Jump to content

Trojan.Multi.GenAutorunSQL.a


Recommended Posts

The objectname is trojan.multi.GenAutorunProc.a and it doesn't mention a location. Only that the system memory was desinfected. This was done 5 times. I also run Kaspersky Endpoint Security afterwards with no results and a temp CCleaner who removed a few things but nothing major.
Currently everything looks ok , but I want to be sure.

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the log for my review.

Let me know what problems persists.

Wait for further instructions
====

Please let me know what application is reporting this Trojan.
Trojan.Multi.GenAutorunSQL.a


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (25-06-2020 17:08:32)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER
Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Amazon Services LLC -> ) C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
(Amazon.com Services LLC -> Amazon Web Services, Inc.) C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe <2>
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avpsus.exe
(KEY METRIC SOFTWARE, LLC -> ) C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe <2>
(SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Server\vpnserver_x64.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5886264 2020-05-06] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7657984 2020-06-25] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Notification Packages] rassfm scecli
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ec2WallpaperInfo.url -> URL: file:///C:\Program Files\Amazon\Ec2ConfigService\Ec2WallpaperInfo.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2020-05-06]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
BootExecute: autocheck autochk /q /v * 
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F86429-2703-4B26-BA24-E8017B5BFE04} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {2C1C78C2-1640-4750-8DDA-C5D7BA0C1365} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [120636720 2020-06-23] (Microsoft Windows -> Microsoft Corporation)
Task: {48D15597-0304-4589-AD2C-8D3407208A08} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-06-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4F721357-E298-4B6F-B097-BA248119ADE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24584376 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [235520 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {7AC3B9A0-F76F-4F71-BAC6-4870A1F68CA8} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {8BE7E449-E39F-4CD7-88E4-5200110ED82A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-06-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [94208 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {BDE834E9-69EE-485F-9906-6933B2F32773} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CFACEE0F-4A61-4CD3-9182-9F6ED7407217} - System32\Tasks\Ec2ConfigMonitorTask => C:\Program Files\Amazon\Ec2ConfigService\Ec2ConfigMonitor.exe [23216 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.31.0.2
Tcpip\..\Interfaces\{0907A6F7-E08C-477F-A713-5A0BEE9784E4}: [DhcpNameServer] 172.31.0.2
Tcpip\..\Interfaces\{0D80B415-918B-4238-94C4-5296405932F5}: [DhcpNameServer] 172.31.0.2
Tcpip\..\Interfaces\{55E27BB4-F93D-47B5-8243-E5D20D1E7312}: [DhcpNameServer] 192.168.1.250

Internet Explorer:
==================
HKU\S-1-5-21-2472832658-3903326398-751777190-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-25]

