Jump to content

Computer in Bootloop with error showing up at mbamswissarmy.sys


Recommended Posts

Before I begin, I am running a Windows 7 Professional 64-bit OS.

I was clearing out some stuff in my D drive (drive without the system files) and I happened upon an (innocuous) User folder. Thinking it was from Origin, I deleted it (it was about 6 GB) and now, my computer is in a bootloop. The boot critical error at the bottom of the error log was from a certain mbamswissarmy.sys. Since I remember that "mbam" was malwarebytes, here I am. Can someone please help me?

Link to post
Share on other sites
Please download Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If you are using Windows 8 or 10 consult How to use the Windows 8 or 10 System Recovery Environment Command Prompt Here: http://www.howtogeek.com/126016/three-ways-to-access-the-windows-8-boot-options-menu/ to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thank you,

Kevin

Link to post
Share on other sites

Thanks for the update, maybe an easier fix is to use System Restore.....

Access the system recovery options again, this time select "System Restore" follow the prompts and go back in time prior to this issue starting..

On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore     <<<<<<------------ Select this option...
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Any progress...?

Link to post
Share on other sites

Ok, the problem with the boot loop is mbamswissarmy.sys is failing driver signature checks.  When you boot continuously tap F8 to access revovery environment...

When the RE loads scroll to and select "Disable Driver Signature Enforcement"

Reboot, does windows now load....?

