Jump to content

Rootkit/Virus Issues


Recommended Posts

Had some viruses I'm trying to clean up.  I got rid of a good amount of them running the Malwarebytes but it seems there are still some issues.  When I try to run MBAR I get an error stating "DDA driver was not installed which may be caused by rootkit activity."  If I tell MBAR to install the DDA driver it fails.  The same issue pops up with MBAM if I select the check for rootkit option.  

I would add that I attempted to run Zemana, Tdsskiller, and Hitmanpro all of which give the "The requested resource is in use" error.

I'm posting this topic because all of my research leads to fixing the resource error by using MBAR, which itself isn't working.  And advice would be greatly appreciated!

Link to post
Share on other sites

Here are my FRST logs...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-10-2017
Ran by Administrator (administrator) on LAPTOP (01-10-2017 20:57:52)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\Temp\mskabhvsrv.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_7.0.3.1.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X8\Programs\QFSCHD180.EXE [235688 2016-04-11] (Corel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-591282506-4025843349-1776727890-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [40257336 2017-08-31] ()
HKU\S-1-5-21-591282506-4025843349-1776727890-500\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2017-08-14] (BitTorrent, Inc.)
HKU\S-1-5-21-591282506-4025843349-1776727890-500\...\MountPoints2: {1c4a675c-80ba-11e7-9856-bc0389c4e161} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-591282506-4025843349-1776727890-500\...\MountPoints2: {7c064895-8176-11e7-957e-00235ad66ee3} - V:\SETUP.EXE
HKU\S-1-5-21-591282506-4025843349-1776727890-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.14.188.85
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5FC4E304-3F2A-4A85-BFDD-50E802513C95}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E6C46C96-387B-4CB4-A706-1723A16AE978}: [DhcpNameServer] 10.14.188.85

