c9fdff-bccd-4fac-a08e-857103c6e721}.xpi [2017-06-22]
FF Extension: (Yahoo Mail Button) - C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\Extensions\{c9b4529a-eeba-4e48-976e-f3d3f9026e04}.xpi [2017-06-08]
FF Extension: (Adblock Plus) - C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF Extension: (Firefox Screenshots) - C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\features\{a0e7c5e9-e714-4d16-9c85-207697af781d}\screenshots@mozilla.org.xpi [2017-09-02]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1683162545-4236984137-2836460707-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Micke\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR NewTab: Default -> "active": false,
            "entry": "chrome-extension://kgghpkceelbpbjbhmlkljjopjdbeacib/newtab/newtab.html"
          
CHR Profile: C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default [2017-09-07]
CHR Extension: (Google Slides) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-03]
CHR Extension: (Google Docs) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-03]
CHR Extension: (Google Drive) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-03]
CHR Extension: (YouTube) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-03]
CHR Extension: (Google Sheets) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-06]
CHR Extension: (Email Access Online V2.8) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgghpkceelbpbjbhmlkljjopjdbeacib [2017-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit)
S3 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889888 2017-08-01] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 HWiNFO32; C:\Windows\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-03-03] (REALiX(tm))
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [947712 2017-03-03] (Realtek )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-09-07] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-07 19:08 - 2017-09-07 19:08 - 000000703 _____ C:\Users\Micke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mb3-setup-consumer-3.2.2.lnk
2017-09-07 18:57 - 2017-09-07 18:57 - 000000000 ____D C:\Users\Micke\AppData\Local\ntuserlitelist
2017-09-07 18:50 - 2017-09-07 18:50 - 000000000 ____D C:\Users\Micke\AppData\Local\CrashDumps
2017-09-07 16:22 - 2017-09-07 18:11 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-07 16:20 - 2017-09-07 16:20 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-07 12:06 - 2017-09-07 22:26 - 000000000 ____D C:\FRST
2017-09-07 10:27 - 2017-09-07 10:27 - 000194776 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-07 10:27 - 2017-09-07 10:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-07 09:58 - 2017-09-07 09:58 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-07 09:58 - 2017-09-07 09:58 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-07 09:58 - 2017-09-07 09:58 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-07 09:58 - 2017-09-07 09:58 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-07 09:58 - 2017-09-07 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-07 09:58 - 2017-09-07 09:58 - 000000000 ____D C:\Program Files\CCleaner
2017-09-07 09:44 - 2017-09-07 09:44 - 000000000 ____D C:\Users\Micke\AppData\Roaming\Visan
2017-09-07 09:44 - 2017-09-07 09:44 - 000000000 ____D C:\Users\Micke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2017-09-07 09:44 - 2017-09-07 09:44 - 000000000 ____D C:\Users\Micke\AppData\Roaming\HP Photo Creations
2017-09-07 09:44 - 2017-09-07 09:44 - 000000000 ____D C:\Users\Micke\AppData\Local\RLPlatform
2017-09-07 08:59 - 2017-09-07 09:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-09-07 08:59 - 2017-09-07 09:02 - 000000000 ____D C:\ProgramData\HP
2017-09-07 08:59 - 2017-09-07 08:59 - 000003754 _____ C:\Windows\System32\Tasks\HPCustParticipation HP DeskJet 3630 series
2017-09-07 08:59 - 2017-09-07 08:59 - 000002289 _____ C:\Users\Public\Desktop\HP DeskJet 3630 series.lnk
2017-09-07 08:59 - 2017-09-07 08:59 - 000001236 _____ C:\Users\Public\Desktop\Shop for Supplies - HP DeskJet 3630 series.lnk
2017-09-07 08:59 - 2017-09-07 08:59 - 000000000 ____D C:\Users\Micke\AppData\Roaming\HpUpdate
2017-09-07 08:59 - 2017-09-07 08:59 - 000000000 ____D C:\ProgramData\Visan
2017-09-07 08:59 - 2017-09-07 08:59 - 000000000 ____D C:\Program Files (x86)\HP
2017-09-07 08:59 - 2017-09-07 08:59 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-09-07 08:59 - 2015-04-09 02:32 - 000803848 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPME311.dll
2017-09-07 08:58 - 2017-09-07 08:58 - 000000057 _____ C:\ProgramData\Ament.ini
2017-09-07 08:58 - 2017-09-07 08:58 - 000000000 ____D C:\Program Files\HP
2017-09-07 08:57 - 2017-09-07 09:50 - 000000000 ____D C:\Users\Micke\AppData\Local\HP
2017-09-07 08:46 - 2017-09-07 08:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-06 12:29 - 2017-09-06 12:29 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-09-06 12:29 - 2017-09-06 12:29 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-09-06 12:29 - 2017-09-06 12:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-09-06 12:29 - 2017-09-06 12:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-09-02 10:32 - 2017-08-04 07:31 - 001564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-09-02 10:32 - 2017-08-04 07:31 - 001214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-09-02 10:32 - 2017-08-04 07:31 - 000629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-09-02 10:32 - 2017-08-04 07:31 - 000544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-09-02 10:32 - 2017-08-04 07:31 - 000335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-09-02 10:32 - 2017-08-04 07:31 - 000334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-09-02 10:32 - 2017-08-04 07:31 - 000233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-09-02 10:32 - 2017-08-04 07:31 - 000136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-09-02 10:32 - 2017-08-04 07:31 - 000096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-09-02 10:32 - 2017-08-04 07:31 - 000034656 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-09-02 10:32 - 2017-08-04 06:26 - 000192864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-08-20 19:35 - 2017-04-21 23:53 - 000029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-08-20 19:35 - 2017-04-21 23:53 - 000018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-08-20 19:35 - 2017-04-21 23:50 - 000030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-08-20 19:35 - 2017-04-21 23:50 - 000018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-08-18 12:33 - 2017-08-18 12:33 - 002793472 ____N C:\Windows\system32\mshrjxt.exe