Link to post
Share on other sites

Right. Here is the content of the FRST txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2017
Ran by SYSTEM on MININT-22EBKQO (23-10-2017 15:04:29)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-26] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-06-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-08-06] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-04] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-07-31] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-12] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-22] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1536520 2017-08-09] ()
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-04-19] (Digital Wave Ltd.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2289856 2017-07-03] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-10-11] (EasyAntiCheat Ltd)
S2 GoogleInputService; C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [164312 2017-03-31] (Google Inc)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-26] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-21] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-06] (Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-29] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-20] (Malwarebytes)
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-14] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-21] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-10-16] (Overwolf LTD)
S3 RaySat2016Server; C:\Program Files\Autodesk\mrsat3.13.1-maya2016\bin\raysat2016server.exe [106240 2015-05-26] (NVIDIA ARC GmbH)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-02-02] (Wacom Technology, Corp.)
S3 Origin Client Service; "E:\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "E:\Origin\OriginWebHelperService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-12-15] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-12-15] (Disc Soft Ltd)
S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [501216 2015-06-18] (Intel Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-13] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-13] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-10] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-10] ()
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-07-29] (Intel Corporation)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-16] ()
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-28] (Intel Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-24] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [119952 2017-01-25] (Wacom Technology)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-15] (MBB)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-23 15:04 - 2017-10-23 15:04 - 000000000 ____D C:\FRST
2017-10-22 09:12 - 2017-10-22 09:13 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\Guild Wars 2
2017-10-21 09:04 - 2017-10-21 09:04 - 000006472 _____ C:\Users\Rakshith\Downloads\SOS_mod_list.html
2017-10-16 06:28 - 2017-10-16 06:28 - 000252232 _____ C:\Windows\System32\Drivers\mbamswissarmy.sys
2017-10-13 03:49 - 2017-10-13 03:49 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\BANDISOFT
2017-10-13 00:04 - 2017-10-13 06:12 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\Wargaming.net
2017-10-12 04:19 - 2017-10-12 04:19 - 000000000 ____D C:\Users\Rakshith\AppData\Local\CrashReportClient
2017-10-12 00:59 - 2017-10-12 00:59 - 000000000 ____D C:\Users\Rakshith\AppData\Local\UnrealEngine
2017-10-12 00:59 - 2017-10-12 00:59 - 000000000 ____D C:\Users\Rakshith\AppData\Local\Squad
2017-10-12 00:58 - 2017-10-12 00:58 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\EasyAntiCheat
2017-10-12 00:57 - 2017-10-11 23:02 - 000382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-10-11 22:59 - 2017-10-11 22:59 - 000053704 _____ C:\Users\Rakshith\Documents\Purchase of Squad.pdf
2017-10-11 13:32 - 2017-10-11 13:33 - 126925120 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2017-10-10 18:21 - 2017-09-13 07:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-10-10 18:21 - 2017-09-13 07:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-10-10 18:21 - 2017-09-13 07:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-10-10 18:21 - 2017-09-13 07:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-10-10 18:21 - 2017-09-13 07:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-10-10 18:21 - 2017-09-13 07:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2017-10-10 18:21 - 2017-09-13 07:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-10 18:21 - 2017-09-13 07:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-10 18:21 - 2017-09-13 07:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-10 18:21 - 2017-09-13 07:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 07:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2017-10-10 18:21 - 2017-09-13 07:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2017-10-10 18:21 - 2017-09-13 07:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-10-10 18:21 - 2017-09-13 07:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2017-10-10 18:21 - 2017-09-13 07:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2017-10-10 18:21 - 2017-09-13 06:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2017-10-10 18:21 - 2017-09-13 06:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2017-10-10 18:21 - 2017-09-13 06:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-10-10 18:21 - 2017-09-13 06:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-10-10 18:21 - 2017-09-13 06:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-10-10 18:21 - 2017-09-13 06:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-10-10 18:21 - 2017-09-13 06:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-10-10 18:21 - 2017-09-13 06:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-10 18:21 - 2017-09-13 06:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-10 18:21 - 2017-09-13 06:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-10 18:21 - 2017-09-13 06:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-10 18:21 - 2017-09-13 06:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-10 18:21 - 2017-09-13 06:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 06:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 06:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 06:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-10 18:21 - 2017-09-13 06:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-10 18:21 - 2017-09-08 16:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-10-10 18:21 - 2017-09-08 15:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-10 18:21 - 2017-09-08 07:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2017-10-10 18:21 - 2017-09-08 07:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\System32\Query.