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AmazonSSMAgent; C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe [23410856 2020-01-27] (Amazon Services LLC -> )
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation -> Microsoft Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe [2122488 2020-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avpsus.exe [3175032 2020-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
S2 AWSLiteAgent; C:\Program Files\Amazon\XenTools\LiteAgent.exe [470680 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 cfn-hup; C:\Program Files\Amazon\cfn-bootstrap\winhup.exe [29696 2018-08-20] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-06-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-06-23] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-06-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 Ec2Config; C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe [187568 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-23] (Malwarebytes Inc -> Malwarebytes)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218736 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50280 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [193648 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2502768 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5886264 2020-05-06] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SEVPNSERVER; C:\Program Files\SoftEther VPN Server\vpnserver_x64.exe [5907256 2020-05-07] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SQL Backup Master; C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe [95640 2020-06-15] (KEY METRIC SOFTWARE, LLC -> )
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137840 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [343152 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [607344 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6642536 2020-04-20] (TeamViewer Germany GmbH -> TeamViewer GmbH)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-09-04] (Microsoft Windows -> Microsoft Corporation)
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AWSNVMe; C:\Windows\System32\drivers\AWSNVMe.sys [154264 2019-09-03] (Amazon Web Services, Inc. -> Amazon)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications)
S3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [47600 2020-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
R0 ec2winutildriver; C:\Windows\System32\drivers\EC2WinUtilDriver.sys [67480 2018-08-27] (Amazon Web Services, Inc. -> Amazon)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex)
R3 ena; C:\Windows\system32\DRIVERS\ena.sys [182424 2019-11-18] (Amazon Web Services, Inc. -> Amazon Web Services, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [656856 2020-03-03] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [92928 2020-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [172800 2020-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [37496 2020-02-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [258304 2020-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [586496 2020-01-29] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1165056 2020-02-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1234176 2020-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [88560 2020-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [79824 2020-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [135424 2020-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [279296 2020-03-06] (Kaspersky Lab -> AO Kaspersky Lab)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-23] (Malwarebytes Inc -> Malwarebytes)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [117760 2016-07-09] (Microsoft Windows -> Microsoft Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38088 2020-05-06] (SoftEther Corporation -> SoftEther Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S4 RsFx0204; C:\Windows\System32\DRIVERS\RsFx0204.sys [347800 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [52424 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50888 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
S3 vxn; C:\Windows\system32\DRIVERS\vxn64x64.sys [133392 2016-05-09] (Intel Corporation -> Intel Corporation)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 XEN; C:\Windows\System32\Drivers\XEN.sys [105416 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 XENBUS; C:\Windows\System32\DRIVERS\xenbus.sys [202184 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
R0 xenfilt; C:\Windows\System32\DRIVERS\xenfilt.sys [70088 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xeniface; C:\Windows\System32\drivers\xeniface.sys [112792 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xennet; C:\Windows\system32\DRIVERS\xennet.sys [71816 2018-12-03] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 xenvbd; C:\Windows\System32\DRIVERS\xenvbd.sys [130200 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xenvif; C:\Windows\system32\DRIVERS\xenvif.sys [303768 2019-06-27] (Amazon Web Services, Inc. -> Amazon Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-25 17:08 - 2020-06-25 17:09 - 000020036 _____ C:\Users\Administrator\Desktop\FRST.txt
2020-06-25 17:08 - 2020-06-25 17:08 - 000000000 ____D C:\FRST
2020-06-25 17:07 - 2020-06-25 17:07 - 002290688 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2020-06-25 17:00 - 2020-06-25 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-06-25 14:11 - 2020-06-25 14:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2020-06-25 14:11 - 2020-06-25 14:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2020-06-25 14:11 - 2020-06-25 14:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2020-06-25 14:11 - 2020-06-25 14:11 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2020-06-24 01:23 - 2020-06-25 17:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2
2020-06-24 01:10 - 2020-06-24 01:10 - 000002510 _____ C:\ProgramData\ProgramData.zip
2020-06-24 01:09 - 2019-12-25 04:25 - 000084592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQLSERVER-sqlctr11.4.7493.4.dll
2020-06-24 01:09 - 2019-12-25 04:21 - 000097904 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQLSERVER-sqlctr11.4.7493.4.dll
2020-06-23 10:48 - 2020-06-23 10:48 - 025838336 _____ (Piriform Software Ltd) C:\Users\Administrator\Downloads\ccsetup568.exe
2020-06-23 06:35 - 2020-06-23 06:56 - 000000281 _____ C:\Users\Administrator\Desktop\Fazer.txt
2020-06-23 06:25 - 2020-06-23 15:26 - 000000000 ___RD C:\Users\Administrator\Cia do Doce Dropbox
2020-06-23 06:22 - 2020-06-25 17:00 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-06-23 06:22 - 2020-06-25 16:27 - 000000954 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2020-06-23 06:22 - 2020-06-25 06:27 - 000000950 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2020-06-23 06:22 - 2020-06-23 06:22 - 000003926 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2020-06-23 06:22 - 2020-06-23 06:22 - 000003690 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2020-06-23 06:22 - 2020-06-23 06:22 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2020-06-23 06:22 - 2020-06-23 06:22 - 000000000 ____D C:\ProgramData\Dropbox
2020-06-23 06:18 - 2015-07-30 11:04 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2020-06-23 06:18 - 2015-07-30 10:48 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2020-06-23 06:17 - 2020-06-23 06:17 - 000999164 _____ C:\Users\Administrator\AppData\Local\Temp\tmp30F.tmp
2020-06-23 06:17 - 2020-06-23 06:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\KB2549864_10.0.40219
2020-06-23 06:17 - 2020-06-23 06:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\KB2548139_10.0.40219
2020-06-23 06:15 - 2020-06-23 06:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\KB2635973_10.0.40219
2020-06-23 06:14 - 2020-06-23 06:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\KB2645410_10.0.40219
2020-06-23 06:13 - 2020-06-23 06:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2020-06-23 06:13 - 2020-06-23 06:13 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2020-06-23 06:13 - 2020-06-23 06:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2020-06-23 06:12 - 2019-12-25 05:16 - 000259696 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2020-06-23 06:12 - 2019-12-25 04:25 - 000046704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-ReportServer-rsctr11.4.7001.0.dll
2020-06-23 06:12 - 2019-12-25 04:21 - 000055920 _____ (Microsoft Corporation) C:\Windows\system32\perf-ReportServer-rsctr11.4.7001.0.dll
2020-06-23 06:03 - 2020-06-23 06:03 - 000000000 _____ C:\Users\Administrator\Documents\teste.txt
2020-06-23 05:59 - 2020-06-01 15:03 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-06-23 05:59 - 2020-06-01 15:03 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-23 05:57 - 2020-06-23 06:01 - 000000000 ____D C:\Windows\WinStore
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Windows\system32\Macromed
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Windows\SKB
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Windows\CSC
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-23 05:57 - 2020-06-23 05:57 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-06-23 05:56 - 2014-06-09 19:13 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2020-06-23 05:56 - 2014-06-09 19:13 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2020-06-23 05:36 - 2016-02-05 16:07 - 000292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2020-06-23 05:36 - 2016-02-05 16:07 - 000243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2020-06-23 05:36 - 2016-02-04 14:24 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2020-06-23 05:36 - 2016-02-04 14:02 - 000483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2020-06-23 05:36 - 2015-12-02 12:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2020-06-23 05:36 - 2015-12-02 12:01 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2020-06-23 05:36 - 2015-07-30 14:18 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2020-06-23 05:36 - 2015-07-30 13:22 - 000230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2020-06-23 05:36 - 2015-07-01 19:16 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2020-06-23 05:36 - 2015-07-01 18:35 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2020-06-23 05:36 - 2015-03-06 00:08 - 002067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2020-06-23 05:36 - 2015-03-05 23:43 - 001969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2020-06-23 05:36 - 2015-01-28 22:58 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2020-06-23 05:36 - 2015-01-28 22:29 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2020-06-23 05:36 - 2014-12-11 02:36 - 000046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2020-06-23 05:32 - 2020-06-23 05:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQL Backup Master
2020-06-23 05:32 - 2020-06-23 05:32 - 000000000 ____D C:\ProgramData\Key Metric Software
2020-06-23 05:32 - 2020-06-23 05:32 - 000000000 ____D C:\ProgramData\Caphyon
2020-06-23 05:32 - 2020-06-23 05:32 - 000000000 ____D C:\Program Files (x86)\Key Metric Software
2020-06-23 05:24 - 2020-06-25 15:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-06-23 05:24 - 2020-06-23 05:24 - 000001308 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security for Windows.lnk
2020-06-23 05:24 - 2020-06-23 05:24 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-06-23 05:24 - 2020-03-12 20:48 - 001234176 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2020-06-23 05:24 - 2020-03-12 20:48 - 000258304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2020-06-23 05:17 - 2020-06-23 05:17 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-06-23 05:17 - 2020-06-23 05:17 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-23 05:17 - 2020-06-23 05:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\mbam
2020-06-23 05:17 - 2020-06-23 05:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-23 05:17 - 2020-06-23 05:13 - 006300552 _____ (Malwarebytes) C:\Users\Administrator\AppData\Local\Temp\MBAMInstallerService.exe
2020-06-23 05:13 - 2020-06-23 05:17 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-06-23 05:13 - 2020-06-23 05:13 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-23 05:13 - 2020-06-23 05:13 - 000000000 ____D C:\Malwarebytes
2020-06-23 05:12 - 2020-06-23 10:50 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-06-23 05:12 - 2020-06-23 05:12 - 000002838 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-06-23 05:12 - 2020-06-23 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-06-23 05:12 - 2020-06-23 05:12 - 000000000 ____D C:\Program Files\CCleaner
2020-06-23 05:11 - 2020-06-23 05:11 - 000016142 _____ C:\Users\Administrator\AppData\Local\Temp\ARWConfig-dfd4b06e-020d-4648-b7f8-6040187f53bf.xml
2020-06-17 18:41 - 2020-06-17 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2020-06-17 18:41 - 2020-06-17 18:41 - 000000000 ____D C:\Program Files\7-Zip
2020-06-09 15:58 - 2020-06-09 15:58 - 000047600 ____N (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys
2020-06-09 15:43 - 2020-06-02 02:18 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2020-06-09 15:43 - 2020-06-02 01:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl.dll
2020-06-09 15:43 - 2020-06-02 01:44 - 001489408 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2020-06-09 15:43 - 2020-06-02 01:43 - 001464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2020-06-09 15:43 - 2020-06-02 01:27 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2020-06-09 15:43 - 2020-06-02 01:25 - 001204736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2020-06-09 15:43 - 2020-06-02 00:59 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll
2020-06-09 15:43 - 2020-05-29 23:54 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-06-09 15:43 - 2020-05-29 23:30 - 000129024 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2020-06-09 15:43 - 2020-05-29 22:53 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2020-06-09 15:43 - 2020-05-29 22:41 - 001368576 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2020-06-09 15:43 - 2020-05-29 22:33 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2020-06-09 15:43 - 2020-05-29 22:23 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2020-06-09 15:43 - 2020-05-27 20:06 - 022364856 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-06-09 15:43 - 2020-05-27 20:06 - 019796328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-06-09 15:43 - 2020-05-20 12:25 - 001384648 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-06-09 15:43 - 2020-05-20 12:21 - 007362312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-06-09 15:43 - 2020-05-20 12:21 - 002170784 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-06-09 15:43 - 2020-05-20 12:21 - 001662512 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2020-06-09 15:43 - 2020-05-20 12:21 - 001062344 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2020-06-09 15:43 - 2020-05-20 12:20 - 001135696 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-06-09 15:43 - 2020-05-20 12:20 - 000806200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-06-09 15:43 - 2020-05-20 09:48 - 025755648 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-06-09 15:43 - 2020-05-20 09:27 - 002911744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2020-06-09 15:43 - 2020-05-20 09:25 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-06-09 15:43 - 2020-05-20 09:13 - 005499392 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-06-09 15:43 - 2020-05-20 09:13 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-06-09 15:43 - 2020-05-20 08:56 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2020-06-09 15:43 - 2020-05-20 08:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2020-06-09 15:43 - 2020-05-20 08:50 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2020-06-09 15:43 - 2020-05-20 08:46 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-06-09 15:43 - 2020-05-20 08:44 - 001124800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-06-09 15:43 - 2020-05-20 08:40 - 001560272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-06-09 15:43 - 2020-05-20 08:40 - 001214720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-06-09 15:43 - 2020-05-20 08:40 - 000548440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2020-06-09 15:43 - 2020-05-20 08:39 - 000614056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2020-06-09 15:43 - 2020-05-20 08:39 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2020-06-09 15:43 - 2020-05-20 08:37 - 015478784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-06-09 15:43 - 2020-05-20 08:37 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-06-09 15:43 - 2020-05-20 08:35 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2020-06-09 15:43 - 2020-05-20 08:34 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2020-06-09 15:43 - 2020-05-20 08:26 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-06-09 15:43 - 2020-05-20 08:23 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-06-09 15:43 - 2020-05-20 08:12 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-06-09 15:43 - 2020-05-20 08:01 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-06-09 15:43 - 2020-05-20 08:00 - 020291584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-06-09 15:43 - 2020-05-20 07:53 - 000861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-06-09 15:43 - 2020-05-20 07:44 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-06-09 15:43 - 2020-05-20 07:40 - 002304000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2020-06-09 15:43 - 2020-05-20 07:34 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-06-09 15:43 - 2020-05-20 07:21 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2020-06-09 15:43 - 2020-05-20 07:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2020-06-09 15:43 - 2020-05-20 07:16 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2020-06-09 15:43 - 2020-05-20 07:14 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-06-09 15:43 - 2020-05-20 07:11 - 004111872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-06-09 15:43 - 2020-05-20 07:09 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-06-09 15:43 - 2020-05-20 07:09 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2020-06-09 15:43 - 2020-05-20 07:08 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2020-06-09 15:43 - 2020-05-20 07:06 - 013861888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-06-09 15:43 - 2020-05-20 07:06 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2020-06-09 15:43 - 2020-05-20 07:01 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-06-09 15:43 - 2020-05-20 06:50 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-06-09 15:43 - 2020-05-20 06:47 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-06-09 15:43 - 2020-05-20 06:46 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-06-09 15:43 - 2020-05-13 14:49 - 001368592 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-06-09 15:43 - 2020-05-12 22:23 - 000414624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2020-06-09 15:43 - 2020-05-12 22:23 - 000373888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2020-06-09 15:43 - 2020-05-12 06:47 - 000466840 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2020-06-09 15:43 - 2020-05-12 06:46 - 000415240 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2020-06-09 15:43 - 2020-05-10 06:24 - 001311768 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-06-09 15:43 - 2020-05-10 01:36 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2020-06-09 15:43 - 2020-05-10 01:23 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2020-06-09 15:43 - 2020-05-10 01:20 - 000340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2020-06-09 15:43 - 2020-05-10 01:15 - 003331584 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-06-09 15:43 - 2020-05-10 01:03 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-06-09 15:43 - 2020-05-10 00:56 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2020-06-09 15:43 - 2020-05-10 00:53 - 003640320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-06-09 15:43 - 2020-05-10 00:53 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2020-06-09 15:43 - 2020-05-10 00:47 - 000936448 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2020-06-09 15:43 - 2020-05-10 00:25 - 001085952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-06-09 15:43 - 2020-05-10 00:23 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-06-09 15:43 - 2020-05-10 00:17 - 014533120 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-06-09 15:43 - 2020-05-10 00:09 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-06-09 15:43 - 2020-05-09 22:10 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-06-09 15:43 - 2020-05-09 22:10 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-06-09 15:43 - 2020-05-01 11:17 - 001097216 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-06-09 15:43 - 2020-05-01 11:15 - 000866304 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2020-06-09 15:43 - 2020-04-30 00:49 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2020-06-09 15:43 - 2020-04-30 00:22 - 000881664 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2020-06-09 15:43 - 2020-04-30 00:20 - 000244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usbmon.dll