2017-08-18 12:06 - 2017-08-01 21:32 - 000133984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-18 12:06 - 2017-08-01 21:31 - 007780192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-18 12:06 - 2017-08-01 21:27 - 000118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-18 12:06 - 2017-08-01 21:22 - 001860288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-08-18 12:06 - 2017-08-01 21:22 - 000360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2017-08-18 12:06 - 2017-08-01 21:21 - 002759712 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-18 12:06 - 2017-08-01 21:21 - 000857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-08-18 12:06 - 2017-08-01 21:20 - 000557408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-08-18 12:06 - 2017-08-01 21:18 - 008169536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-08-18 12:06 - 2017-08-01 21:18 - 004260064 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-08-18 12:06 - 2017-08-01 21:18 - 001983408 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-08-18 12:06 - 2017-08-01 21:18 - 001702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-08-18 12:06 - 2017-08-01 21:18 - 000092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-08-18 12:06 - 2017-08-01 21:17 - 022220856 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-08-18 12:06 - 2017-08-01 21:17 - 001072248 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-08-18 12:06 - 2017-08-01 21:17 - 000244816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-08-18 12:06 - 2017-08-01 21:13 - 002532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-08-18 12:06 - 2017-08-01 21:13 - 000387872 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2017-08-18 12:06 - 2017-08-01 20:58 - 000299008 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2017-08-18 12:06 - 2017-08-01 20:57 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2017-08-18 12:06 - 2017-08-01 20:57 - 000372736 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2017-08-18 12:06 - 2017-08-01 20:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-18 12:06 - 2017-08-01 20:52 - 022569472 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-08-18 12:06 - 2017-08-01 20:52 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Diagnostics.dll
2017-08-18 12:06 - 2017-08-01 20:51 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-18 12:06 - 2017-08-01 20:50 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-08-18 12:06 - 2017-08-01 20:48 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-18 12:06 - 2017-08-01 20:48 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-08-18 12:06 - 2017-08-01 20:47 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-08-18 12:06 - 2017-08-01 20:47 - 000691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-08-18 12:06 - 2017-08-01 20:46 - 000590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2017-08-18 12:06 - 2017-08-01 20:46 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-18 12:06 - 2017-08-01 20:46 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\Phoneutil.dll
2017-08-18 12:06 - 2017-08-01 20:46 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-08-18 12:06 - 2017-08-01 20:45 - 000561664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Wallet.dll
2017-08-18 12:06 - 2017-08-01 20:45 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-08-18 12:06 - 2017-08-01 20:45 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-08-18 12:06 - 2017-08-01 20:44 - 000642048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.InkControls.dll
2017-08-18 12:06 - 2017-08-01 20:43 - 000963584 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2017-08-18 12:06 - 2017-08-01 20:42 - 006288384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-08-18 12:06 - 2017-08-01 20:40 - 000945664 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2017-08-18 12:06 - 2017-08-01 20:38 - 013441536 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-08-18 12:06 - 2017-08-01 20:37 - 013091328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-18 12:06 - 2017-08-01 20:36 - 023677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-18 12:06 - 2017-08-01 20:35 - 001908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-08-18 12:06 - 2017-08-01 20:34 - 001837056 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2017-08-18 12:06 - 2017-08-01 20:32 - 008114688 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-08-18 12:06 - 2017-08-01 20:32 - 004596224 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2017-08-18 12:06 - 2017-08-01 20:32 - 003401216 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-18 12:06 - 2017-08-01 20:30 - 000913920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2017-08-18 12:06 - 2017-08-01 20:29 - 004743680 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-18 12:06 - 2017-08-01 20:29 - 002852864 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-18 12:06 - 2017-08-01 20:29 - 000874496 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2017-08-18 12:06 - 2017-08-01 20:28 - 002895360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-18 12:06 - 2017-08-01 20:27 - 008076288 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-08-18 12:06 - 2017-08-01 20:27 - 004149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-08-18 12:06 - 2017-08-01 20:27 - 002695680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-08-18 12:06 - 2017-08-01 20:27 - 002538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-18 12:06 - 2017-08-01 20:27 - 001984000 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-08-18 12:06 - 2017-08-01 20:27 - 000903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-18 12:06 - 2017-08-01 20:27 - 000774656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2017-08-18 12:06 - 2017-08-01 20:27 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2017-08-18 12:06 - 2017-08-01 20:26 - 001949696 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2017-08-18 12:06 - 2017-08-01 20:26 - 001513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-08-18 12:06 - 2017-08-01 20:26 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2017-08-18 12:06 - 2017-08-01 20:24 - 003299840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-08-18 12:06 - 2017-08-01 20:24 - 001121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-08-18 12:06 - 2017-08-01 20:24 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-08-18 12:06 - 2017-08-01 20:24 - 000924672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-18 12:06 - 2017-08-01 19:20 - 002264344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-18 12:06 - 2017-08-01 19:20 - 001431232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-18 12:06 - 2017-08-01 19:20 - 000781144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-08-18 12:06 - 2017-08-01 19:20 - 000116576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2017-08-18 12:06 - 2017-08-01 19:19 - 001980776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-08-18 12:06 - 2017-08-01 19:19 - 000577976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-18 12:06 - 2017-08-01 19:19 - 000339896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2017-08-18 12:06 - 2017-08-01 19:19 - 000266080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2017-08-18 12:06 - 2017-08-01 19:19 - 000120416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2017-08-18 12:06 - 2017-08-01 19:18 - 000139104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-18 12:06 - 2017-08-01 19:16 - 006665952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-18 12:06 - 2017-08-01 19:16 - 004023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-08-18 12:06 - 2017-08-01 19:16 - 001845512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-08-18 12:06 - 2017-08-01 19:15 - 020967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-08-18 12:06 - 2017-08-01 19:15 - 001360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-08-18 12:06 - 2017-08-01 19:15 - 001277856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-08-18 12:06 - 2017-08-01 19:15 - 000981888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-08-18 12:06 - 2017-08-01 19:10 - 000306800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2017-08-18 12:06 - 2017-08-01 19:07 - 005686784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-08-18 12:06 - 2017-08-01 18:59 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tokenbinding.dll