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-10-01]
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-13]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-14]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-14]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-14]
CHR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-01]
CHR Extension: (Google Play Music) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-10-01]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-14]
CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2017-09-24]
CHR Extension: (Imagus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-10-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-09-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-01]
CHR Extension: (Flash Blocker Strict) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opbkpfcicbflpiijbbdfeemknphkplib [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-14]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-01]
CHR HKU\S-1-5-21-591282506-4025843349-1776727890-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711248 2017-02-20] (Lenovo.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 acunrtl; C:\Windows\System32\drivers\thawmgm.sys [79064 2017-10-01] (Malwarebytes)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-09-27] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [140672 2016-03-10] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-10-01] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-10-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S4 ooljyug; C:\Windows\System32\drivers\gjka.sys [79064 2017-10-01] (Malwarebytes)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-10-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-10-01] (Zemana Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-01 20:46 - 2017-10-01 20:46 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-10-01 20:46 - 2017-10-01 20:46 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-10-01 20:46 - 2017-10-01 20:46 - 000001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-10-01 20:46 - 2017-10-01 20:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-10-01 20:46 - 2017-10-01 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-10-01 20:46 - 2017-10-01 20:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-10-01 20:42 - 2017-10-01 20:42 - 000116048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdiknrux.sys
2017-10-01 20:38 - 2017-10-01 20:38 - 006625600 _____ (Zemana Ltd. ) C:\Users\Administrator\Downloads\Zemana.AntiMalware.Setup.exe
2017-10-01 19:55 - 2017-10-01 19:55 - 000079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\gjka.sys
2017-10-01 19:46 - 2017-10-01 19:46 - 000019230 _____ C:\Users\Administrator\Downloads\Fixlog.txt
2017-10-01 19:44 - 2017-10-01 20:26 - 000000000 ____D C:\ProgramData\RogueKiller
2017-10-01 19:44 - 2017-10-01 19:44 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-10-01 19:41 - 2017-10-01 19:43 - 026704968 _____ C:\Users\Administrator\Downloads\RogueKiller_portable64.exe
2017-10-01 19:41 - 2017-10-01 19:41 - 000037777 _____ C:\Users\Administrator\Downloads\Addition.txt
2017-10-01 19:41 - 2017-10-01 19:41 - 000034515 _____ C:\Users\Administrator\Downloads\Shortcut.txt
2017-10-01 19:39 - 2017-10-01 20:58 - 000015026 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-10-01 19:39 - 2017-10-01 20:57 - 000000000 ____D C:\FRST
2017-10-01 19:38 - 2017-10-01 19:38 - 002399744 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-10-01 19:33 - 2017-10-01 20:43 - 000003244 _____ C:\Windows\System32\Tasks\IORRT
2017-10-01 19:31 - 2017-10-01 19:31 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Administrator\Downloads\tdsskiller.exe
2017-10-01 19:20 - 2017-10-01 20:44 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-10-01 19:20 - 2017-10-01 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-01 19:17 - 2017-10-01 19:17 - 000001556 _____ C:\Windows\Tasks\Serial iPhone Video Converter.job
2017-10-01 19:13 - 2017-10-01 19:13 - 000079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\thawmgm.sys
2017-10-01 19:02 - 2017-10-01 19:02 - 000001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-10-01 19:02 - 2017-10-01 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-10-01 19:01 - 2017-10-01 19:02 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-10-01 19:00 - 2017-10-01 19:00 - 000000000 ____D C:\Users\Administrator\Downloads\mbam-chameleon-3.1.33.0
2017-10-01 18:59 - 2017-10-01 19:00 - 006705178 _____ C:\Users\Administrator\Downloads\mbam-chameleon-3.1.33.0.zip
2017-10-01 18:48 - 2017-10-01 19:36 - 000000000 ____D C:\Users\Administrator\Desktop\mbar
2017-10-01 18:47 - 2017-10-01 18:48 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.3.1001.exe
2017-10-01 18:44 - 2017-10-01 18:35 - 011584088 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\hitmanpro_x64 - Copy.exe
2017-10-01 18:34 - 2017-10-01 18:35 - 011584088 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\hitmanpro_x64.exe
2017-10-01 18:32 - 2017-10-01 18:32 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill64.exe
2017-10-01 18:09 - 2017-10-01 18:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\88ea677563604e19b7efffd2104d0eb4
2017-10-01 18:09 - 2017-10-01 18:25 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\37676ae2825947bc9e59d9ed63154359
2017-10-01 18:09 - 2017-10-01 18:25 - 000000000 ____D C:\ProgramData\2014330ee10049f283040599bb8b92ef
2017-10-01 17:51 - 2017-10-01 20:56 - 000000000 ____D C:\AdwCleaner
2017-10-01 17:50 - 2017-10-01 17:50 - 008250832 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_7.0.3.1.exe
2017-10-01 17:46 - 2017-10-01 19:45 - 000003576 _____ C:\Users\Administrator\Desktop\Rkill.txt
2017-10-01 17:45 - 2017-10-01 17:45 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2017-10-01 17:41 - 2017-10-01 18:53 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-01 17:41 - 2016-03-10 14:09 - 000064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-10-01 17:41 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-10-01 17:40 - 2017-10-01 17:40 - 000000000 ____D C:\Windows\system32\appmgmt
2017-10-01 17:40 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-01 17:39 - 2017-10-01 19:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-01 17:39 - 2017-10-01 17:39 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-01 17:39 - 2017-10-01 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-01 17:39 - 2017-10-01 17:39 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-01 17:39 - 2017-09-27 09:37 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-01 17:36 - 2017-10-01 17:39 - 071089112 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.207-1.0.2899.exe
2017-10-01 17:35 - 2017-10-01 18:46 - 000000000 ____D C:\Program Files\uniyuaw
2017-10-01 17:32 - 2017-10-01 17:32 - 000024576 _____ C:\Users\Administrator\AppData\Local\vmmkey.dll
2017-10-01 17:31 - 2017-10-01 20:29 - 000000258 __RSH C:\Users\Administrator\ntuser.pol
2017-10-01 17:31 - 2017-10-01 18:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\9abc96dea3c44b498fa2b1e9e4dab096
2017-10-01 17:31 - 2017-10-01 17:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\9b320484d9394635893ec316bd3cfaef
2017-10-01 17:29 - 2017-10-01 17:29 - 002724107 _____ C:\Users\Administrator\Downloads\Unconfirmed 305218.crdownload
2017-10-01 17:24 - 2017-10-01 18:46 - 000000000 ____D C:\Program Files (x86)\U7QFuEmtbKen
2017-10-01 17:24 - 2017-10-01 17:24 - 000021540 _____ C:\Windows\System32\Tasks\U7QFuEmtbKen
2017-10-01 17:19 - 2017-10-01 17:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\NetBoxLogs
2017-10-01 17:17 - 2017-10-01 17:17 - 000000000 ____H C:\Windows\system32\BITAF19.tmp
2017-10-01 17:15 - 2017-10-01 19:17 - 000016770 _____ C:\Windows\System32\Tasks\Serial iPhone Video Converter
2017-10-01 17:15 - 2017-10-01 17:15 - 000004024 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_BA
2017-10-01 17:14 - 2017-10-01 20:29 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-10-01 17:14 - 2017-10-01 18:30 - 000000000 ____D C:\ProgramData\76a0bf516e414a55b3d5503aa4a611b6