2020-06-09 15:43 - 2020-04-29 23:40 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2020-06-09 15:43 - 2020-04-29 23:37 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2020-06-09 15:43 - 2020-04-29 23:34 - 000265728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDMon.dll
2020-06-09 15:43 - 2020-04-29 23:32 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmon.dll
2020-06-09 15:43 - 2020-04-29 10:47 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2020-06-09 15:43 - 2020-04-20 00:12 - 000332800 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2020-06-09 15:43 - 2020-04-19 23:45 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2020-06-09 15:43 - 2020-04-16 03:04 - 000722496 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-06-09 15:43 - 2020-04-16 03:04 - 000642488 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-06-09 15:43 - 2020-04-16 03:00 - 000374024 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-06-09 15:43 - 2020-04-16 01:29 - 000561400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-06-09 15:43 - 2020-04-16 01:29 - 000493736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-06-09 15:43 - 2020-04-16 01:25 - 000316368 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-06-09 15:43 - 2020-04-16 00:31 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2020-06-09 15:43 - 2020-04-16 00:28 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2020-06-09 15:43 - 2020-04-16 00:07 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2020-06-09 15:43 - 2020-04-16 00:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2020-06-09 15:43 - 2020-04-16 00:05 - 000147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2020-06-09 15:43 - 2020-04-15 23:59 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-06-09 15:43 - 2020-04-15 23:50 - 001384960 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-06-09 15:43 - 2020-04-15 23:48 - 000310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2020-06-09 15:43 - 2020-04-15 23:39 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-06-09 15:43 - 2020-04-15 23:35 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2020-06-09 15:43 - 2020-04-15 23:28 - 000902656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2020-06-09 15:43 - 2020-04-15 23:27 - 000173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2020-06-09 15:43 - 2020-04-15 23:24 - 007799296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2020-06-09 15:43 - 2020-04-15 23:23 - 000626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2020-06-09 15:43 - 2020-04-15 23:22 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\ConfigureExpandedStorage.dll
2020-06-09 15:43 - 2020-04-15 23:20 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
2020-06-09 15:43 - 2020-04-15 23:19 - 001265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2020-06-09 15:43 - 2020-04-15 23:18 - 005271552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2020-06-09 15:43 - 2020-04-15 23:14 - 001727488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-06-09 15:43 - 2020-04-15 23:11 - 001546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-06-09 15:43 - 2020-04-15 23:11 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2020-06-09 15:43 - 2020-04-15 23:11 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2020-06-09 15:43 - 2020-04-15 23:07 - 000156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2020-06-09 15:43 - 2020-04-15 23:05 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2020-06-09 15:43 - 2020-04-14 04:33 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2020-06-09 15:43 - 2020-04-14 04:03 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2020-06-09 15:43 - 2020-04-11 15:41 - 000376568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-06-09 15:43 - 2020-04-11 15:39 - 001542696 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-06-09 15:43 - 2020-04-11 12:55 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2020-06-09 15:43 - 2020-04-11 12:53 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2020-06-09 15:43 - 2020-04-11 12:48 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-06-09 15:43 - 2020-04-11 12:47 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2020-06-09 15:43 - 2020-04-10 21:12 - 002446576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-06-09 15:43 - 2020-04-10 21:12 - 000428784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-06-09 15:43 - 2020-04-07 16:30 - 000988472 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2020-06-09 15:43 - 2020-04-07 16:28 - 000857320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2020-06-09 15:43 - 2020-04-04 13:06 - 000879616 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-06-09 15:43 - 2020-04-04 12:50 - 000795136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-25 17:07 - 2020-05-07 10:13 - 000000000 ____D C:\Program Files\SoftEther VPN Server
2020-06-25 17:06 - 2020-05-06 17:59 - 000003594 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2472832658-3903326398-751777190-500
2020-06-25 04:25 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\rescache
2020-06-24 04:32 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2020-06-24 01:29 - 2014-03-18 06:55 - 001038478 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-24 01:22 - 2020-05-06 22:52 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2020-06-24 01:21 - 2013-08-22 11:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-24 01:14 - 2020-05-07 16:55 - 000000000 ____D C:\Users\SQLSERVERAGENT
2020-06-24 01:14 - 2020-05-07 16:48 - 000000000 ____D C:\Users\ReportServer
2020-06-24 01:14 - 2020-05-07 16:48 - 000000000 ____D C:\Users\MSSQLServerOLAPService
2020-06-24 01:14 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MSSQLSERVER
2020-06-24 01:14 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MSSQLFDLauncher
2020-06-24 01:14 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MsDtsServer110
2020-06-24 01:08 - 2013-08-22 12:39 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-06-24 01:06 - 2020-05-07 09:45 - 000000000 ____D C:\Program Files\RDP Wrapper
2020-06-24 01:02 - 2020-05-07 16:19 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2020-06-24 01:02 - 2020-05-07 16:16 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2020-06-23 13:37 - 2020-05-07 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-06-23 10:53 - 2020-05-07 09:34 - 000000000 ___RD C:\Users\Administrator\Desktop\Cia do Doce
2020-06-23 06:25 - 2020-05-06 18:46 - 000000000 ____D C:\Users\Administrator
2020-06-23 06:18 - 2020-05-07 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2020-06-23 06:18 - 2020-05-07 16:31 - 000004284 _____ C:\Users\Administrator\AppData\Local\Temp\ActivityLog.xsl
2020-06-23 06:18 - 2013-08-22 12:20 - 000000000 ____D C:\Windows\CbsTemp
2020-06-23 06:12 - 2020-05-07 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2020-06-23 06:06 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\AppReadiness
2020-06-23 06:01 - 2013-08-22 12:39 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-06-23 05:59 - 2020-05-06 23:41 - 000000434 __RSH C:\ProgramData\ntuser.pol
2020-06-23 05:58 - 2015-04-15 12:47 - 000337896 _____ C:\Windows\system32\FNTCACHE.DAT
2020-06-23 05:57 - 2013-08-22 12:39 - 000000000 ___RD C:\Windows\ToastData
2020-06-23 05:57 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\SystemResources
2020-06-23 05:57 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\System
2020-06-23 05:57 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-06-23 05:57 - 2013-08-22 12:39 - 000000000 ____D C:\Program Files\Common Files\System
2020-06-23 05:44 - 2020-05-08 12:50 - 000000000 ____D C:\Solidcon
2020-06-23 05:43 - 2014-05-17 00:53 - 000000000 ____D C:\Windows\system32\MRT
2020-06-23 05:39 - 2014-05-17 00:53 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-06-23 05:34 - 2020-05-11 10:35 - 000000000 ____D C:\Livre
2020-06-23 05:33 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\Registration
2020-06-23 05:29 - 2020-05-11 10:23 - 001048006 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-06-23 05:24 - 2013-08-22 12:39 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-06-23 05:24 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\ELAM
2020-06-23 05:21 - 2020-03-11 03:46 - 000959248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2020-06-23 05:21 - 2020-03-11 03:46 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2020-06-23 05:21 - 2020-01-15 03:29 - 000580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-06-23 05:21 - 2020-01-15 03:29 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2020-06-23 05:21 - 2016-01-12 22:39 - 001150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2020-06-23 05:21 - 2016-01-12 22:39 - 000735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2020-06-23 05:21 - 2016-01-12 22:39 - 000629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2020-06-23 05:21 - 2016-01-12 22:39 - 000557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2020-06-23 05:21 - 2016-01-12 22:39 - 000468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2020-06-23 05:21 - 2016-01-12 22:39 - 000250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2020-06-23 05:21 - 2016-01-12 22:39 - 000246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2020-06-23 05:21 - 2016-01-12 22:39 - 000116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2020-06-23 05:21 - 2016-01-12 22:39 - 000076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2020-06-23 05:21 - 2014-11-18 20:19 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiashext.dll
2020-06-23 05:21 - 2014-11-18 20:19 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2020-06-23 05:21 - 2014-11-18 20:19 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
2020-06-23 05:21 - 2014-11-18 20:18 - 000821696 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-06-23 05:21 - 2014-11-18 20:18 - 000781824 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2020-06-23 05:21 - 2014-11-18 20:18 - 000705008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2020-06-23 05:21 - 2014-11-18 20:18 - 000589312 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2020-06-23 05:21 - 2014-11-18 20:18 - 000367616 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2020-06-23 05:21 - 2014-11-18 20:18 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2020-06-23 05:21 - 2014-11-18 20:18 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2020-06-23 05:21 - 2014-11-18 20:18 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
2020-06-23 05:21 - 2014-11-18 20:18 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2020-06-23 05:21 - 2014-11-18 20:18 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msidcrl40.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000435712 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000409040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000177152 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2020-06-23 05:21 - 2014-11-18 20:17 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000150776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContent.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000082432 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2020-06-23 05:21 - 2014-11-18 20:17 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000031968 _____ (Microsoft Corporation) C:\Windows\system32\PasswordOnWakeSettingFlyout.exe
2020-06-23 05:21 - 2014-11-18 20:17 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2020-06-23 05:21 - 2014-11-18 20:17 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentHost.dll
2020-06-23 05:21 - 2014-11-18 20:16 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2020-06-23 05:21 - 2014-11-18 20:16 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\AxInstUI.exe
2020-06-23 05:21 - 2014-11-18 20:16 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerClient.dll
2020-06-23 05:21 - 2014-03-18 07:02 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.tlb
2020-06-23 05:21 - 2014-03-18 07:02 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2020-06-23 05:21 - 2014-03-18 07:02 - 000018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amcompat.tlb
2020-06-23 05:21 - 2014-03-18 07:02 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2020-06-23 05:21 - 2013-08-22 07:54 - 000010429 _____ C:\Windows\system32\ScavengeSpace.xml
2020-06-23 05:21 - 2013-08-22 03:52 - 000316640 _____ C:\Windows\WMSysPr9.prx
2020-06-23 05:20 - 2020-04-15 03:27 - 000955640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2020-06-23 05:20 - 2020-04-15 03:27 - 000788096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2020-06-23 05:20 - 2020-01-15 03:29 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-06-23 05:20 - 2020-01-15 03:29 - 000427824 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-06-23 05:20 - 2020-01-15 03:29 - 000367936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-06-23 05:20 - 2020-01-15 03:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2020-06-23 05:20 - 2020-01-15 03:29 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2020-06-23 05:20 - 2019-11-13 03:23 - 015441408 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2020-06-23 05:20 - 2019-11-13 03:23 - 013321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2020-06-23 05:20 - 2019-11-13 03:23 - 000249856 _____ (Gracenote, Inc.) C:\Windows\SysWOW64\gnsdk_fp.dll
2020-06-23 05:20 - 2018-10-14 00:57 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2020-06-23 05:20 - 2018-10-14 00:57 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2020-06-23 05:20 - 2018-08-14 20:37 - 000559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2020-06-23 05:20 - 2018-08-14 20:37 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2020-06-23 05:20 - 2018-06-13 02:43 - 002334624 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-06-23 05:20 - 2018-06-13 02:43 - 002324752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2020-06-23 05:20 - 2018-06-13 02:43 - 000244304 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2020-06-23 05:20 - 2017-10-12 00:20 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2020-06-23 05:20 - 2017-08-09 21:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2020-06-23 05:20 - 2017-08-09 21:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2020-06-23 05:20 - 2017-08-09 21:52 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2020-06-23 05:20 - 2017-08-09 21:52 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2020-06-23 05:20 - 2016-11-10 21:07 - 000497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2020-06-23 05:20 - 2016-10-11 20:32 - 009323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2020-06-23 05:20 - 2016-10-11 20:32 - 009323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2020-06-23 05:20 - 2016-10-11 20:32 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2020-06-23 05:20 - 2016-06-15 14:13 - 000306176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Geolocation.dll
2020-06-23 05:20 - 2016-04-12 18:09 - 002171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2020-06-23 05:20 - 2016-04-12 18:09 - 000273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2020-06-23 05:20 - 2016-01-12 22:39 - 002528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 002447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 001877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2020-06-23 05:20 - 2016-01-12 22:39 - 001411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 001288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2020-06-23 05:20 - 2016-01-12 22:39 - 001210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 001037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2020-06-23 05:20 - 2016-01-12 22:39 - 000743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2020-06-23 05:20 - 2016-01-12 22:39 - 000584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2020-06-23 05:20 - 2016-01-12 22:39 - 000492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2020-06-23 05:20 - 2016-01-12 22:39 - 000099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2020-06-23 05:20 - 2016-01-12 22:39 - 000090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2020-06-23 05:20 - 2015-08-13 13:25 - 000221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2020-06-23 05:20 - 2014-12-09 19:54 - 000962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2020-06-23 05:20 - 2014-12-09 19:54 - 000885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2020-06-23 05:20 - 2014-12-09 19:53 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 003138720 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2020-06-23 05:20 - 2014-11-18 20:19 - 001289216 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 001050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000890128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000881664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000725672 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000515072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000488064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000482360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000467456 _____ (Microsoft Corporation) C:\Windows\system32\wiashext.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000430592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswmdm.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2020-06-23 05:20 - 2014-11-18 20:19 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\wmvdspa.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidx.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2020-06-23 05:20 - 2014-11-18 20:19 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2020-06-23 05:20 - 2014-11-18 20:19 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