2017-08-18 12:06 - 2017-08-01 18:58 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerUI.dll
2017-08-18 12:06 - 2017-08-01 18:56 - 000177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-18 12:06 - 2017-08-01 18:56 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.HostName.dll
2017-08-18 12:06 - 2017-08-01 18:55 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-18 12:06 - 2017-08-01 18:54 - 000505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2017-08-18 12:06 - 2017-08-01 18:54 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2017-08-18 12:06 - 2017-08-01 18:54 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-08-18 12:06 - 2017-08-01 18:53 - 000557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-08-18 12:06 - 2017-08-01 18:52 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2017-08-18 12:06 - 2017-08-01 18:52 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
2017-08-18 12:06 - 2017-08-01 18:51 - 000483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-18 12:06 - 2017-08-01 18:51 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-18 12:06 - 2017-08-01 18:51 - 000388608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-18 12:06 - 2017-08-01 18:51 - 000306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-08-18 12:06 - 2017-08-01 18:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-08-18 12:06 - 2017-08-01 18:51 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2017-08-18 12:06 - 2017-08-01 18:50 - 000431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2017-08-18 12:06 - 2017-08-01 18:50 - 000284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2017-08-18 12:06 - 2017-08-01 18:50 - 000260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Phoneutil.dll
2017-08-18 12:06 - 2017-08-01 18:50 - 000125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2017-08-18 12:06 - 2017-08-01 18:49 - 004615168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-08-18 12:06 - 2017-08-01 18:48 - 000297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-18 12:06 - 2017-08-01 18:48 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
2017-08-18 12:06 - 2017-08-01 18:47 - 000846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2017-08-18 12:06 - 2017-08-01 18:47 - 000787968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2017-08-18 12:06 - 2017-08-01 18:47 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2017-08-18 12:06 - 2017-08-01 18:47 - 000525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2017-08-18 12:06 - 2017-08-01 18:47 - 000396288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2017-08-18 12:06 - 2017-08-01 18:47 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-08-18 12:06 - 2017-08-01 18:45 - 002333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-08-18 12:06 - 2017-08-01 18:45 - 001985536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2017-08-18 12:06 - 2017-08-01 18:42 - 018364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-08-18 12:06 - 2017-08-01 18:41 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2017-08-18 12:06 - 2017-08-01 18:40 - 019415040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-18 12:06 - 2017-08-01 18:40 - 012187136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-18 12:06 - 2017-08-01 18:39 - 007626240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-08-18 12:06 - 2017-08-01 18:39 - 001255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-08-18 12:06 - 2017-08-01 18:38 - 000458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2017-08-18 12:06 - 2017-08-01 18:37 - 012349440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-08-18 12:06 - 2017-08-01 18:37 - 003520512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2017-08-18 12:06 - 2017-08-01 18:37 - 002641920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-18 12:06 - 2017-08-01 18:37 - 000647168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comuid.dll
2017-08-18 12:06 - 2017-08-01 18:37 - 000468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-18 12:06 - 2017-08-01 18:36 - 007468544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-08-18 12:06 - 2017-08-01 18:35 - 000675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2017-08-18 12:06 - 2017-08-01 18:34 - 001170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-08-18 12:06 - 2017-08-01 18:34 - 000886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-08-18 12:06 - 2017-08-01 18:34 - 000709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-08-18 12:06 - 2017-08-01 18:33 - 006031872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-08-18 12:06 - 2017-08-01 18:33 - 000589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2017-08-18 12:06 - 2017-08-01 18:32 - 002682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2017-08-18 12:06 - 2017-08-01 18:32 - 002648576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2017-08-18 12:06 - 2017-08-01 18:31 - 003664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-18 12:06 - 2017-08-01 18:31 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-18 12:06 - 2017-08-01 18:31 - 000773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-18 12:06 - 2017-08-01 18:31 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2017-08-18 12:06 - 2017-08-01 18:31 - 000598528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2017-08-18 12:06 - 2017-08-01 18:31 - 000566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2017-08-18 12:06 - 2017-08-01 18:31 - 000542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-18 12:06 - 2017-08-01 18:30 - 002997248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-08-18 12:06 - 2017-08-01 18:30 - 002482688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-18 12:06 - 2017-08-01 18:30 - 001886720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-08-18 12:06 - 2017-08-01 18:30 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2017-08-18 12:06 - 2017-08-01 18:30 - 001013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2017-08-18 12:06 - 2017-08-01 18:30 - 000751104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-18 12:06 - 2017-08-01 18:30 - 000711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2017-08-18 12:06 - 2017-08-01 18:29 - 003106304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-08-18 12:06 - 2017-08-01 18:28 - 000783360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-18 12:06 - 2017-08-01 16:15 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-18 12:06 - 2017-07-12 08:17 - 000081760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-08-18 12:06 - 2017-07-12 