2017-10-01 17:14 - 2017-10-01 17:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\b040ffd1448f438e8878b4ba52657f96
2017-10-01 17:14 - 2017-10-01 17:14 - 000004024 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KJ
2017-10-01 17:14 - 2017-10-01 17:14 - 000000000 ____D C:\Windows\SysWOW64\lsaavni
2017-10-01 17:14 - 2017-10-01 17:14 - 000000000 ____D C:\Windows\system32\lsaavni
2017-10-01 17:12 - 2017-10-01 17:12 - 000003068 _____ C:\Windows\System32\Tasks\Hybrid
2017-10-01 17:12 - 2017-10-01 17:12 - 000000000 ___HD C:\IORRT
2017-10-01 17:10 - 2017-10-01 17:10 - 000008427 _____ C:\Users\Administrator\Downloads\IORRT 3.5.cmd
2017-10-01 17:07 - 2017-10-01 17:07 - 000000517 _____ C:\Users\Administrator\Downloads\office2010toolkit_dea-145.torrent
2017-10-01 17:05 - 2017-10-01 17:11 - 018988584 _____ C:\Users\Administrator\Downloads\Unconfirmed 554883.crdownload
2017-09-29 01:41 - 2017-09-29 01:41 - 000595968 _____ C:\Windows\ac40289794149e333f889e595b4ddb30.exe
2017-09-29 01:41 - 2017-09-29 01:41 - 000051644 _____ C:\Windows\uninstaller.dat
2017-09-15 18:35 - 2017-09-15 18:43 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2017-09-13 21:51 - 2017-09-13 21:51 - 000119859 _____ C:\Users\Administrator\Desktop\Ex.B.pdf
2017-09-13 21:51 - 2017-09-13 21:51 - 000072076 _____ C:\Users\Administrator\Desktop\Reservation.pdf
2017-09-13 21:51 - 2017-09-13 21:51 - 000055709 _____ C:\Users\Administrator\Desktop\Declaration.JM.Ex.Parte.wpd
2017-09-13 21:50 - 2017-09-13 21:50 - 000042741 _____ C:\Users\Administrator\Desktop\Proposed.Order.Ex.Parte.wpd
2017-09-13 21:48 - 2017-09-13 21:48 - 000053548 _____ C:\Users\Administrator\Desktop\Ex.Parte.Shorten.Time.wpd
2017-09-13 21:47 - 2017-09-13 21:47 - 000145038 _____ C:\Users\Administrator\Desktop\ACFrOgBFTbp72sGGHOksgXW4YQQmwDWlG_3aWlVZNEhRmZu4EIySkFrI8x6J-kpTQfeCQWHlOdVGrymax0s69NpEQ9aZTrZExyQbDjoWR9zqfq2tdFgYo8Ea0a9hCWo=.pdf
2017-09-13 21:47 - 2017-09-13 21:47 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-09-13 08:37 - 2017-08-19 08:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 08:37 - 2017-08-19 08:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 08:37 - 2017-08-16 08:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-13 08:37 - 2017-08-16 08:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-13 08:37 - 2017-08-16 07:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 08:37 - 2017-08-15 18:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-13 08:37 - 2017-08-15 17:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 08:37 - 2017-08-15 08:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 08:37 - 2017-08-15 08:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 08:37 - 2017-08-15 07:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-13 08:37 - 2017-08-15 07:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-13 08:37 - 2017-08-15 07:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-13 08:37 - 2017-08-15 07:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-13 08:37 - 2017-08-15 06:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-13 08:37 - 2017-08-14 10:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-13 08:37 - 2017-08-14 10:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-13 08:37 - 2017-08-14 10:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-13 08:37 - 2017-08-14 10:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-13 08:37 - 2017-08-14 10:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-13 08:37 - 2017-08-14 10:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-13 08:37 - 2017-08-14 10:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-13 08:37 - 2017-08-14 10:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-13 08:37 - 2017-08-13 14:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-13 08:37 - 2017-08-13 14:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-13 08:37 - 2017-08-13 11:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-13 08:37 - 2017-08-13 10:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-13 08:37 - 2017-08-13 10:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-13 08:37 - 2017-08-13 10:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-13 08:37 - 2017-08-13 10:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-13 08:37 - 2017-08-13 10:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-13 08:37 - 2017-08-13 10:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-13 08:37 - 2017-08-13 09:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-13 08:37 - 2017-08-13 09:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-13 08:37 - 2017-08-13 09:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-13 08:37 - 2017-08-13 09:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-13 08:37 - 2017-08-13 09:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-13 08:37 - 2017-08-13 09:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-13 08:37 - 2017-08-13 09:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-13 08:37 - 2017-08-13 09:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-13 08:37 - 2017-08-13 09:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-13 08:37 - 2017-08-13 09:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-13 08:37 - 2017-08-13 09:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-13 08:37 - 2017-08-13 09:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-13 08:37 - 2017-08-13 09:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-13 08:37 - 2017-08-13 09:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-13 08:37 - 2017-08-13 09:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-13 08:37 - 2017-08-13 09:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-13 08:37 - 2017-08-13 09:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-13 08:37 - 2017-08-13 09:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 08:37 - 2017-08-13 09:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-13 08:37 - 2017-08-13 09:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-13 08:37 - 2017-08-13 09:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-13 08:37 - 2017-08-13 09:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-13 08:37 - 2017-08-13 09:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-13 08:37 - 2017-08-13 09:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-13 08:37 - 2017-08-13 09:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-13 08:37 - 2017-08-13 09:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-13 08:37 - 2017-08-13 09:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-13 08:37 - 2017-08-13 09:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-13 08:37 - 2017-08-13 09:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-13 08:37 - 2017-08-13 09:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-13 08:37 - 2017-08-13 09:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-13 08:37 - 2017-08-13 09:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-13 08:37 - 2017-08-13 09:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-13 08:37 - 2017-08-13 09:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-13 08:37 - 2017-08-13 09:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-13 08:37 - 2017-08-13 09:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-13 08:37 - 2017-08-13 09:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-13 08:37 - 2017-08-13 08:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-13 08:37 - 2017-08-13 08:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-13 08:37 - 2017-08-13 08:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-13 08:37 - 2017-08-13 08:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-13 08:37 - 2017-08-13 08:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-13 08:37 - 2017-08-13 08:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 08:37 - 2017-08-13 08:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-13 08:37 - 2017-08-13 08:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-13 08:37 - 2017-08-13 08:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-13 08:37 - 2017-08-13 08:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-13 08:37 - 2017-08-13 08:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-13 08:37 - 2017-08-10 23:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-13 08:37 - 2017-08-10 23:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 08:37 - 2017-08-10 23:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-13 08:37 - 2017-08-10 23:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-13 08:37 - 2017-08-10 23:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-13 08:37 - 2017-08-10 23:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 08:37 - 2017-08-10 23:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-13 08:37 - 2017-08-10 23:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 08:37 - 2017-08-10 23:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 08:37 - 2017-08-10 23:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-13 08:37 - 2017-08-10 23:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-13 08:37 - 2017-08-10 23:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-13 08:37 - 2017-08-10 23:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-13 08:37 - 2017-08-10 23:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 08:37 - 2017-08-10 23:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 08:37 - 2017-08-10 23:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-13 08:37 - 2017-08-10 23:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-13 08:37 - 2017-08-10 23:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 08:37 - 2017-08-10 23:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-13 08:37 - 2017-08-10 23:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 08:37 - 2017-08-10 23:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 08:37 - 2017-08-10 23:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-13 08:37 - 2017-08-10 23:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-13 08:37 - 2017-08-10 23:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-13 08:37 - 2017-08-10 23:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 08:37 - 2017-08-10 22:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 08:37 - 2017-08-10 22:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 08:37 - 2017-07-07 08:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-13 08:37 - 2017-07-07 08:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-13 08:36 - 2017-08-15 08:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-13 08:36 - 2017-08-15 08:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-13 08:36 - 2017-08-13 10:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-13 08:36 - 2017-08-13 10:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-13 08:36 - 2017-08-13 09:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-13 08:36 - 2017-08-13 09:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-13 08:36 - 2017-08-13 08:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-13 08:36 - 2017-08-13 08:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-13 08:36 - 2017-08-10 23:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-09-13 08:36 - 2017-08-10 23:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-13 08:36 - 2017-08-10 23:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-13 08:36 - 2017-08-10 23:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 23:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-13 08:36 - 2017-08-10 23:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-13 08:36 - 2017-08-10 23:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 08:36 - 2017-08-10 23:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-13 08:36 - 2017-08-10 23:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 08:36 - 2017-08-10 23:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-13 08:36 - 2017-08-10 23:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-13 08:36 - 2017-08-10 23:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-13 08:36 - 2017-08-10 23:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-13 08:36 - 2017-08-10 23:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-13 08:36 - 2017-08-10 23:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-13 08:36 - 2017-08-10 23:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-13 08:36 - 2017-08-10 22:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-13 08:36 - 2017-08-10 22:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-13 08:36 - 2017-08-10 22:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-13 08:36 - 2017-08-10 22:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-13 08:36 - 2017-08-10 22:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-13 08:36 - 2017-08-10 22:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-13 08:36 - 2017-08-10 22:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-13 08:36 - 2017-08-10 22:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-13 08:36 - 2017-08-10 22:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-13 08:36 - 2017-08-10 22:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-13 08:36 - 2017-08-10 22:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-13 08:36 - 2017-08-10 22:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 22:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 22:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 08:36 - 2017-08-10 22:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-11 22:52 - 2017-09-13 21:47 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\foobar2000
2017-09-11 09:25 - 2017-09-11 09:25 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2017-09-11 09:25 - 2017-09-11 09:25 - 000000000 ____D C:\Users\Default User\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-01 20:58 - 2009-07-13 19:34 - 014155776 _____ C:\Windows\system32\config\HARDWARE
2017-10-01 20:53 - 2017-08-14 22:18 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent
2017-10-01 20:52 - 2009-07-13 21:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-01 20:52 - 2009-07-13 21:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-01 20:49 - 2009-07-13 22:13 - 000785366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-01 20:49 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-10-01 20:45 - 2017-08-14 19:52 - 000000000 ___RD C:\Users\Administrator\Google Drive
2017-10-01 20:43 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-01 20:29 - 2017-08-13 23:18 - 000000000 ____D C:\Users\Administrator
2017-10-01 19:17 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Serial iPhone Video Converter
2017-10-01 18:30 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Ultimate Tracker Manager
2017-10-01 18:30 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\FTP Library for DB
2017-10-01 18:30 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Aquest Studio Barcode
2017-10-01 18:29 - 2017-08-13 23:18 - 000001042 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-01 18:05 - 2017-08-13 23:59 - 000002171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-01 17:14 - 2009-07-13 20:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-10-01 17:13 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\MSBuild
2017-09-30 11:20 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-24 16:23 - 2017-08-13 23:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-09-22 19:30 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2017-09-15 07:13 - 2009-07-13 21:45 - 000483912 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-15 00:07 - 2017-08-14 00:56 - 000000000 ____D C:\Windows\system32\MRT
2017-09-15 00:03 - 2017-08-14 00:56 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-14 23:55 - 2017-08-14 01:36 - 000778008 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-13 21:48 - 2009-07-13 22:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-09-11 09:25 - 2017-08-14 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-09-03 13:38 - 2017-08-14 21:05 - 000000000 ____D C:\Program Files (x86)\xMage