2020-06-23 05:20 - 2014-11-18 20:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe
2020-06-23 05:20 - 2014-11-18 20:18 - 002890296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 002334720 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 002213888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 001639424 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 001358336 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 001337344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 001064720 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 001024200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 001015808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000785920 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000778752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2020-06-23 05:20 - 2014-11-18 20:18 - 000740352 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000657408 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\msTextPrediction.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000634768 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000609792 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000589824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000580024 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2020-06-23 05:20 - 2014-11-18 20:18 - 000458752 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000336680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000311448 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000297472 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\srmstormod.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000260800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000239104 _____ (Microsoft Corporation) C:\Windows\system32\windowslivelogin.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2020-06-23 05:20 - 2014-11-18 20:18 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000196096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowslivelogin.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000174592 _____ (Microsoft Corporation) C:\Windows\system32\srmshell.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2020-06-23 05:20 - 2014-11-18 20:18 - 000120832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2020-06-23 05:20 - 2014-11-18 20:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WinRtTracing.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\wiascanprofiles.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000101736 _____ (Microsoft Corporation) C:\Windows\system32\mfAACEnc.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000090368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfAACEnc.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\srmtrace.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe
2020-06-23 05:20 - 2014-11-18 20:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2020-06-23 05:20 - 2014-11-18 20:18 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\ConsentUX.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Renewal.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\msauserext.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll
2020-06-23 05:20 - 2014-11-18 20:18 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\wpnsruprov.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000719360 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000551064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000447256 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000356936 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000279552 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000235008 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2020-06-23 05:20 - 2014-11-18 20:17 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000209920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unregmp2.exe
2020-06-23 05:20 - 2014-11-18 20:17 - 000187488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000186368 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codecp.acm
2020-06-23 05:20 - 2014-11-18 20:17 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2020-06-23 05:20 - 2014-11-18 20:17 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfdvdec.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\SoundRecorder.exe
2020-06-23 05:20 - 2014-11-18 20:17 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\mfdvdec.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinRtTracing.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000069120 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codeca.acm
2020-06-23 05:20 - 2014-11-18 20:17 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\dfdts.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Portable.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmps.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Portable.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmlog.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CameraSettingsUIHost.exe
2020-06-23 05:20 - 2014-11-18 20:17 - 000027360 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsRemoveDevice.exe
2020-06-23 05:20 - 2014-11-18 20:17 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe
2020-06-23 05:20 - 2014-11-18 20:17 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll
2020-06-23 05:20 - 2014-11-18 20:17 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemEventsBrokerClient.dll
2020-06-23 05:20 - 2014-11-18 20:16 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\hwrreg.exe
2020-06-23 05:20 - 2014-11-18 20:16 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2020-06-23 05:20 - 2014-11-18 20:16 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2020-06-23 05:20 - 2014-11-18 20:16 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2020-06-23 05:20 - 2014-11-18 20:16 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\hwrcomp.exe
2020-06-23 05:20 - 2014-11-18 20:16 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2020-06-23 05:20 - 2014-11-18 20:16 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\srm_ps.dll
2020-06-23 05:20 - 2014-11-18 20:16 - 000029408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2020-06-23 05:20 - 2014-11-18 20:16 - 000026816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2020-06-23 05:20 - 2014-11-18 20:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerClient.dll
2020-06-23 05:20 - 2014-11-18 20:16 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\spwinsat.dll
2020-06-23 05:20 - 2014-11-18 20:16 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2020-06-23 05:20 - 2014-11-18 20:16 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LAPRXY.DLL
2020-06-23 05:20 - 2014-11-18 20:16 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2020-06-23 05:20 - 2014-11-18 20:16 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2020-06-23 05:20 - 2014-11-18 20:16 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\getuname.dll
2020-06-23 05:20 - 2014-11-18 20:16 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2020-06-23 05:20 - 2014-11-18 20:16 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2020-06-23 05:20 - 2013-08-22 08:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\wlidres.dll
2020-06-23 05:20 - 2013-08-22 08:38 - 000026976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUpFltr.sys
2020-06-23 05:20 - 2013-08-22 07:52 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\WiaExtensionHost64.dll
2020-06-23 05:20 - 2013-08-22 04:11 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\srmlib.dll
2020-06-23 05:20 - 2013-08-22 03:57 - 000093702 _____ C:\Windows\system32\SubRange.uce
2020-06-23 05:20 - 2013-08-22 03:57 - 000060458 _____ C:\Windows\system32\ideograf.uce
2020-06-23 05:20 - 2013-08-22 03:57 - 000024006 _____ C:\Windows\system32\gb2312.uce
2020-06-23 05:20 - 2013-08-22 03:57 - 000022984 _____ C:\Windows\system32\bopomofo.uce
2020-06-23 05:20 - 2013-08-22 03:57 - 000016740 _____ C:\Windows\system32\ShiftJIS.uce
2020-06-23 05:20 - 2013-08-22 03:57 - 000012876 _____ C:\Windows\system32\korean.uce
2020-06-23 05:20 - 2013-08-22 03:57 - 000008484 _____ C:\Windows\system32\kanji_2.uce
2020-06-23 05:20 - 2013-08-22 03:57 - 000006948 _____ C:\Windows\system32\kanji_1.uce
2020-06-23 05:20 - 2013-08-22 01:17 - 000184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\moricons.dll
2020-06-23 05:20 - 2013-08-21 21:09 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmlib.dll
2020-06-23 05:20 - 2013-08-21 20:53 - 000126912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvideo.dll
2020-06-23 05:20 - 2013-08-21 20:53 - 000109456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifile.dll
2020-06-23 05:20 - 2013-08-21 20:53 - 000073376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi.drv
2020-06-23 05:20 - 2013-08-21 20:53 - 000069584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avicap.dll
2020-06-23 05:20 - 2013-08-21 20:53 - 000028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciwave.drv
2020-06-23 05:20 - 2013-08-21 20:53 - 000025264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.drv
2020-06-23 05:20 - 2013-08-21 20:52 - 000093702 _____ C:\Windows\SysWOW64\SubRange.uce
2020-06-23 05:20 - 2013-08-21 20:52 - 000060458 _____ C:\Windows\SysWOW64\ideograf.uce
2020-06-23 05:20 - 2013-08-21 20:52 - 000024006 _____ C:\Windows\SysWOW64\gb2312.uce
2020-06-23 05:20 - 2013-08-21 20:52 - 000022984 _____ C:\Windows\SysWOW64\bopomofo.uce
2020-06-23 05:20 - 2013-08-21 20:52 - 000016740 _____ C:\Windows\SysWOW64\ShiftJIS.uce
2020-06-23 05:20 - 2013-08-21 20:52 - 000012876 _____ C:\Windows\SysWOW64\korean.uce
2020-06-23 05:20 - 2013-08-21 20:52 - 000008484 _____ C:\Windows\SysWOW64\kanji_2.uce
2020-06-23 05:20 - 2013-08-21 20:52 - 000006948 _____ C:\Windows\SysWOW64\kanji_1.uce
2020-06-23 05:20 - 2013-08-21 20:45 - 000061168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm.dll
2020-06-23 05:19 - 2020-03-11 03:46 - 001165672 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2020-06-23 05:19 - 2020-01-15 03:29 - 000671232 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-06-23 05:19 - 2020-01-15 03:29 - 000322560 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-06-23 05:19 - 2020-01-15 03:29 - 000236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2020-06-23 05:19 - 2020-01-15 03:29 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll
2020-06-23 05:19 - 2020-01-15 03:29 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-06-23 05:19 - 2017-08-09 21:52 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2020-06-23 05:19 - 2016-11-10 21:07 - 000399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2020-06-23 05:19 - 2016-08-13 02:53 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2020-06-23 05:19 - 2016-06-15 14:13 - 000218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll
2020-06-23 05:19 - 2016-04-12 18:10 - 002819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2020-06-23 05:19 - 2016-01-12 22:39 - 002745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2020-06-23 05:19 - 2016-01-12 22:39 - 002450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2020-06-23 05:19 - 2016-01-12 22:39 - 001664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2020-06-23 05:19 - 2016-01-12 22:39 - 001484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2020-06-23 05:19 - 2016-01-12 22:39 - 001115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2020-06-23 05:19 - 2016-01-12 22:39 - 000644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2020-06-23 05:19 - 2016-01-12 22:39 - 000402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2020-06-23 05:19 - 2016-01-12 22:39 - 000248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2020-06-23 05:19 - 2016-01-12 22:39 - 000184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2020-06-23 05:19 - 2016-01-12 22:39 - 000183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2020-06-23 05:19 - 2015-04-15 12:45 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2020-06-23 05:19 - 2014-12-09 19:54 - 001027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2020-06-23 05:19 - 2014-12-09 19:54 - 000801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2020-06-23 05:19 - 2014-12-09 19:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2020-06-23 05:19 - 2014-11-18 20:19 - 002689392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2020-06-23 05:19 - 2014-11-18 20:19 - 001056768 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2020-06-23 05:19 - 2014-11-18 20:19 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\mfh264enc.dll
2020-06-23 05:19 - 2014-11-18 20:19 - 000441344 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2020-06-23 05:19 - 2014-11-18 20:19 - 000253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2020-06-23 05:19 - 2014-11-18 20:19 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\cleanmgr.exe
2020-06-23 05:19 - 2014-11-18 20:19 - 000212480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cleanmgr.exe
2020-06-23 05:19 - 2014-11-18 20:19 - 000196096 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2020-06-23 05:19 - 2014-11-18 20:19 - 000174592 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2020-06-23 05:19 - 2014-11-18 20:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmvdspa.dll
2020-06-23 05:19 - 2014-11-18 20:19 - 000090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2020-06-23 05:19 - 2014-11-18 20:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2020-06-23 05:19 - 2014-11-18 20:18 - 003307112 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 001286048 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000967680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000788480 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2020-06-23 05:19 - 2014-11-18 20:18 - 000481280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\SnippingTool.exe
2020-06-23 05:19 - 2014-11-18 20:18 - 000241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000201216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmstormod.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000200704 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000191488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2020-06-23 05:19 - 2014-11-18 20:18 - 000130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmshell.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiascanprofiles.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmtrace.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000054272 _____ (Twain Working Group) C:\Windows\twain_32.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2020-06-23 05:19 - 2014-11-18 20:18 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\wiatrace.dll
2020-06-23 05:19 - 2014-11-18 20:18 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msidcrl40.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000573952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000405456 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000387872 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000322048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000320256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000225696 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000217432 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000202440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\DFDWiz.exe
2020-06-23 05:19 - 2014-11-18 20:17 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000031496 _____ (Microsoft Corporation) C:\Windows\system32\CameraSettingsUIHost.exe
2020-06-23 05:19 - 2014-11-18 20:17 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll
2020-06-23 05:19 - 2014-11-18 20:17 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeBrokerClient.dll
2020-06-23 05:19 - 2014-11-18 20:16 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm_ps.dll
2020-06-23 05:19 - 2014-11-18 20:16 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiatrace.dll
2020-06-23 05:19 - 2014-11-18 20:16 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2020-06-23 05:19 - 2014-11-18 20:16 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmcodecdspps.dll
2020-06-23 05:19 - 2014-11-18 20:16 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\getuname.dll
2020-06-23 05:19 - 2013-08-22 08:45 - 000184832 _____ (Microsoft Corporation) C:\Windows\system32\moricons.dll
2020-06-23 05:19 - 2013-08-22 07:50 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\wiawow64.exe
2020-06-23 05:19 - 2013-08-22 01:14 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidres.dll
2020-06-23 05:13 - 2020-05-06 23:06 - 000000000 ____D C:\Temp
2020-06-23 05:13 - 2014-05-08 21:52 - 000000000 ____D C:\Windows\Panther
2020-06-21 23:20 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\BBI
2020-06-19 15:13 - 2020-05-07 16:47 - 000000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2020-06-19 15:04 - 2020-05-08 12:30 - 000000000 ____D C:\SQL
2020-06-18 20:14 - 2020-05-07 09:04 - 000002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-02 03:10 - 2014-03-18 06:49 - 002476032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-05-27 02:08 - 2020-05-07 09:04 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-05-27 02:08 - 2020-05-07 09:04 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-06-24 00:59 - 2020-06-24 00:59 - 000709928 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000706620 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI7334.txt
2020-06-24 00:59 - 2020-06-24 00:59 - 000011336 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000012436 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI7334.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000441214 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI765B.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000012758 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI765B.txt
2020-05-06 18:46 - 2020-06-24 01:23 - 000087866 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper.jpg
2020-05-06 18:46 - 2020-06-24 01:23 - 003145782 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper_ec2Config.bmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-06-17 23:43
==================== End of FRST.txt ========================