08:15 - 002213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-18 12:06 - 2017-07-12 08:15 - 000496872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-08-18 12:06 - 2017-07-12 08:12 - 001706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-18 12:06 - 2017-07-12 08:12 - 001573280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-18 12:06 - 2017-07-12 08:09 - 001181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-08-18 12:06 - 2017-07-12 08:02 - 002186592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-08-18 12:06 - 2017-07-12 08:02 - 000402776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-08-18 12:06 - 2017-07-12 08:01 - 000715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-08-18 12:06 - 2017-07-12 08:01 - 000156000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2017-08-18 12:06 - 2017-07-12 08:00 - 000160608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2017-08-18 12:06 - 2017-07-12 08:00 - 000095584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2017-08-18 12:06 - 2017-07-12 07:59 - 000857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2017-08-18 12:06 - 2017-07-12 07:59 - 000148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2017-08-18 12:06 - 2017-07-12 07:56 - 000277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-08-18 12:06 - 2017-07-12 07:55 - 000607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2017-08-18 12:06 - 2017-07-12 07:55 - 000111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2017-08-18 12:06 - 2017-07-12 07:52 - 004312760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-08-18 12:06 - 2017-07-12 07:35 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dabapi.dll
2017-08-18 12:06 - 2017-07-12 07:32 - 000227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2017-08-18 12:06 - 2017-07-12 07:32 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\frprov.dll
2017-08-18 12:06 - 2017-07-12 07:31 - 000130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2017-08-18 12:06 - 2017-07-12 07:31 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfnet.dll
2017-08-18 12:06 - 2017-07-12 07:30 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2017-08-18 12:06 - 2017-07-12 07:29 - 000328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2017-08-18 12:06 - 2017-07-12 07:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2017-08-18 12:06 - 2017-07-12 07:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2017-08-18 12:06 - 2017-07-12 07:24 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scmdisk0101.sys
2017-08-18 12:06 - 2017-07-12 07:24 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\perfnet.dll
2017-08-18 12:06 - 2017-07-12 07:23 - 000671232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-08-18 12:06 - 2017-07-12 07:23 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-08-18 12:06 - 2017-07-12 07:23 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\RdpRelayTransport.dll
2017-08-18 12:06 - 2017-07-12 07:23 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-08-18 12:06 - 2017-07-12 07:23 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-08-18 12:06 - 2017-07-12 07:21 - 000711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-08-18 12:06 - 2017-07-12 07:21 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2017-08-18 12:06 - 2017-07-12 07:19 - 006474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-08-18 12:06 - 2017-07-12 07:18 - 000525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-08-18 12:06 - 2017-07-12 07:17 - 000552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-08-18 12:06 - 2017-07-12 07:16 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2017-08-18 12:06 - 2017-07-12 07:15 - 000893440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2017-08-18 12:06 - 2017-07-12 07:15 - 000029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2017-08-18 12:06 - 2017-07-12 07:14 - 000536064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-08-18 12:06 - 2017-07-12 07:13 - 000855040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2017-08-18 12:06 - 2017-07-12 07:12 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-08-18 12:06 - 2017-07-12 07:11 - 002154496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-08-18 12:06 - 2017-07-12 07:10 - 000878592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-08-18 12:06 - 2017-07-12 07:10 - 000546304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-08-18 12:06 - 2017-07-12 07:09 - 000641024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-08-18 12:06 - 2017-07-12 07:07 - 001572352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-08-18 12:06 - 2017-07-12 07:06 - 000937984 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-08-18 12:06 - 2017-07-12 07:06 - 000549376 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-08-18 12:06 - 2017-07-12 07:05 - 000565248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2017-08-18 12:06 - 2017-07-12 07:03 - 000779776 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2017-08-18 12:06 - 2017-07-12 07:01 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2017-08-18 12:06 - 2017-07-12 07:00 - 002370048 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-08-18 12:06 - 2017-07-12 06:58 - 001231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-08-18 12:06 - 2017-07-12 06:58 - 001130496 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-08-18 12:06 - 2017-07-12 06:58 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-08-18 12:06 - 2017-07-12 06:57 - 000735744 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-08-18 12:06 - 2017-07-12 06:56 - 001826816 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-08-18 12:06 - 2017-07-12 04:49 - 000448629 _____ C:\Windows\system32\ApnDatabase.xml
2017-08-18 12:06 - 2017-03-04 08:07 - 000909312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2017-08-18 12:06 - 2017-03-04 08:05 - 001328640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2017-08-18 12:06 - 2017-03-04 08:05 - 000134144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ErrorDetails.dll
2017-08-18 12:05 - 2017-08-01 21:29 - 000376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-08-18 12:05 - 2017-08-01 21:25 - 000168800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-18 12:05 - 2017-08-01 21:21 - 000624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-08-18 12:05 - 2017-08-01 21:21 - 000295264 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2017-08-18 12:05 - 2017-08-01 21:21 - 000146784 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2017-08-18 12:05 - 2017-08-01 21:21 - 000124072 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2017-08-18 12:05 - 2017-08-01 21:21 - 000026976 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2017-08-18 12:05 - 2017-08-01 21:20 - 002446704 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-08-18 12:05 - 2017-08-01 21:20 - 000684344 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-18 12:05 - 2017-08-01 21:20 - 000383776 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2017-08-18 12:05 - 2017-08-01 21:20 - 000144736 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-18 12:05 - 2017-08-01 21:20 - 000079712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys