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2017-10-10 18:21 - 2017-09-08 07:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2017-10-10 18:21 - 2017-09-08 07:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2017-10-10 18:21 - 2017-09-08 07:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2017-10-10 18:21 - 2017-09-08 07:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2017-10-10 18:21 - 2017-09-08 07:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-10 18:21 - 2017-09-08 07:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-10 18:21 - 2017-09-08 07:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-10 18:21 - 2017-09-08 07:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-10 18:21 - 2017-09-08 07:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-10 18:21 - 2017-09-08 07:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-10 18:21 - 2017-09-08 07:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-10 18:21 - 2017-09-08 07:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-10 18:21 - 2017-09-08 07:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-10 18:21 - 2017-09-08 07:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-10 18:21 - 2017-09-08 07:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-10 18:21 - 2017-09-08 07:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-10-10 18:21 - 2017-09-08 07:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-10 18:21 - 2017-09-08 07:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-10 18:21 - 2017-09-08 06:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-10 18:21 - 2017-09-08 06:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-10 18:21 - 2017-09-08 06:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-10 18:21 - 2017-09-08 06:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-10 18:21 - 2017-09-08 06:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-10 18:21 - 2017-09-07 13:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-10-10 18:21 - 2017-09-07 13:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2017-10-10 18:21 - 2017-09-07 13:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2017-10-10 18:21 - 2017-09-07 13:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-10-10 18:21 - 2017-09-07 13:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2017-10-10 18:21 - 2017-09-07 13:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-10-10 18:21 - 2017-09-07 13:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2017-10-10 18:21 - 2017-09-07 13:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-10-10 18:21 - 2017-09-07 13:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-10-10 18:21 - 2017-09-07 13:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-10-10 18:21 - 2017-09-07 13:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2017-10-10 18:21 - 2017-09-07 13:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-10-10 18:21 - 2017-09-07 13:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2017-10-10 18:21 - 2017-09-07 13:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-10-10 18:21 - 2017-09-07 13:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2017-10-10 18:21 - 2017-09-07 13:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-10-10 18:21 - 2017-09-07 12:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2017-10-10 18:21 - 2017-09-07 12:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-10-10 18:21 - 2017-09-07 12:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-10-10 18:21 - 2017-09-07 12:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-10-10 18:21 - 2017-09-07 12:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2017-10-10 18:21 - 2017-09-07 12:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2017-10-10 18:21 - 2017-09-07 12:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2017-10-10 18:21 - 2017-09-07 12:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-10-10 18:21 - 2017-09-07 12:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-10-10 18:21 - 2017-09-07 12:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2017-10-10 18:21 - 2017-09-07 12:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-10-10 18:21 - 2017-09-07 12:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-10-10 18:21 - 2017-09-07 12:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-10-10 18:21 - 2017-09-07 12:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-10-10 18:21 - 2017-09-07 12:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2017-10-10 18:21 - 2017-09-07 11:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-10-10 18:21 - 2017-09-07 11:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-10-10 18:21 - 2017-09-07 11:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-10-10 18:21 - 2017-09-07 11:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-10-10 18:21 - 2017-09-07 11:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-10-10 18:21 - 2017-09-07 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-10-10 18:21 - 2017-09-07 11:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-10 18:21 - 2017-09-07 11:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-10-10 18:21 - 2017-09-07 11:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-10-10 18:21 - 2017-09-07 11:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-10 18:21 - 2017-09-07 11:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-10 18:21 - 2017-09-07 11:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-10 18:21 - 2017-09-07 11:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-10-10 18:21 - 2017-09-07 11:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-10-10 18:21 - 2017-09-07 10:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-10-10 18:21 - 2017-09-07 10:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-10 18:21 - 2017-09-07 10:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-10-10 18:21 - 2017-09-07 10:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-10-10 