Addition.txt FRST.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.

I'm nasdaq and will be helping you.

Your logs are clean of malware.

This is being reported in the Addition.txt logs. Please investigate.

ATTENTION: System Restore is disabled (Total:99.66 GB) (Free:34.03 GB) (34%)

===

Which Security program is reporting this trojan.multi.GenAutorunProc.a

It may be caused by a bad file that was deleted and is in a  Quarantine folder.

If in Kaspersky clean the Quarantine folder.

====

Please keep me posted.

 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

  • 4 weeks later...
12 hours ago, nasdaq said:

@VbCrayon

 

I'm listening

nasdaq

Hi,
 


This recently appeared on the same machine (every minute):
image.png.9490a9d3d6de6e28024240f380c49bc2.png



In addition, a warning that I did not capture, of a non-existent and strange executable, as soon as it turns on the machine.


And every time I scan, this appears:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/20/20
Scan Time: 11:27 PM
Log File: cf17b642-e355-11ea-b3bc-00ffb68728ad.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.1003
Update Package Version: 1.0.28801
License: Premium

-System Information-
OS: Windows Server 2012 R2
CPU: x64
File System: NTFS
User: \

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348972
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 2 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 3
Hijack.BitCoinMiner.WMI, \\WIN-JMBU5F8K0NS\ROOT\subscription:__FilterToConsumerBinding.Consumer="\\\\.\\root\\subscription:ActiveScriptEventConsumer.Name=\"*****youmm_consumer\"",Filter="\\\\.\\root\\subscription:__EventFilter.Name=\"*****youmm_filter\"", No Action By User, 15069, 621747, , , , , , 
Hijack.BitCoinMiner.WMI, \\WIN-JMBU5F8K0NS\ROOT\subscription:__EventFilter.Name="*****youmm_filter", No Action By User, 15069, 621747, , , , , , 
Hijack.BitCoinMiner.WMI, \\WIN-JMBU5F8K0NS\ROOT\subscription:ActiveScriptEventConsumer.Name="*****youmm_consumer", No Action By User, 15069, 621747, 1.0.28801, , ame, , , 


(end)

 

Link to post
Share on other sites

Hi,

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs  for my review.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08-2020
Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (22-08-2020 17:46:18)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher
Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Amazon Services LLC -> ) C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
(Amazon.com Services LLC -> Amazon Web Services, Inc.) C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe <2>
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avpsus.exe
(KEY METRIC SOFTWARE, LLC -> ) C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <24>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\Tools\Binn\SQLCMD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2472832658-3903326398-751777190-500\...\Command Processor: (if %ANSICON_VER%==^%ANSICON_VER^% "C:\Windows\ansicon_x64" -p) <==== ATTENTION
HKU\S-1-5-18\Software\Policies\...\system: [DisableCMD] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Notification Packages] rassfm scecli
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ec2WallpaperInfo.url -> URL: file:///C:\Program Files\Amazon\Ec2ConfigService\Ec2WallpaperInfo.exe
BootExecute: autocheck autochk /q /v * 
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F86429-2703-4B26-BA24-E8017B5BFE04} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {2C1C78C2-1640-4750-8DDA-C5D7BA0C1365} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [120636720 2020-08-20] (Microsoft Windows -> Microsoft Corporation)
Task: {4F721357-E298-4B6F-B097-BA248119ADE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {53817E91-709B-4814-BD5B-045D957ACDBF} - System32\Tasks\MicrosoftsWindows => c:\windows\temp\conhos.exe <==== ATTENTION
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [235520 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {7AC3B9A0-F76F-4F71-BAC6-4870A1F68CA8} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [94208 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {ABBA8CD3-E2EE-4635-9DA9-350C6B1ACCE9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CFACEE0F-4A61-4CD3-9182-9F6ED7407217} - System32\Tasks\Ec2ConfigMonitorTask => C:\Program Files\Amazon\Ec2ConfigService\Ec2ConfigMonitor.exe [23216 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{ab71026f-08d7-4d0d-bd7c-968345e74180} <==== ATTENTION (Restriction - IP)
Tcpip\Parameters: [DhcpNameServer] 172.31.0.2
Tcpip\..\Interfaces\{0907A6F7-E08C-477F-A713-5A0BEE9784E4}: [DhcpNameServer] 172.31.0.2