2017-08-18 12:05 - 2017-08-01 21:17 - 001600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-08-18 12:05 - 2017-08-01 21:17 - 000241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-08-18 12:05 - 2017-08-01 21:13 - 001102176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-08-18 12:05 - 2017-08-01 21:01 - 007218176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-08-18 12:05 - 2017-08-01 20:54 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\tokenbinding.dll
2017-08-18 12:05 - 2017-08-01 20:52 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2017-08-18 12:05 - 2017-08-01 20:48 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-18 12:05 - 2017-08-01 20:47 - 000651264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.AllJoyn.dll
2017-08-18 12:05 - 2017-08-01 20:47 - 000268800 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2017-08-18 12:05 - 2017-08-01 20:47 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.HostName.dll
2017-08-18 12:05 - 2017-08-01 20:47 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerUI.dll
2017-08-18 12:05 - 2017-08-01 20:46 - 000379904 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2017-08-18 12:05 - 2017-08-01 20:46 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2017-08-18 12:05 - 2017-08-01 20:46 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-18 12:05 - 2017-08-01 20:46 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2017-08-18 12:05 - 2017-08-01 20:46 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2017-08-18 12:05 - 2017-08-01 20:45 - 000805888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-18 12:05 - 2017-08-01 20:45 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-18 12:05 - 2017-08-01 20:45 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2017-08-18 12:05 - 2017-08-01 20:45 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2017-08-18 12:05 - 2017-08-01 20:44 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2017-08-18 12:05 - 2017-08-01 20:43 - 000966144 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2017-08-18 12:05 - 2017-08-01 20:43 - 000945664 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2017-08-18 12:05 - 2017-08-01 20:43 - 000156672 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2017-08-18 12:05 - 2017-08-01 20:42 - 000775168 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2017-08-18 12:05 - 2017-08-01 20:41 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2017-08-18 12:05 - 2017-08-01 20:40 - 002716672 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-08-18 12:05 - 2017-08-01 20:40 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-18 12:05 - 2017-08-01 20:39 - 009129984 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-08-18 12:05 - 2017-08-01 20:39 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2017-08-18 12:05 - 2017-08-01 20:39 - 000353280 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2017-08-18 12:05 - 2017-08-01 20:39 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\ncryptprov.dll
2017-08-18 12:05 - 2017-08-01 20:38 - 001589760 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2017-08-18 12:05 - 2017-08-01 20:36 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2017-08-18 12:05 - 2017-08-01 20:33 - 004749824 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-08-18 12:05 - 2017-08-01 20:33 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\windowslivelogin.dll
2017-08-18 12:05 - 2017-08-01 20:33 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetails.dll
2017-08-18 12:05 - 2017-08-01 20:32 - 000821248 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll
2017-08-18 12:05 - 2017-08-01 20:30 - 002916864 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2017-08-18 12:05 - 2017-08-01 20:30 - 001643008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2017-08-18 12:05 - 2017-08-01 20:30 - 000305152 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-08-18 12:05 - 2017-08-01 20:28 - 001490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-18 12:05 - 2017-08-01 20:27 - 000716800 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2017-08-18 12:05 - 2017-08-01 20:25 - 001726976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2017-08-18 12:05 - 2017-08-01 20:23 - 003615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-08-18 12:05 - 2017-08-01 20:23 - 000886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-08-18 12:05 - 2017-07-12 08:16 - 000646688 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-08-18 12:05 - 2017-07-12 08:15 - 000101216 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-18 12:05 - 2017-07-12 08:14 - 001886896 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-18 12:05 - 2017-07-12 08:13 - 002253664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-08-18 12:05 - 2017-07-12 08:00 - 000223072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-18 12:05 - 2017-07-12 07:59 - 001100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-08-18 12:05 - 2017-07-12 07:59 - 000989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-08-18 12:05 - 2017-07-12 07:59 - 000947040 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2017-08-18 12:05 - 2017-07-12 07:55 - 004674872 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-08-18 12:05 - 2017-07-12 07:25 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2017-08-18 12:05 - 2017-07-12 07:24 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\dabapi.dll
2017-08-18 12:05 - 2017-07-12 07:23 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2017-08-18 12:05 - 2017-07-12 07:23 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\frprov.dll
2017-08-18 12:05 - 2017-07-12 07:22 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2017-08-18 12:05 - 2017-07-12 07:21 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2017-08-18 12:05 - 2017-07-12 07:21 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2017-08-18 12:05 - 2017-07-12 07:20 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2017-08-18 12:05 - 2017-07-12 07:19 - 000488960 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2017-08-18 12:05 - 2017-07-12 07:19 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2017-08-18 12:05 - 2017-07-12 07:19 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2017-08-18 12:05 - 2017-07-12 07:17 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2017-08-18 12:05 - 2017-07-12 07:16 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\profsvcext.dll