==================== Files in the root of some directories =======

2017-10-01 17:32 - 2017-10-01 17:32 - 000024576 _____ () C:\Users\Administrator\AppData\Local\vmmkey.dll

Some files in TEMP:
====================
2017-10-01 17:19 - 2017-10-01 17:16 - 000824312 _____ () C:\Users\Administrator\AppData\Local\Temp\3D3.tmp.exe
2017-10-01 17:26 - 2017-10-01 17:16 - 000824312 _____ () C:\Users\Administrator\AppData\Local\Temp\5A3C.tmp.exe
2017-10-01 17:49 - 2017-10-01 17:16 - 000824312 _____ () C:\Users\Administrator\AppData\Local\Temp\8A7.tmp.exe
2017-10-01 17:22 - 2017-10-01 17:16 - 000824312 _____ () C:\Users\Administrator\AppData\Local\Temp\95E4.tmp.exe
2017-10-01 17:18 - 2017-10-01 17:18 - 002547712 _____ () C:\Users\Administrator\AppData\Local\Temp\a72noKTzCmhy.exe
2017-10-01 18:11 - 2017-10-01 18:00 - 000799736 _____ () C:\Users\Administrator\AppData\Local\Temp\B49E.tmp.exe
2017-10-01 19:44 - 2017-08-10 23:36 - 001732864 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
2017-10-01 17:17 - 2017-10-01 17:18 - 064938720 _____ (Kometa LCC) C:\Users\Administrator\AppData\Local\Temp\FGao5WKr6CoR.exe
2017-10-01 17:11 - 2017-10-01 17:11 - 002598616 _____ () C:\Users\Administrator\AppData\Local\Temp\l2Pn2bNJjhBd.exe
2011-03-14 05:31 - 2011-03-14 05:31 - 000149352 ____R (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
2017-09-15 18:38 - 2017-09-15 18:38 - 001042784 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\PidGenX.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-22 19:23