Internet Explorer:
==================
HKU\S-1-5-21-2472832658-3903326398-751777190-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-22]

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"50968028" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\50968028 =>  <==== ATTENTION (Rootkit!/Locked Service)

R2 AmazonSSMAgent; C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe [23410856 2020-01-27] (Amazon Services LLC -> )
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation -> Microsoft Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe [2138744 2020-06-23] (Kaspersky Lab -> AO Kaspersky Lab)
R2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avpsus.exe [3186296 2020-06-23] (Kaspersky Lab -> AO Kaspersky Lab)
S2 AWSLiteAgent; C:\Program Files\Amazon\XenTools\LiteAgent.exe [470680 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 cfn-hup; C:\Program Files\Amazon\cfn-bootstrap\winhup.exe [29696 2018-08-20] () [File not signed]
R2 Ec2Config; C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe [187568 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-19] (Malwarebytes Inc -> Malwarebytes)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218736 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50280 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [193648 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2502768 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 SQL Backup Master; C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe [95640 2020-07-02] (KEY METRIC SOFTWARE, LLC -> )
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137840 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [343152 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [607344 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6645608 2020-07-14] (TeamViewer Germany GmbH -> TeamViewer GmbH)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-09-04] (Microsoft Windows -> Microsoft Corporation)
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AWSNVMe; C:\Windows\System32\drivers\AWSNVMe.sys [154264 2019-09-03] (Amazon Web Services, Inc. -> Amazon)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications)
R0 ec2winutildriver; C:\Windows\System32\drivers\EC2WinUtilDriver.sys [67480 2018-08-27] (Amazon Web Services, Inc. -> Amazon)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex)
R3 ena; C:\Windows\system32\DRIVERS\ena.sys [182424 2019-11-18] (Amazon Web Services, Inc. -> Amazon Web Services, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-08-19] (Malwarebytes Corporation -> Malwarebytes)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [656648 2020-06-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [94464 2020-06-12] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [172816 2020-05-29] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [37496 2020-02-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [258312 2020-06-21] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [563968 2020-06-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1182984 2020-06-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1237256 2020-06-21] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [89856 2020-06-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [79624 2020-04-29] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [147720 2020-06-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [280336 2020-06-01] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216056 2020-08-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197264 2020-08-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-08-22] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [131232 2020-08-22] (Malwarebytes Inc -> Malwarebytes)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [117760 2016-07-09] (Microsoft Windows -> Microsoft Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38088 2020-05-06] (SoftEther Corporation -> SoftEther Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2020-08-12] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S4 RsFx0204; C:\Windows\System32\DRIVERS\RsFx0204.sys [347800 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [52424 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50888 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
S3 vxn; C:\Windows\system32\DRIVERS\vxn64x64.sys [133392 2016-05-09] (Intel Corporation -> Intel Corporation)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 XEN; C:\Windows\System32\Drivers\XEN.sys [105416 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 XENBUS; C:\Windows\System32\DRIVERS\xenbus.sys [202184 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
R0 xenfilt; C:\Windows\System32\DRIVERS\xenfilt.sys [70088 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xeniface; C:\Windows\System32\drivers\xeniface.sys [112792 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xennet; C:\Windows\system32\DRIVERS\xennet.sys [71816 2018-12-03] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 xenvbd; C:\Windows\System32\DRIVERS\xenvbd.sys [130200 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xenvif; C:\Windows\system32\DRIVERS\xenvif.sys [303768 2019-06-27] (Amazon Web Services, Inc. -> Amazon Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-22 17:46 - 2020-08-22 17:46 - 000018773 _____ C:\Users\Administrator\Desktop\FRST.txt
2020-08-22 17:46 - 2020-08-22 17:46 - 000000000 ____D C:\FRST
2020-08-22 17:44 - 2020-08-22 17:45 - 000003712 _____ C:\TDSSKiller.2.8.16.0_22.08.2020_17.44.02_log.txt
2020-08-22 17:41 - 2020-08-22 17:41 - 002297856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2020-08-22 17:38 - 2020-08-22 17:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\3
2020-08-22 17:28 - 2020-08-22 17:28 - 000197264 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-08-22 17:28 - 2020-08-22 17:28 - 000131232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-08-22 17:28 - 2020-08-22 17:28 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-08-20 23:20 - 2020-08-20 23:20 - 001707475 _____ C:\Users\Administrator\AppData\Local\Temp\.unicode_cache_f0a01af2.dat
2020-08-20 07:08 - 2020-08-15 01:51 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2020-08-20 07:08 - 2020-08-15 01:51 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2020-08-20 07:08 - 2020-08-15 01:36 - 000428544 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2020-08-20 07:08 - 2020-08-15 01:16 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2020-08-20 07:08 - 2020-08-15 01:16 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2020-08-20 07:08 - 2020-08-15 01:05 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-08-20 07:08 - 2020-08-15 01:05 - 000401408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2020-08-20 07:08 - 2020-08-15 00:55 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2020-08-20 07:08 - 2020-08-15 00:48 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2020-08-20 07:08 - 2020-08-15 00:42 - 000796160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-08-20 07:08 - 2020-08-15 00:39 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2020-08-20 07:08 - 2020-08-15 00:35 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2020-08-20 07:08 - 2020-08-15 00:28 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-08-20 07:08 - 2020-08-15 00:26 - 000700928 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-08-20 07:08 - 2020-08-15 00:24 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2020-08-20 07:08 - 2020-08-15 00:16 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-08-20 01:05 - 2020-08-20 01:05 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2020-08-20 01:05 - 2020-08-20 01:05 - 000000000 _____ C:\Users\Administrator\Downloads\UNCONFIRMED 903816.CRDOWNLOAD
2020-08-20 01:01 - 2020-08-20 01:02 - 000000000 ____D C:\AdwCleaner
2020-08-20 01:00 - 2020-08-20 01:00 - 008414384 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_8.0.7.exe
2020-08-19 18:57 - 2020-08-19 19:00 - 756803264 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\SQLServer2012SP4-KB4018073-x86-ENU.exe
2020-08-19 18:57 - 2020-08-19 18:57 - 001013825 _____ C:\Users\Administrator\AppData\Local\Temp\tmpB19E.tmp
2020-08-19 18:44 - 2020-08-19 18:46 - 396782240 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\SQLServer2008SP4-KB2979596-x64-ENU.exe
2020-08-19 18:43 - 2020-08-19 18:47 - 1074394304 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\SQLServer2012SP4-KB4018073-x64-ENU.exe
2020-08-19 18:17 - 2020-08-19 18:17 - 000000053 _____ C:\Users\Administrator\AppData\Local\Temp\.ses
2020-08-19 17:54 - 2020-08-19 17:54 - 000216056 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-08-19 17:41 - 2020-08-19 17:41 - 000298120 _____ C:\Windows\Minidump\081920-3968-01.dmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000802870 _____ C:\Users\Administrator\AppData\Local\Temp\Guest.bmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000802870 _____ C:\Users\Administrator\AppData\Local\Temp\ASPNET.bmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000031832 _____ C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2020-08-19 09:11 - 2020-08-19 09:11 - 012235664 _____ (Key Metric Software) C:\Users\Administrator\Downloads\sbm-setup.exe
2020-08-19 08:07 - 2019-04-29 20:21 - 000058368 _____ (Jason Hood) C:\Windows\ANSI64.dll
2020-08-19 08:07 - 2019-04-29 20:21 - 000046592 _____ (Jason Hood) C:\Windows\ANSI32.dll
2020-08-19 08:07 - 2019-04-29 20:21 - 000016384 _____ (Jason Hood) C:\Windows\ansicon_x64.exe
2020-08-19 08:07 - 2019-04-29 20:21 - 000013312 _____ (Jason Hood) C:\Windows\ansicon_x86.exe
2020-08-19 07:53 - 2020-08-19 07:53 - 000349230 _____ C:\Users\Administrator\Documents\virus.txt
2020-08-19 07:38 - 2020-08-19 07:38 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-19 07:38 - 2020-08-19 07:38 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-19 07:38 - 2020-08-19 07:38 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-19 07:24 - 2020-08-19 07:24 - 000001308 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security for Windows.lnk
2020-08-19 07:13 - 2020-08-19 07:13 - 001432149 _____ C:\Windows\SysWOW64\WPD 07-13-025.dmp
2020-08-19 06:19 - 2020-08-19 17:41 - 979293129 _____ C:\Windows\MEMORY.DMP
2020-08-19 06:19 - 2020-08-19 17:41 - 000000000 ____D C:\Windows\Minidump
2020-08-19 06:19 - 2020-08-19 06:19 - 000285736 _____ C:\Windows\Minidump\081920-6109-01.dmp
2020-08-19 05:38 - 2020-08-19 06:27 - 000000079 _____ C:\Windows\system32\s
2020-08-19 05:38 - 2020-08-19 06:27 - 000000077 _____ C:\Windows\system32\ps
2020-08-19 05:38 - 2020-08-19 06:27 - 000000075 _____ C:\Windows\system32\p
2020-08-19 05:38 - 2020-08-19 05:38 - 001451841 _____ C:\Windows\SysWOW64\WPD 05-38-026.dmp
2020-08-19 05:34 - 2020-08-19 05:37 - 000001444 _____ C:\Users\Administrator\Desktop\Restart.lnk
2020-08-14 13:55 - 2020-08-14 13:55 - 000000000 _____ C:\Windows\system32\Tmp5ACD.tmp
2020-08-13 14:33 - 2020-08-12 14:24 - 001748485 _____ C:\Users\Administrator\Documents\Produtos niteroiense2.xls
2020-08-13 13:46 - 2020-08-13 13:46 - 000000000 _____ C:\Windows\system32\Tmp4090.tmp
2020-08-12 16:42 - 2020-08-12 16:42 - 000000000 _____ C:\Windows\system32\Tmp32F4.tmp
2020-08-12 14:02 - 2020-08-19 02:06 - 000000234 _____ C:\Windows\system32\wmi.dat
2020-08-12 14:02 - 2020-08-19 02:06 - 000000234 _____ C:\Windows\system32\n1.dat
2020-08-12 10:39 - 2020-08-05 20:47 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-08-12 10:39 - 2020-08-05 20:19 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2020-08-12 10:39 - 2020-08-05 20:00 - 001098240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-08-12 10:39 - 2020-08-04 01:08 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-08-12 10:39 - 2020-08-04 00:58 - 001483264 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2020-08-12 10:39 - 2020-08-04 00:39 - 001441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-08-12 10:39 - 2020-08-04 00:39 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-08-12 10:39 - 2020-08-04 00:35 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-08-12 10:39 - 2020-08-04 00:32 - 001338368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2020-08-12 10:39 - 2020-08-04 00:15 - 000698880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-08-12 10:39 - 2020-07-23 04:33 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2020-08-12 10:39 - 2020-07-19 07:45 - 000431352 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-08-12 10:39 - 2020-07-19 07:39 - 000376056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-08-12 10:39 - 2020-07-19 07:36 - 000955432 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2020-08-12 10:39 - 2020-07-19 06:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-08-12 10:39 - 2020-07-19 05:41 - 000950784 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-08-12 10:39 - 2020-07-19 05:37 - 001756160 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-08-12 10:39 - 2020-07-19 05:15 - 000453120 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-08-12 10:39 - 2020-07-19 05:10 - 001730048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-08-12 10:39 - 2020-07-18 03:36 - 000317176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-08-12 10:39 - 2020-07-18 03:31 - 000317192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-08-12 10:39 - 2020-07-18 03:24 - 000788104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2020-08-12 10:39 - 2020-07-18 01:27 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-08-12 10:39 - 2020-07-18 00:40 - 000772096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-08-12 10:39 - 2020-07-18 00:38 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-08-12 10:39 - 2020-07-18 00:23 - 000329216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-08-12 10:39 - 2020-07-18 00:17 - 001548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-08-12 10:39 - 2020-07-17 16:19 - 001542672 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-08-12 10:39 - 2020-07-16 03:20 - 002745080 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2020-08-12 10:39 - 2020-07-16 03:18 - 002528696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2020-08-12 10:39 - 2020-07-14 05:11 - 001370688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-08-12 10:39 - 2020-07-14 01:55 - 025756672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-08-12 10:39 - 2020-07-14 01:43 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-08-12 10:39 - 2020-07-14 01:31 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-08-12 10:39 - 2020-07-14 01:19 - 005499392 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-08-12 10:39 - 2020-07-14 01:19 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-08-12 10:39 - 2020-07-14 01:15 - 020291584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-08-12 10:39 - 2020-07-14 01:00 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-08-12 10:39 - 2020-07-14 00:51 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-08-12 10:39 - 2020-07-14 00:51 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-08-12 10:39 - 2020-07-14 00:50 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-08-12 10:39 - 2020-07-14 00:43 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-08-12 10:39 - 2020-07-14 00:42 - 015479296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-08-12 10:39 - 2020-07-14 00:42 - 001384448 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-08-12 10:39 - 2020-07-14 00:30 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-08-12 10:39 - 2020-07-14 00:29 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-08-12 10:39 - 2020-07-14 00:27 - 004111872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-08-12 10:39 - 2020-07-14 00:27 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-08-12 10:39 - 2020-07-14 00:25 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-08-12 10:39 - 2020-07-14 00:25 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-08-12 10:39 - 2020-07-14 00:21 - 013861888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-08-12 10:39 - 2020-07-14 00:18 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-08-12 10:39 - 2020-07-14 00:07 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-08-12 10:39 - 2020-07-14 00:07 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-08-12 10:39 - 2020-07-14 00:03 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-08-12 10:39 - 2020-07-14 00:01 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-08-12 10:39 - 2020-07-13 22:17 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-08-12 10:39 - 2020-07-13 22:17 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2020-08-12 10:39 - 2020-07-13 22:17 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-08-12 10:39 - 2020-07-11 16:33 - 007363320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-08-12 10:39 - 2020-07-11 13:40 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2020-08-12 10:39 - 2020-07-11 13:29 - 000671744 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-08-12 10:39 - 2020-07-11 13:17 - 000254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2020-08-12 10:39 - 2020-07-11 13:08 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2020-08-12 10:39 - 2020-07-11 13:07 - 000252928 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2020-08-12 10:39 - 2020-07-11 12:57 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-08-12 10:39 - 2020-07-11 12:54 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2020-08-12 10:39 - 2020-07-11 12:53 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-08-12 10:39 - 2020-07-11 12:47 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-08-12 10:39 - 2020-07-09 20:33 - 000629504 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2020-08-12 10:39 - 2020-07-09 20:30 - 000464184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2020-08-12 10:39 - 2020-07-04 14:06 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2020-08-12 10:39 - 2020-07-04 13:46 - 003331584 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-08-12 10:39 - 2020-07-04 13:35 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2020-08-12 10:39 - 2020-07-04 13:23 - 003640832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-08-12 10:39 - 2020-07-02 19:26 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2020-08-12 10:39 - 2020-06-30 14:27 - 000955904 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2020-08-12 10:39 - 2020-06-28 06:16 - 001210112 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2020-08-12 10:39 - 2020-06-28 05:30 - 001037584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2020-08-12 09:04 - 2020-08-19 04:21 - 000000079 _____ C:\Windows\system32\wpd1.xml
2020-08-12 09:04 - 2020-08-19 04:21 - 000000079 _____ C:\Windows\system32\wpd.xml
2020-08-12 05:05 - 2020-08-19 06:28 - 000003332 _____ C:\Windows\system32\Tasks\MicrosoftsWindows
2020-08-12 05:02 - 2020-08-19 06:27 - 000000084 _____ C:\Windows\xpwpd.dat
2020-08-12 05:02 - 2020-08-12 05:02 - 000011200 _____ C:\Windows\SysWOW64\wpd.dat
2020-08-12 05:01 - 2020-08-12 05:01 - 000282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll
2020-08-12 05:01 - 2020-08-12 05:01 - 000102136 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\packet.dll
2020-08-12 05:01 - 2020-08-12 05:01 - 000048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npptools.dll
2020-08-12 05:01 - 2020-08-12 05:01 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\npf.sys
2020-08-09 15:13 - 2020-08-14 12:21 - 000000713 _____ C:\Windows\system32\PerfStringse.ini
2020-08-09 15:13 - 2020-08-09 15:13 - 000000000 ____D C:\Program Files\shengda
2020-08-09 15:13 - 2020-08-09 15:13 - 000000000 ____D C:\Program Files\mainsoft
2020-08-09 15:13 - 2020-08-09 15:13 - 000000000 ____D C:\Program Files\kugou2010
2020-08-09 01:39 - 2020-08-12 00:00 - 000015242 _____ C:\Users\Public\process.txt
2020-08-09 01:39 - 2020-08-12 00:00 - 000000936 _____ C:\Users\Public\date.txt
2020-08-09 01:39 - 2020-08-09 01:39 - 000000178 _____ C:\Users\MSSQLSERVER\AppData\Local\Temp\debug.txt
2020-07-28 01:33 - 2020-07-28 01:33 - 000000615 _____ C:\ProgramData\emsda.vbs