2017-08-18 12:05 - 2017-07-12 07:15 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-08-18 12:05 - 2017-07-12 07:13 - 001478656 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2017-08-18 12:05 - 2017-07-12 07:12 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2017-08-18 12:05 - 2017-07-12 07:12 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-08-18 12:05 - 2017-07-12 07:12 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2017-08-18 12:05 - 2017-07-12 07:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-08-18 12:05 - 2017-07-12 07:10 - 000927232 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2017-08-18 12:05 - 2017-07-12 07:09 - 003291136 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-08-18 12:05 - 2017-07-12 07:08 - 002861056 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-08-18 12:05 - 2017-07-12 07:07 - 000954880 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-08-18 12:05 - 2017-07-12 07:07 - 000629248 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-08-18 12:05 - 2017-07-12 07:06 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-08-18 12:05 - 2017-07-12 07:03 - 001692160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-08-18 12:05 - 2017-07-12 07:03 - 000826880 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-08-18 12:05 - 2017-07-12 07:02 - 000869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-08-18 12:05 - 2017-07-12 07:01 - 002279424 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-08-18 12:05 - 2017-07-12 06:59 - 006664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-08-18 12:05 - 2017-07-12 06:59 - 002318336 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-08-18 12:05 - 2017-07-12 06:59 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2017-08-18 12:05 - 2017-03-04 08:57 - 000372432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2017-08-18 12:05 - 2017-03-04 08:16 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\dialclient.dll
2017-08-18 11:31 - 2017-08-18 11:31 - 000003584 _____ C:\Users\Micke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-18 11:30 - 2017-08-18 12:13 - 000000000 ____D C:\Users\Micke\temp
2017-08-18 11:30 - 2017-08-18 11:34 - 000000000 ____D C:\Users\Micke\AppData\Local\Pinnacle
2017-08-18 11:30 - 2017-08-18 11:30 - 000000197 _____ C:\Users\Micke\AppData\Roaming\DESKTOP-BLBF82Q.MTBF.txt
2017-08-18 11:30 - 2017-08-18 11:30 - 000000000 ____D C:\Users\Micke\AppData\Local\Pinnacle_Studio_17
2017-08-18 11:18 - 2017-08-18 11:25 - 000002323 _____ C:\Users\Public\Desktop\Pinnacle Studio 17.lnk
2017-08-18 11:18 - 2017-08-18 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 17
2017-08-18 11:18 - 2017-08-18 11:19 - 000000000 ____D C:\Program Files (x86)\Pinnacle
2017-08-18 11:14 - 2017-08-18 11:18 - 000000000 ____D C:\ProgramData\Pinnacle
2017-08-18 10:56 - 2017-08-26 11:33 - 000002242 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-08-18 10:56 - 2017-08-18 10:56 - 000003114 _____ C:\Windows\System32\Tasks\ASC10_PerformanceMonitor
2017-08-18 10:56 - 2017-08-18 10:56 - 000002908 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_Micke
2017-08-18 10:56 - 2017-08-18 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-08-18 10:33 - 2017-08-18 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-08-17 09:51 - 2017-08-17 09:51 - 001721344 _____ C:\Windows\c5f92244d031f3762ada2036fa5533aa.exe
2017-08-17 09:51 - 2017-08-17 09:51 - 000037168 _____ C:\Windows\uninstaller.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-07 22:18 - 2017-03-03 12:37 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-09-07 21:38 - 2017-03-03 21:50 - 000004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B8610B8-0516-4386-A3F2-A5A01783DB48}
2017-09-07 18:57 - 2017-03-03 12:42 - 002455790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-07 18:57 - 2016-07-17 00:35 - 001021018 _____ C:\Windows\system32\perfh00A.dat
2017-09-07 18:57 - 2016-07-17 00:35 - 000244414 _____ C:\Windows\system32\perfc00A.dat
2017-09-07 18:52 - 2017-05-18 12:32 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-09-07 18:52 - 2017-03-03 15:11 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-07 18:52 - 2017-03-03 12:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-07 18:51 - 2017-07-09 11:49 - 000000000 ____D C:\Users\Micke\AppData\LocalLow\Temp
2017-09-07 18:51 - 2016-07-16 13:47 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-09-07 18:51 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-09-07 18:51 - 2016-07-16 08:04 - 013107200 _____ C:\Windows\system32\config\HARDWARE
2017-09-07 18:51 - 2016-07-16 08:04 - 000524288 _____ C:\Windows\system32\config\BBI
2017-09-07 16:55 - 2017-03-03 15:06 - 000000000 ____D C:\Users\Micke
2017-09-07 13:44 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\rescache
2017-09-07 13:17 - 2017-03-06 15:55 - 000005248 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-BLBF82Q-Micke DESKTOP-BLBF82Q
2017-09-07 11:15 - 2016-07-16 13:45 - 000000000 ____D C:\Windows\INF
2017-09-07 11:00 - 2017-03-03 15:06 - 000000000 ____D C:\Users\Micke\AppData\Local\Packages
2017-09-07 11:00 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-07 11:00 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\AppReadiness
2017-09-07 09:58 - 2017-03-03 18:38 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-07 09:51 - 2017-07-11 04:18 - 000000000 ____D C:\$WINDOWS.~BT
2017-09-07 09:51 - 2017-03-03 19:36 - 000000000 ____D C:\Windows\Panther
2017-09-07 09:38 - 2017-03-03 15:06 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-07 09:37 - 2017-05-24 12:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-07 09:37 - 2017-05-24 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-07 09:37 - 2017-03-03 12:37 - 005680800 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-07 09:36 - 2016-07-17 00:38 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\oobe
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\ShellExperiences
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\Provisioning
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\bcastdvr
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-07 09:36 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-07 08:46 - 2017-03-06 14:54 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-07 08:42 - 2017-03-03 21:41 - 000000000 ___RD C:\Users\Micke\Dropbox
2017-09-02 12:27 - 2017-03-03 19:06 - 000000000 ____D C:\ProgramData\ProductData
2017-09-02 10:39 - 2017-03-03 21:48 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-09-02 10:39 - 2017-03-03 21:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-02 10:32 - 2016-07-16 13:36 - 000000000 ____D C:\Windows\CbsTemp
2017-08-26 12:49 - 2017-05-24 12:23 - 000000000 ____D C:\Users\Micke\AppData\LocalLow\Mozilla
2017-08-26 12:22 - 2017-03-06 17:05 - 000000000 ____D C:\Users\Micke\AppData\Local\ElevatedDiagnostics
2017-08-21 18:04 - 2017-05-24 12:37 - 000000000 ____D C:\Users\Micke\AppData\Roaming\BitTorrent
2017-08-18 12:37 - 2017-06-01 13:30 - 000000000 ____D C:\Users\Micke\AppData\LocalLow\BitTorrent
2017-08-18 11:30 - 2017-05-01 21:03 - 000003322 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2017-08-18 11:26 - 2017-03-03 17:41 - 000000000 ____D C:\Windows\system32\MRT
2017-08-18 11:25 - 2017-03-03 17:41 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-18 11:13 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\NDF
2017-08-18 10:58 - 2017-03-03 17:09 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-08-18 10:56 - 2017-04-26 19:07 - 000000000 ____D C:\Program Files (x86)\IObit
2017-08-18 10:33 - 2017-04-26 19:07 - 000002496 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Micke
2017-08-18 10:33 - 2017-04-26 19:07 - 000001431 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-08-18 10:33 - 2017-04-26 19:07 - 000000310 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Micke.job
2017-08-18 10:33 - 2017-03-03 18:53 - 000000000 ____D C:\ProgramData\IObit