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2017
Ran by Administrator (01-10-2017 20:59:28)
Running from C:\Users\Administrator\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-08-14 06:15:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-591282506-4025843349-1776727890-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-591282506-4025843349-1776727890-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Backup and Sync from Google (HKLM-x32\...\{9AC75ED0-A54A-4AEA-9563-87572879D91C}) (Version: 3.36.6721.3394 - Google, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
foobar2000 v1.3.16 (HKLM-x32\...\foobar2000) (Version: 1.3.16 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IPM_Common_x86 (HKLM-x32\...\{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.1 - Your Company Name) Hidden
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.5 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.5 - Corel Corporation)
WordPerfect Office X8 - Common Files (HKLM-x32\...\{42428570-D010-4FC6-BD19-02D443418372}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - IPM Content TBYB  (HKLM-x32\...\{39D42D80-E7FA-445C-A6A0-0D90BF66D715}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - IPM TBYB (HKLM-x32\...\{0142A22B-3F10-4034-AC51-01B86449F89C}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - Lightning Files (HKLM-x32\...\{070A4546-460D-4B5D-BEEB-22F9BDC0CF6A}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - Oxford (HKLM-x32\...\{CC0E11EC-EE17-4351-9523-FDF15CDE36DB}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - Presentations Files (HKLM-x32\...\{56046687-93A2-420F-BC32-472A7BE02C78}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - Quattro Pro Files (HKLM-x32\...\{C6EA41FF-5BC2-4035-A08E-A66B3084EDCE}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - Setup Files (HKLM-x32\...\{8F19BD38-2FAE-4383-95F5-20FB54A647FC}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - System Files (HKLM-x32\...\{1E20010F-6730-4511-B1BA-66E5032A5860}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - WordPerfect Files (HKLM-x32\...\{31A0E52F-CA1A-4BAF-AD4F-F40A2BEE9FA7}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - WPD format Props x64 (HKLM\...\{5E7A9D3D-7A1B-4F4E-B4E4-74E3BCD28E77}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 - WT (HKLM-x32\...\{DF751A12-329C-4963-BCE7-14C8265167E6}) (Version: 18.0 -  Corel Corporation) Hidden
WordPerfect Office X8 (HKLM-x32\...\_{8F19BD38-2FAE-4383-95F5-20FB54A647FC}) (Version: 18.0.0.200 - Corel Corporation)
WordPerfect Office X8 (HKLM-x32\...\{0BC87715-8C0B-4C9C-BF95-36A463B7A96C}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 (HKLM-x32\...\{2067216B-D56E-4717-AB2C-38FBE8DB3FC3}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 (HKLM-x32\...\{21D49A11-15ED-43F3-97D6-1C5B73F70F21}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 (HKLM-x32\...\{7C6905CE-F10B-4629-8A5D-602BE91CCBB3}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 (HKLM-x32\...\{B2BCF349-C7C0-4C02-8803-0191F9D83C7A}) (Version: 18.0 - Corel Corporation) Hidden
WordPerfect Office X8 (HKLM-x32\...\{E292E6B0-C84D-4C47-A61E-7C42540C4ECF}) (Version: 18.0 - Corel Corporation) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-01] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {72faaca8-f0ae-4638-868a-4a786f23c60c} => c:\Program Files (x86)\Corel\WordPerfect Office X8\Programs\PFSE180.DLL [2016-04-11] (Corel Corporation)
ContextMenuHandlers2-x32: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {72faaca8-f0ae-4638-868a-4a786f23c60c} => c:\Program Files (x86)\Corel\WordPerfect Office X8\Programs\PFSE180.DLL [2016-04-11] (Corel Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-01] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime =>  [Argument = start w32time task_started]
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 =>  [Argument = ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem]
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 =>  [Argument = ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem]
Task: {13A83CC2-29F9-4E10-AE2F-A72BFA861709} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot =>  [Argument = /DoReindexSearchRoot]
Task: {17B32566-457F-467D-A881-71EEF4CDFA24} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery =>  [Argument = /PBDADiscovery]
Task: {188982DD-4A1B-49BC-BAA8-5108E56D6B37} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 =>  [Argument = /wait:90 /PBDADiscovery]
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification =>  [Argument = /CONFIGNOTIFICATION]
Task: {34D797DB-68A7-4976-85C0-EBFC7C9C1255} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady =>  [Argument = /InstallPlayReady $(Arg0)]
Task: {3774FA72-1419-4BEB-9807-78CB8EBCF559} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver =>  
Task: {4F2F37E9-941E-4983-81F1-FEEB8EF15F7E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =>  [Argument = -ObjectStoreRecoveryTask]
Task: {539A83F8-B35F-485D-AB78-BBA38A1C93BC} - System32\Tasks\GoogleUpdateSecurityTaskMachine_BA =>   <==== ATTENTION
Task: {58C1DDD7-AFBD-42FF-92F9-FB123C201D2E} - System32\Tasks\CorelUpdateHelperTaskCore =>  [Argument = /t]
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig =>  [Argument = config upnphost start= auto]
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag =>  [Argument = -c]
Task: {5F9BFFA8-668E-47D7-92A6-6C919515C4A2} - System32\Tasks\Hybrid =>  
Task: {666FA48D-D235-47AC-B2D8-9EABD7D3776B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan =>  [Argument = Scan -ScheduleJob -RestrictPrivileges]
Task: {6692467A-80C3-4E8C-9D03-022963DD447B} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater =>  [Argument = -maintenance]
Task: {6D89CC38-5564-487C-BC1D-62D14CD4E772} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask =>  [Argument = -PvrSchedule]
Task: {71C7DF4C-CAAF-402D-95E7-DFD387F4AFEB} - System32\Tasks\GoogleUpdateTaskMachineCore =>  [Argument = /c] <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck =>  
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary =>  
Task: {75A1A6BA-47BB-42D7-BB4A-AC1AB0D0EB4F} - System32\Tasks\IORRT =>  
Task: {7EDFD1B4-FFD3-40BC-B44B-527509E96308} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit =>  [Argument = /DRMInit]
Task: {80B93AB3-3B3A-43C4-9F9E-3B804A69BED2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery =>  [Argument = /OCURDiscovery $(Arg0)]
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo =>  
Task: {856C4FB7-111F-461A-B55D-810B1DCD1D3F} - System32\Tasks\GoogleUpdateSecurityTaskMachine_KJ =>   <==== ATTENTION
Task: {897EB25C-73D6-4AFD-AAC9-E381E589056C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks =>  [Argument = /DoRecoveryTasks $(Arg0)]
Task: {97DD2ED6-C658-4024-BE13-51DF7DB59121} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask =>  [Argument = -SqlLiteRecoveryTask]
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR =>  [Argument = /d srrstr.dll,ExecuteScheduledSPPCreation]
Task: {9A04DFB7-A24B-4AA0-8BE8-2360B13ECCFB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate =>  [Argument = /OCURActivate]
Task: {A0B1D058-5D2C-4D88-BAA0-D157A0164070} - System32\Tasks\Adobe Acrobat Update Task =>  
Task: {A2913658-D22F-4232-9C84-CD609883E7CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 =>  [Argument = /wait:7 /PBDADiscovery]
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter =>  
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications =>  
Task: {AA921D80-390D-4CFF-9DD9-C4A666D6869A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =>  [Argument = -MediaCenterRecoveryTask]
Task: {AB06DE70-B3B7-43C4-A0E2-9C62843BB031} - System32\Tasks\GoogleUpdateTaskMachineUA =>  [Argument = /ua /installsource scheduler] <==== ATTENTION
Task: {AC18C183-113E-494E-BF5A-27FCF281D787} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch =>  [Argument = /DoActivateWindowsSearch]
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent =>  
Task: {AD93ABF3-93DF-4624-9518-F297050D34EA} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline =>  [Argument = /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"]
Task: {B019AABF-476C-4D16-BBBC-1E7B6722A348} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry =>  [Argument = -pscn 0]
Task: {B315F8BC-69CD-4A17-9965-7C89DB99BB86} - System32\Tasks\U7QFuEmtbKen =>  [Argument = /Scheduled]
Task: {BF6C305D-C677-4ADF-9F5A-226FBB439072} - System32\Tasks\Serial iPhone Video Converter =>  [Argument = "C:\Program Files\Serial iPhone Video Converter\Serial iPhone Video Converter.dll",wtxiIel]
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator =>  
Task: {C1514B45-5462-4134-B30A-7361AE6EC301} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath =>  [Argument = /DoUpdateRecordPath $(Arg0)]
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask =>  [Argument = /offerraupdate]