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-22 17:38 - 2020-05-06 17:59 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2472832658-3903326398-751777190-500
2020-08-22 17:35 - 2020-05-07 09:34 - 000000000 ___RD C:\Users\Administrator\Desktop\Cia do Doce
2020-08-22 17:32 - 2014-03-18 06:55 - 001038478 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-22 17:32 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2020-08-22 17:28 - 2013-08-22 11:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-22 13:08 - 2020-05-06 23:06 - 000000000 ____D C:\Temp
2020-08-22 05:00 - 2020-05-07 09:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2020-08-21 17:17 - 2020-05-07 09:04 - 000002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-08-21 13:46 - 2020-05-07 09:31 - 000000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2020-08-21 13:46 - 2020-05-07 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-08-21 11:27 - 2020-05-07 16:47 - 000000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2020-08-21 02:30 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\rescache
2020-08-20 23:20 - 2020-05-07 10:13 - 000000000 ____D C:\Program Files\SoftEther VPN Server
2020-08-20 21:17 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-08-20 21:17 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\system32\setup
2020-08-20 21:16 - 2013-08-22 12:20 - 000000000 ____D C:\Windows\CbsTemp
2020-08-20 01:03 - 2014-05-17 00:53 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-08-19 19:16 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\TAPI
2020-08-19 19:02 - 2020-05-07 16:19 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2020-08-19 19:02 - 2020-05-07 16:16 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2020-08-19 18:42 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MSSQLFDLauncher
2020-08-19 18:03 - 2020-05-07 16:48 - 000000000 ____D C:\Users\MSSQLServerOLAPService
2020-08-19 16:59 - 2020-05-07 09:44 - 000000000 ____D C:\Program Files\Tools
2020-08-19 16:37 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\ELAM
2020-08-19 09:12 - 2020-07-09 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQL Backup Master
2020-08-19 08:08 - 2020-07-11 17:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2020-08-19 08:06 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\system32\NDF
2020-08-19 08:04 - 2015-04-15 12:47 - 000337896 _____ C:\Windows\system32\FNTCACHE.DAT
2020-08-19 08:03 - 2013-08-22 12:39 - 000000000 ___RD C:\Windows\ToastData
2020-08-19 07:42 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\System
2020-08-19 07:38 - 2020-06-23 05:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-19 07:23 - 2013-08-22 12:39 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-08-19 06:41 - 2020-05-08 12:30 - 000000000 ____D C:\SQL
2020-08-19 06:29 - 2020-05-06 18:46 - 000000000 ____D C:\Users\Administrator
2020-08-19 06:19 - 2020-05-07 16:48 - 000000000 ____D C:\Users\ReportServer
2020-08-19 06:19 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MsDtsServer110
2020-08-19 06:04 - 2020-06-23 05:12 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-08-18 07:53 - 2020-05-08 12:50 - 000000000 ____D C:\Solidcon
2020-08-11 02:25 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\BBI