18:21 - 2017-09-07 10:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-10-10 18:21 - 2017-09-07 10:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-10-10 18:21 - 2017-09-07 10:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-10-10 18:21 - 2017-09-07 10:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-10-10 18:21 - 2017-09-07 10:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-10-10 18:21 - 2017-09-07 10:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-10 18:21 - 2017-09-07 10:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-10 18:21 - 2017-09-07 10:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-10-10 18:21 - 2017-09-07 10:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-10 18:21 - 2017-09-07 10:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-10 18:21 - 2017-09-07 10:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-10 18:21 - 2017-09-07 10:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-10 18:21 - 2017-09-07 10:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-10-10 18:21 - 2017-09-07 10:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-10 18:21 - 2017-09-07 10:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-10 18:21 - 2017-09-07 09:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-10 18:21 - 2017-09-07 09:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-10 18:21 - 2017-09-07 07:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll
2017-10-10 18:21 - 2017-09-07 07:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-10 18:21 - 2017-09-07 06:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-10-10 18:21 - 2017-09-07 06:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-10-10 18:21 - 2017-09-07 06:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2017-10-10 18:21 - 2017-08-19 07:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2017-10-10 18:21 - 2017-08-19 07:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2017-10-10 18:21 - 2017-08-19 07:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2017-10-10 18:21 - 2017-08-19 07:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-10-10 18:21 - 2017-08-19 07:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-10-10 18:21 - 2017-08-19 07:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-10-10 18:21 - 2017-08-19 07:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2017-10-10 18:21 - 2017-08-19 07:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2017-10-10 18:21 - 2017-08-19 06:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-10-10 18:21 - 2017-08-19 06:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-10-10 18:21 - 2017-08-14 09:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2017-10-10 18:21 - 2017-08-14 09:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-10-10 18:21 - 2017-08-14 09:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2017-10-10 18:21 - 2017-08-13 13:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2017-10-07 10:48 - 2017-10-07 10:48 - 000000026 _____ C:\Users\Rakshith\Documents\Smash user and pass.txt
2017-10-04 13:12 - 2017-10-04 13:12 - 105689072 _____ C:\Users\Rakshith\Downloads\Nuke9.0v1.pdf
2017-10-04 13:12 - 2017-10-04 13:12 - 004195133 _____ C:\Users\Rakshith\Downloads\Sillhouette.pdf
2017-10-04 09:41 - 2017-10-04 09:41 - 000009561 _____ C:\Users\Rakshith\Documents\Security - Ubisoft Account Management.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 15:09 - 2017-08-09 11:15 - 000000000 ____D C:\Users\Rakshith\AppData\Local\Arma 3 Launcher
2017-10-22 14:41 - 2016-12-15 03:11 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\qBittorrent
2017-10-22 14:39 - 2016-12-15 05:44 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\TS3Client
2017-10-22 14:26 - 2009-07-13 20:45 - 000022032 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-22 14:26 - 2009-07-13 20:45 - 000022032 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-22 13:57 - 2017-07-28 12:08 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\discord
2017-10-22 12:30 - 2016-12-15 02:19 - 000000000 ____D C:\Users\Rakshith\AppData\Local\Adobe
2017-10-22 11:30 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-10-22 09:16 - 2016-12-15 05:37 - 000000000 ____D C:\Users\Rakshith\Desktop\Games
2017-10-22 08:01 - 2017-08-09 11:19 - 000000000 ____D C:\Users\Rakshith\AppData\Local\Arma 3
2017-10-22 03:46 - 2016-12-16 08:23 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\vlc
2017-10-22 03:42 - 2016-12-15 02:19 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-22 03:42 - 2016-12-15 02:19 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-22 03:42 - 2016-12-15 02:19 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-22 03:42 - 2016-12-15 02:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-22 03:42 - 2016-12-15 02:19 - 000000000 ____D C:\Windows\System32\Macromed
2017-10-19 05:45 - 2016-12-15 02:20 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-10-19 05:11 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2017-10-18 12:55 - 2016-12-15 02:13 - 000000000 ____D C:\Users\Rakshith\AppData\Roaming\Telegram Desktop
2017-10-16 07:07 - 2017-07-01 08:06 - 000000000 ____D C:\Users\Rakshith\AppData\Local\CrashDumps
2017-10-16 06:28 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-13 05:17 - 2017-07-01 04:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-13 05:17 - 2016-12-15 01:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-13 03:49 - 2017-01-22 10:10 - 000000000 ____D C:\Users\Rakshith\Documents\Bandicam
2017-10-11 14:30 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\rescache
2017-10-11 13:59 - 2009-07-13 21:13 - 000783606 _____ C:\Windows\System32\PerfStringBackup.INI
2017-10-11 13:53 - 2009-07-13 20:45 - 005376936 _____ C:\Windows\System32\FNTCACHE.DAT
2017-10-11 13:35 - 2016-12-16 04:58 - 000000000 ____D C:\Windows\System32\MRT
2017-10-11 13:32 - 2016-12-16 04:58 - 126925120 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-10-11 13:31 - 2016-12-12 10:13 - 000775728 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-08 05:04 - 2017-09-16 15:23 - 000000000 ____D C:\Users\Rakshith\.junique
2017-10-07 17:35 - 2017-08-13 05:55 - 000077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-10-07 11:34 - 2017-07-30 06:51 - 000000000 ____D C:\Users\Rakshith\AppData\Local\Overwolf
2017-09-30 19:52 - 2016-12-15 03:23 - 000000000 ____D C:\Program Files\CCleaner