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting =>  [Argument = -queuereporting]
Task: {D23F859F-E0E8-4112-B5DC-7BDCF0AB3A49} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask =>  [Argument = /run]
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy =>  [Argument = /d acproxy.dll,PerformAutochkOperations]
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask =>  [Argument = start sppsvc]
Task: {DE0540E1-C0AB-4459-8836-B61BB2E1A560} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart =>  [Argument = /RestartRecording]
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange =>  [Argument = bfe.dll,BfeOnServiceStartTypeChange]
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask =>  [Argument = $(Arg0)]
Task: {E558E3DF-09B8-4DC8-A9D9-0458E8A8E903} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =>  [Argument = /DoConfigureInternetTimeService]
Task: {E5D59B86-7F71-4E79-96F1-406289A3BB76} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate =>  [Argument = $(Arg0)]
Task: {E94F4187-15F2-4524-A438-41655C809720} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask =>  [Argument = -PvrRecoveryTask]
Task: {EAEF3EBD-4498-45D9-860C-6563287F5942} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector =>  [Argument = dfdts.dll,DfdGetDefaultPolicyAndSMART]
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - System32\Tasks\Microsoft\Windows\MUI\LPRemove =>  
Task: {FB157468-5F50-4A7E-A3FD-4BF702172E2E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch =>  [Argument = /DoRegisterSearch $(Arg0)]
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem =>  [Argument = -energy -auto]
Task: {FD5D52E5-BE51-4345-94EC-1B57FCCB131E} - System32\Tasks\Synaptics TouchPad Enhancements =>  
Task: {FDC63E08-45C9-4CD8-8DA3-BED71E4ED36A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask =>  [Argument = start osppsvc]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Serial iPhone Video Converter.job => rundll32.exe  C:\Program Files\Serial iPhone Video Converter\Serial iPhone Video Converter.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-08-31 17:18 - 2017-08-31 17:18 - 040257336 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2017-09-27 18:32 - 2017-09-21 00:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 18:32 - 2017-09-21 00:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-10-01 20:43 - 2017-10-01 20:43 - 000088064 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\_ctypes.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000918528 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\_hashlib.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000098816 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32api.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000110080 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\pywintypes27.dll
2017-10-01 20:44 - 2017-10-01 20:44 - 000364544 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\pythoncom27.dll
2017-10-01 20:44 - 2017-10-01 20:44 - 000686080 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\unicodedata.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000320512 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32com.shell.shell.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 001177088 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\wx._core_.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000806912 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\wx._gdi_.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000816640 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\wx._windows_.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 001067520 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\wx._controls_.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000733696 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\wx._misc_.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000736256 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\pysqlite2._sqlite.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000119808 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32file.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000108544 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32security.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000007168 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\hashobjs_ext.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000017920 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\thumbnails_ext.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000082432 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\usb_ext.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000013824 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\common.time34.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000018432 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32event.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000088576 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\windows.volumes.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000017408 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\windows.winwrap.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000167936 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32gui.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000046080 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\_socket.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 001309696 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\_ssl.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000129536 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\_elementtree.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000127488 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\pyexpat.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000038912 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32inet.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000077824 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\wx._html2.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000036864 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\_psutil_windows.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000524248 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\windows._lib_cacheinvalidation.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000011264 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32crypt.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000218624 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\PIL._imaging.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000027648 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\_multiprocessing.pyd
2017-10-01 20:43 - 2017-10-01 20:43 - 000020480 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\_yappi.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000035840 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32process.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000024064 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32pipe.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000010240 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\select.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000025600 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32pdh.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000058880 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\windows.device_monitor.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000017408 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32profile.pyd
2017-10-01 20:44 - 2017-10-01 20:44 - 000022528 _____ () C:\Users\Administrator\AppData\Local\Temp\_MEI25162\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-10-01 18:54 - 000013472 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    gf.tools.avast.com
127.0.0.1    pair.ff.avast.com
127.0.0.1    ipm-provider.ff.avast.com
127.0.0.1    ipm-provider.ff.avast.com
127.0.0.1    ipm-provider.ff.avast.com
127.0.0.1    id.avast.com
127.0.0.1    v4618535.iavs9x.u.avast.com
127.0.0.1    v4618535.ivps9x.u.avast.com
127.0.0.1    v4618535.ivps9tiny.u.avast.com
127.0.0.1    v4618535.vpsnitro.u.avast.com
127.0.0.1    v4618535.vpsnitrotiny.u.avast.com
127.0.0.1    v4618535.iavs5x.u.avast.com
127.0.0.1    v7.stats.avast.com
127.0.0.1    v7.stats.avast.com
127.0.0.1    v7event.stats.avast.com
127.0.0.1    sm00.avast.com
127.0.0.1    submit5.avast.com
127.0.0.1    geoip.avast.com
127.0.0.1    w9448963.iavs9x.u.avast.com
127.0.0.1    w9448963.ivps9x.u.avast.com
127.0.0.1    w9448963.ivps9tiny.u.avast.com
127.0.0.1    w9448963.vpsnitro.u.avast.com
127.0.0.1    w9448963.vpsnitrotiny.u.avast.com
127.0.0.1    w9448963.iavs5x.u.avast.com
127.0.0.1    v7.stats.avast.com
127.0.0.1    v7.stats.avast.com
127.0.0.1    v7event.stats.avast.com
127.0.0.1    sm00.avast.com
127.0.0.1    submit5.avast.com
127.0.0.1    geoip.avast.com