==================== Files in the root of some directories =======

2017-08-18 11:30 - 2017-08-18 11:30 - 000000197 _____ () C:\Users\Micke\AppData\Roaming\DESKTOP-BLBF82Q.MTBF.txt
2017-08-18 11:30 - 2017-08-18 12:13 - 000000672 _____ () C:\Users\Micke\AppData\Roaming\__AvidCloudManager.log
2017-08-18 11:30 - 2017-08-18 11:34 - 000001092 _____ () C:\Users\Micke\AppData\Roaming\__AvidCloudManagerPrevious.log
2017-04-26 18:08 - 2017-04-26 18:13 - 325407814 _____ () C:\Users\Micke\AppData\Local\ACCCx4_0_1_188.zip.aamdownload
2017-04-26 18:08 - 2017-04-26 18:13 - 000003630 _____ () C:\Users\Micke\AppData\Local\ACCCx4_0_1_188.zip.aamdownload.aamd
2017-08-18 11:31 - 2017-08-18 11:31 - 000003584 _____ () C:\Users\Micke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-22 18:49 - 2017-05-22 18:49 - 000000218 _____ () C:\Users\Micke\AppData\Local\recently-used.xbel
2017-05-29 10:06 - 2017-05-29 10:06 - 000000017 _____ () C:\Users\Micke\AppData\Local\resmon.resmoncfg
2017-09-07 08:58 - 2017-09-07 08:58 - 000000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-07 09:16

==================== End of FRST.txt ============================

Link to post
Share on other sites
  • Replies 163
  • Created
  • Last Reply

Top Posters In This Topic

RogueKiller V12.11.13.0 (x64) [Sep  4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Micke [Administrator]
Started from : f:\Data\Downloads\RogueKiller_portable64.exe
Mode : Scan -- Date : 09/07/2017 23:33:23 (Duration : 00:18:59)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 33 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\xs -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\AutoTime -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\Installer -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\SNDA -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\System Healer -> Found
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\UCBrowser -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\UCBrowserPID -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\AutoTime -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\Installer -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\SNDA -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\System Healer -> Found
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\UCBrowser -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\UCBrowserPID -> Found
[PUP.SwytShop] (X64) HKEY_USERS\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\SwytShop -> Found
[PUP.SwytShop] (X86) HKEY_USERS\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\SwytShop -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Found
[Adw.Yelloader] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vmaytuh : "C:\Users\Micke\AppData\Local\ntuserlitelist\vmaytuh\vmaytuh.exe" -starup [x] -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet001\Services\UCBrowserSvc ("C:\Program Files (x86)\UCBrowser\Application\UCService.exe") -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet002\Services\UCBrowserSvc ("C:\Program Files (x86)\UCBrowser\Application\UCService.exe") -> Found
[PUM.HomePage] (X64) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mozilla.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\RK_USUARIO_ON_L_5E1C\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mozilla.com/ -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DDF01F28-B156-4CAB-B79A-D28831C3DAEF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In) (USUARIO)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BD8EC7BD-243F-46F0-B1E1-0455F68103AE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-Out) (USUARIO)|Desc=Allow µTorrent network traffic| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C881B5DC-7FE7-4F67-A210-F5CF0DFF2A08} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In) (USUARIO)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {43679562-B7AE-40CA-892C-2509B2867F9F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (USUARIO)| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FCFFF45-9800-4735-BE93-5737511803A3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (USUARIO)| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C64AB75-77B0-4B4F-8F89-D98FFC759705} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-Out) (USUARIO)|Desc=Allow µTorrent network traffic| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DDF01F28-B156-4CAB-B79A-D28831C3DAEF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In) (USUARIO)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BD8EC7BD-243F-46F0-B1E1-0455F68103AE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-Out) (USUARIO)|Desc=Allow µTorrent network traffic| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C881B5DC-7FE7-4F67-A210-F5CF0DFF2A08} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In) (USUARIO)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {43679562-B7AE-40CA-892C-2509B2867F9F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (USUARIO)| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FCFFF45-9800-4735-BE93-5737511803A3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (USUARIO)| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_4905\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C64AB75-77B0-4B4F-8F89-D98FFC759705} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-Out) (USUARIO)|Desc=Allow µTorrent network traffic| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Adw.Yelloader][Folder] C:\Users\Micke\AppData\Local\ntuserlitelist -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] 0knd2vyl.default : user_pref("browser.startup.homepage", "http://www.bbc.co.uk/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725032VLA380 ATA Device +++++
--- User ---
[MBR] 4011c0a5ed567fe86c5843739afe9027
[BSP] 552e39f1515461950109f1902f784cd3 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TOSHIBA DT01ACA100 ATA Device +++++
--- User ---
[MBR] 8dea710877d0ee5b7670aae5ef23bdf7
[BSP] 3e11e1b1b7ab42232287469017668fcb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 353 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 724992 | Size: 953514 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SPCC Solid State Disk ATA Device +++++
--- User ---
[MBR] 5f0b32fdb3f2dd5d6607a83a65eff48a
[BSP] 59b3360ce20f297d8df377bbe300eab7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 142270 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 292397054 | Size: 86164 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic USB SD Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB CF Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic USB SM Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic USB MS Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

Link to post
Share on other sites

Yes tomorrow is good i`ll be online... Do the following:

Right click on RogueKiller.exe and select "Run as Administrator" to start the tool, accept UAC..

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes checkmark (tick) all of the found entries....

Hit the Delete button, when complete select "Open Report" in the next window select "Export txt" the log will open. Save to your Desktop for reference, also attach to next reply.
 
Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me see those logs in your reply.....