Some files in TEMP:
====================
2017-10-22 09:12 - 2017-10-22 09:12 - 032880296 _____ (ArenaNet) C:\Users\Rakshith\AppData\Local\Temp\Gw2.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2017-09-13 05:20] - [2017-08-10 22:35] - 000512000 _____ (Microsoft Corporation) 3F1A199859B4F3F8357B2A0AF5666A54

C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16320.43 MB
Available physical RAM: 15171.07 MB
Total Virtual: 16318.63 MB
Available Virtual: 15173.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:122.8 GB) (Free:24.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
Drive e: (Rak's personal) (Fixed) (Total:210.98 GB) (Free:26.6 GB) NTFS
Drive f: (Movies and Setups) (Fixed) (Total:131.53 GB) (Free:28.23 GB) NTFS
Drive g: (Oct 23 2017) (CDROM) (Total:4.38 GB) (Free:4.2 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A89590B9)
Partition 1: (Active) - (Size=122.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=131.5 GB) - (Type=07 NTFS)

LastRegBack: 2017-10-19 11:14

==================== End of FRST.txt ============================

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Will windows now boot normally

 

fixlist.txt

Link to post
Share on other sites

Operation Success. I am able to get into my system again. Thanks a lot. Here is the fixlog. Before i post it though, can I ask, what went wrong? For future references.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by SYSTEM (23-10-2017 15:22:16) Run:1
Running from g:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
Start
S3 Origin Client Service; "E:\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "E:\Origin\OriginWebHelperService.exe" [X]
S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-16] ()
C:\Windows\System32\Drivers\mbamswissarmy.sys
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
end

*****************

HKLM\System\ControlSet001\Services\Origin Client Service => key removed successfully
Origin Client Service => service removed successfully
HKLM\System\ControlSet001\Services\Origin Web Helper Service => key removed successfully
Origin Web Helper Service => service removed successfully
HKLM\System\ControlSet001\Services\MBAMSwissArmy => key removed successfully
MBAMSwissArmy => service removed successfully
C:\Windows\System32\Drivers\mbamswissarmy.sys => moved successfully
HKLM\System\ControlSet001\Services\gdrv => key removed successfully
gdrv => service removed successfully
d => Error: No automatic fix found for this entry.

==== End of Fixlog 15:22:16 ====

Link to post
Share on other sites

The problem was not down to malware or infection, this driver from Malwarebytes "mbamswissarmy.sys" was failing signature check at boot, hence you end up in boot loop. I`m not really sure why that happened, i believe it is possibly down to a windows update... Malwarebytes is now broken because we removed the problem driver with frst. Make clean install as follows:

Totally Remove Malwarebytes from your system:

Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop..

If applicable, backup your Malwarebytes license key information and deactivate the product.

Close all open applications and deactivate Malwarebytes <---- Very important, do not miss that step

To deactivate Malwarebytes:

Right click on tray icon, from the opened list select "Quit Malwarebytes" an UAC alert will open, select "Yes" to deactivate Malwarebytes...

  • Double-click mb-clean.exe to run it
  • A prompt to confirm the cleanup will appear, select Yes or No
  • Yes - will proceed with the cleanup process <---- Select this option to start the tool
  • No - will exit the utility
  • The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes.
  • Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot
  • We recommend an immediate reboot <--- Do Not miss out this step
  • Suppressing the reboot may result in an incomplete cleanup
  • Upon reboot Malwarebytes will be totally removed from your system


To re-install Malwarebytes:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/
 
  • Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....
  • When the install completes and is updated do the following:
  • Open Malwarebytes, select > "settings" > "protection tab"
  • Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....
  • Go back to "DashBoard" select the Blue "Scan Now" tab......

Post Malwarebytes log, also let me know if there are any remaining issues or concerns..

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Thank you,

Kevin



 
Edited by kevinf80
Link to post
Share on other sites

Apologies for my late reply. I was busy with school, which took longer than expected. Nevertheless, I did the aforementioned and Here is the Export Summary. My theory is that it wasn't an infection, as much as a dump file for de-fragmentation IDs (damn you Defraggler) which got accidentally shift-deleted by an oh-so-oblivious me, leading to MalwareBytes thinking it was under some sort of malware induced digi-coma. Nevertheless, thanks a lot, Kevin and MalwareBytes support team. You saved me a lot of money and a lot of headache.

Running the free version of MalwareBytes but will definitely get the Premium later on.

 

Export Summary.txt

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.