There are 332 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-591282506-4025843349-1776727890-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.14.188.85
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{11BAF365-2905-4937-99EC-A58C5277A956}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{B87333FE-2FD4-41FD-AF64-656E0DB7CCB8}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{92CD75F0-F16F-41ED-BB72-5B0A9EEE383C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DDCE5B51-BE32-429F-BFF6-E1D7EBCD9CF3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

05-09-2017 21:06:19 Windows Update
09-09-2017 15:07:55 Windows Update
13-09-2017 08:28:34 Windows Update
13-09-2017 22:23:41 Windows Modules Installer
14-09-2017 23:52:34 Windows Update
15-09-2017 07:10:12 Windows Update
16-09-2017 10:26:02 Windows Update
19-09-2017 22:15:05 Windows Update
24-09-2017 02:00:48 Windows Update
27-09-2017 18:30:04 Windows Update
01-10-2017 13:39:59 Windows Update
01-10-2017 17:38:47 Removed Online Application

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2017 08:43:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 08:41:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 08:28:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 07:53:48 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=fdf3ecb9-b56f-43b2-a9b8-1b48b6bae1a7

Error: (10/01/2017 07:53:48 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0xC004C003

Error: (10/01/2017 07:33:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 07:18:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 06:53:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 06:13:54 PM) (Source: MsiInstaller) (EventID: 11719) (User: Laptop)
Description: Product: Online Application -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (10/01/2017 06:08:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/01/2017 08:46:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/01/2017 08:28:32 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error Access is denied.
.

Error: (10/01/2017 08:27:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (10/01/2017 07:32:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error Access is denied.
.

Error: (10/01/2017 07:31:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/01/2017 07:31:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/01/2017 07:31:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/01/2017 07:31:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Microphone Mute service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/01/2017 07:31:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Corel License Validation Service V2, Powered by arvato service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/01/2017 07:31:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Hotkey Client Loader service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 54%
Total physical RAM: 6055.23 MB
Available physical RAM: 2747.09 MB
Total Virtual: 12108.65 MB
Available Virtual: 8234.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:145.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 53323C3D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

  • Root Admin

Hello  @purpleblood and :welcome:

Please read and follow the directions from this topic

After running that, if you're able to run Malwarebytes and other tools please also run the following.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Thanks Ron!  Here are the logs from MBAM and ADW.  I've already posted the FRST logs above.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/1/17
Scan Time: 9:12 PM
Log File: f89404e8-a727-11e7-ade4-00235ad66ee3.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.207
Update Package Version: 1.0.2929
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Laptop\Administrator

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319403
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

# AdwCleaner 7.0.3.1 - Logfile created on Mon Oct 02 04:22:09 2017
# Updated on 2017/29/09 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: iorrt


***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [11888 B] - [2017/10/2 1:5:42]
C:/AdwCleaner/AdwCleaner[C1].txt - [1451 B] - [2017/10/2 2:31:52]
C:/AdwCleaner/AdwCleaner[S0].txt - [13231 B] - [2017/10/2 1:3:45]
C:/AdwCleaner/AdwCleaner[S1].txt - [1339 B] - [2017/10/2 2:31:40]
C:/AdwCleaner/AdwCleaner[S2].txt - [1219 B] - [2017/10/2 4:0:37]
C:/AdwCleaner/AdwCleaner[S3].txt - [1285 B] - [2017/10/2 4:20:44]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

 

 

 

Link to post
Share on other sites

  • Root Admin

Okay, no problem. Please restart the computer. Then run FRST again and make sure you place a check mark on the Additions.txt check box and post back both new logs as an attachment. Please don't copy/paste as the forum software does not always translate correctly.

Thank you

Ron

 

Link to post
Share on other sites

  • Root Admin


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

Link to post
Share on other sites

Thanks for all the help Ron.

So the fix ran.  Then I rebooted and tried to run MBAR which gave me a new error "The system volume seems inaccessible or encrypted. Scan can't continue."

I again tried the steps in the link you provided on MBAR to no avail.  

I also got the same error trying to load MBAM with rootkit check "Unable to load DDA Driver."

mbar-log-2017-10-02 (09-41-25).txt

Fixlog.txt

Link to post
Share on other sites

MBAM tried to reboot and fix the problem but it didn't fix the drivers.  Now MBAR went back to the DDA driver error.  I'm uploading another round of FRST logs incase you need those.

I also noticed that in the File Explorer when I mouse over an .exe. the "Open" Icon is broken (See the attachment for a screen shot of this)

FRST.txt

Addition.txt

Broken Open Link.png

Edited by purpleblood
Link to post
Share on other sites

  • Root Admin

Yes, it has probably broken the file association.

Please read the following
The complexity of finding, preventing, and cleanup from malware
 

 

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • Root Admin

Great, let's get another reboot. Then run all of these again. Make sure you save the NEW logs to post, not the old ones.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

RESTART the computer again before running STEP 3

 

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

  • Root Admin


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Then restart the computer one more time if FRST does not do it for you. Then run FRST again and get both new logs again, as well as a new scan with AdwCleaner.

Thanks

Ron

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.