Kevin...

fixlist.txt

Link to post
Share on other sites

rk_65D9.tmp.txt

RogueKiller V12.11.13.0 (x64) [Sep  4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Micke [Administrator]
Started from : f:\Data\Downloads\RogueKiller_portable64.exe
Mode : Delete -- Date : 09/08/2017 08:35:08 (Duration : 00:18:18)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 33 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\xs -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\AutoTime -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\Installer -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\SNDA -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\System Healer -> Deleted
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\UCBrowser -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\UCBrowserPID -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\AutoTime -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\Installer -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\SNDA -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\System Healer -> Deleted
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\UCBrowser -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\UCBrowserPID -> Deleted
[PUP.SwytShop] (X64) HKEY_USERS\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\SwytShop -> Deleted
[PUP.SwytShop] (X86) HKEY_USERS\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\SwytShop -> Deleted
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Deleted
[Adw.Yelloader] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vmaytuh : "C:\Users\Micke\AppData\Local\ntuserlitelist\vmaytuh\vmaytuh.exe" -starup [x] -> ERROR [5]
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet001\Services\UCBrowserSvc ("C:\Program Files (x86)\UCBrowser\Application\UCService.exe") -> Deleted
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet002\Services\UCBrowserSvc ("C:\Program Files (x86)\UCBrowser\Application\UCService.exe") -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mozilla.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_USUARIO_ON_L_B743\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mozilla.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DDF01F28-B156-4CAB-B79A-D28831C3DAEF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In) (USUARIO)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BD8EC7BD-243F-46F0-B1E1-0455F68103AE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-Out) (USUARIO)|Desc=Allow µTorrent network traffic| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C881B5DC-7FE7-4F67-A210-F5CF0DFF2A08} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In) (USUARIO)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {43679562-B7AE-40CA-892C-2509B2867F9F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (USUARIO)| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FCFFF45-9800-4735-BE93-5737511803A3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (USUARIO)| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C64AB75-77B0-4B4F-8F89-D98FFC759705} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-Out) (USUARIO)|Desc=Allow µTorrent network traffic| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DDF01F28-B156-4CAB-B79A-D28831C3DAEF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In) (USUARIO)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BD8EC7BD-243F-46F0-B1E1-0455F68103AE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-Out) (USUARIO)|Desc=Allow µTorrent network traffic| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C881B5DC-7FE7-4F67-A210-F5CF0DFF2A08} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In) (USUARIO)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {43679562-B7AE-40CA-892C-2509B2867F9F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (USUARIO)| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FCFFF45-9800-4735-BE93-5737511803A3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (USUARIO)| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_E5F2\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C64AB75-77B0-4B4F-8F89-D98FFC759705} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\USUARIO\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-Out) (USUARIO)|Desc=Allow µTorrent network traffic| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Adw.Yelloader][Folder] C:\Users\Micke\AppData\Local\ntuserlitelist -> Deleted
[Adw.Yelloader][Folder] C:\Users\Micke\AppData\Local\ntuserlitelist\regtool -> Deleted
[Adw.Yelloader][Folder] C:\Users\Micke\AppData\Local\ntuserlitelist\vmaytuh -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] 0knd2vyl.default : user_pref("browser.startup.homepage", "http://www.bbc.co.uk/"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725032VLA380 ATA Device +++++
--- User ---
[MBR] 4011c0a5ed567fe86c5843739afe9027
[BSP] 552e39f1515461950109f1902f784cd3 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TOSHIBA DT01ACA100 ATA Device +++++
--- User ---
[MBR] 8dea710877d0ee5b7670aae5ef23bdf7
[BSP] 3e11e1b1b7ab42232287469017668fcb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 353 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 724992 | Size: 953514 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SPCC Solid State Disk ATA Device +++++
--- User ---
[MBR] 5f0b32fdb3f2dd5d6607a83a65eff48a
[BSP] 59b3360ce20f297d8df377bbe300eab7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 142270 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 292397054 | Size: 86164 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic USB SD Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB CF Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic USB SM Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic USB MS Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not support

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Micke (08-09-2017 09:11:40) Run:2
Running from F:\Data\Desktop\New folder
Loaded Profiles: Micke (Available Profiles: defaultuser0 & Micke)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Reg: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
Reg: reg query HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
end

 

 

*****************


========= reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates =========

 


========= End of Reg: =========


========= reg query HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates =========

 


========= End of Reg: =========


==== End of Fixlog 09:11:40 ====

Link to post
Share on other sites

It's just downloaded the latest database but when I click scan it says DDA driver not loaded

 

It was the anti-root kit Version 1.09.4.1001 I haven´t restarted just left it and it now says initializing.

Edited by Mikey1
Link to post
Share on other sites

Usually when dda driver will not load you will get the option to restart your PC so the driver can load at boot, does the following happen:

Quote

With some infections, you may or may not see this message box.

'Could not load DDA driver'

Click 'Yes' to this message, to allow the driver to load after a restart.

Link to post
Share on other sites

Hiya Mike,

I`ve created a script for you to run FRST via the recovery environment, maybe you can print this off to make it easier to follow during the process....

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Boot your PC, at the Desktop select the start Flag (bottom lefthand corner of screen)

Hold down the "Shift key" of your keyboard, keep it down and select "Restart"


user posted image


Your PC should open to the "Choose an Option" window.... release shift key.


user posted image


From that window select "Troubleshoot"


user posted image



From the next window select "Advance Options"


user posted image


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter. Please Note: Replace letter E with the drive letter of your flash drive. <<<----vey important
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. You will need to boot back to Normal windows to post the log, or if applicable do that action from a spare PC...
  • To boot back to windows, type exit at the prompt and hit enter
  • Please copy and paste or attach FRST log to your reply.


Thanks,

Kevin...
Link to post
Share on other sites

I`ve done this same procedure for another guy I was helping, it worked ok. I`ve just done it on my own laptop with windows 10, it worked ok... If the shift key is held from a normal boot it will not work. The shift key method only works when restart is selected from a live system

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.