==================== Files in the root of some directories ========

2020-07-01 18:39 - 2020-07-01 18:39 - 000000000 ____D () C:\ProgramData\Downs.exe
2020-07-28 01:33 - 2020-07-28 01:33 - 000000615 _____ () C:\ProgramData\emsda.vbs
2020-07-01 18:39 - 2020-07-01 18:39 - 000000000 ____D () C:\ProgramData\expl0rer.exe
2020-06-24 00:59 - 2020-06-24 00:59 - 000709928 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000706620 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI7334.txt
2020-06-24 00:59 - 2020-06-24 00:59 - 000011336 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000012436 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI7334.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000441214 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI765B.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000012758 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI765B.txt
2020-05-06 18:46 - 2020-08-22 17:38 - 000087866 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper.jpg
2020-05-06 18:46 - 2020-08-22 17:38 - 003145782 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper_ec2Config.bmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-19 05:58
==================== End of FRST.txt ========================

Addition.txt

Link to post
Share on other sites


Hi,

Sorry for this delay.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-08-2020
Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (26-08-2020 05:57:02)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher
Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Amazon Services LLC -> ) C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
(Amazon.com Services LLC -> Amazon Web Services, Inc.) C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe
(KEY METRIC SOFTWARE, LLC -> ) C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\Tools\Binn\SQLCMD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-2472832658-3903326398-751777190-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5460280 2020-08-01] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-2472832658-3903326398-751777190-500\...\Command Processor: (if %ANSICON_VER%==^%ANSICON_VER^% "C:\Windows\ansicon_x64" -p) <==== ATTENTION
HKU\S-1-5-18\Software\Policies\...\system: [DisableCMD] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Notification Packages] rassfm scecli
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ec2WallpaperInfo.url -> URL: file:///C:\Program Files\Amazon\Ec2ConfigService\Ec2WallpaperInfo.exe
BootExecute: autocheck autochk /q /v * 
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F86429-2703-4B26-BA24-E8017B5BFE04} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {2C1C78C2-1640-4750-8DDA-C5D7BA0C1365} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [120636720 2020-08-20] (Microsoft Windows -> Microsoft Corporation)
Task: {4F721357-E298-4B6F-B097-BA248119ADE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [235520 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {7AC3B9A0-F76F-4F71-BAC6-4870A1F68CA8} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [94208 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {ABBA8CD3-E2EE-4635-9DA9-350C6B1ACCE9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CFACEE0F-4A61-4CD3-9182-9F6ED7407217} - System32\Tasks\Ec2ConfigMonitorTask => C:\Program Files\Amazon\Ec2ConfigService\Ec2ConfigMonitor.exe [23216 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.31.0.2
Tcpip\..\Interfaces\{0907A6F7-E08C-477F-A713-5A0BEE9784E4}: [DhcpNameServer] 172.31.0.2

Internet Explorer:
==================
HKU\S-1-5-21-2472832658-3903326398-751777190-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-07-31] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-07-31] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-25]
Edge Extension: (IDM Integration Module) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2020-08-24]
Edge HKU\S-1-5-21-2472832658-3903326398-751777190-500\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2020-08-01]

FireFox:
========
FF HKU\S-1-5-21-2472832658-3903326398-751777190-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2020-08-22] [Legacy] [not signed]
FF HKU\S-1-5-21-2472832658-3903326398-751777190-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-08-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-08-01]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AmazonSSMAgent; C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe [23410856 2020-01-27] (Amazon Services LLC -> )
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation -> Microsoft Corporation)
S2 AWSLiteAgent; C:\Program Files\Amazon\XenTools\LiteAgent.exe [470680 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 cfn-hup; C:\Program Files\Amazon\cfn-bootstrap\winhup.exe [29696 2018-08-20] () [File not signed]
R2 Ec2Config; C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe [187568 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218736 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50280 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [193648 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2502768 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 SQL Backup Master; C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe [95640 2020-07-02] (KEY METRIC SOFTWARE, LLC -> )
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137840 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [343152 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [607344 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6645608 2020-07-14] (TeamViewer Germany GmbH -> TeamViewer GmbH)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-09-04] (Microsoft Windows -> Microsoft Corporation)
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AWSNVMe; C:\Windows\System32\drivers\AWSNVMe.sys [154264 2019-09-03] (Amazon Web Services, Inc. -> Amazon)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications)
R0 ec2winutildriver; C:\Windows\System32\drivers\EC2WinUtilDriver.sys [67480 2018-08-27] (Amazon Web Services, Inc. -> Amazon)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex)
R3 ena; C:\Windows\system32\DRIVERS\ena.sys [182424 2019-11-18] (Amazon Web Services, Inc. -> Amazon Web Services, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-08-25] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217088 2020-08-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197280 2020-08-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73880 2020-08-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [131232 2020-08-26] (Malwarebytes Inc -> Malwarebytes)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [117760 2016-07-09] (Microsoft Windows -> Microsoft Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38088 2020-05-06] (SoftEther Corporation -> SoftEther Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2020-08-12] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S4 RsFx0204; C:\Windows\System32\DRIVERS\RsFx0204.sys [347800 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [52424 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50888 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
S3 vxn; C:\Windows\system32\DRIVERS\vxn64x64.sys [133392 2016-05-09] (Intel Corporation -> Intel Corporation)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 XEN; C:\Windows\System32\Drivers\XEN.sys [105416 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 XENBUS; C:\Windows\System32\DRIVERS\xenbus.sys [202184 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
R0 xenfilt; C:\Windows\System32\DRIVERS\xenfilt.sys [70088 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xeniface; C:\Windows\System32\drivers\xeniface.sys [112792 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xennet; C:\Windows\system32\DRIVERS\xennet.sys [71816 2018-12-03] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 xenvbd; C:\Windows\System32\DRIVERS\xenvbd.sys [130200 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xenvif; C:\Windows\system32\DRIVERS\xenvif.sys [303768 2019-06-27] (Amazon Web Services, Inc. -> Amazon Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-26 05:38 - 2020-08-26 05:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2020-08-26 05:00 - 2020-08-26 05:00 - 000217088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-08-26 05:00 - 2020-08-26 05:00 - 000197280 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-08-26 05:00 - 2020-08-26 05:00 - 000131232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-08-26 05:00 - 2020-08-26 05:00 - 000073880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-08-25 15:56 - 2020-08-25 15:54 - 004265984 _____ C:\Users\Administrator\Documents\cliente 01.xls
2020-08-25 11:25 - 2020-08-25 11:25 - 000722432 _____ C:\Users\Administrator\Documents\PRODUTOS DECRETO.xls
2020-08-25 10:04 - 2020-08-25 10:04 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-25 10:01 - 2020-08-25 10:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\B0032CBE56F648DAB8DA7EAA7D04DF91
2020-08-25 09:33 - 2020-08-25 09:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\8F3983E9925F48CC805DBB51645E45B4
2020-08-25 09:29 - 2020-08-25 09:29 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\359DAE04C4F94B7A87A28C81542206CE
2020-08-25 09:24 - 2020-08-25 10:05 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-25 09:24 - 2020-08-25 10:05 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-25 09:24 - 2020-08-25 10:04 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-25 07:32 - 2020-08-26 05:57 - 000018328 _____ C:\Users\Administrator\Desktop\FRST.txt
2020-08-25 07:31 - 2020-08-25 07:31 - 002297856 _____ (Farbar) C:\Users\Administrator\Downloads\Unconfirmed 388218.crdownload
2020-08-25 07:30 - 2020-08-25 07:30 - 002297856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2020-08-24 04:18 - 2020-08-24 04:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\94B892E6AE0445DF8690B016D7842726
2020-08-24 04:09 - 2020-08-24 04:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\nsc1CDA.tmp
2020-08-24 03:42 - 2020-08-25 09:58 - 000000000 ____D C:\KVRT_Data
2020-08-24 03:42 - 2020-08-24 03:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\{F0EEF6F5-E2CF-41CC-9A59-23DA7D5E96FE}
2020-08-24 03:32 - 2020-08-25 10:05 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-24 03:29 - 2020-08-25 09:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-22 18:08 - 2020-08-25 23:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2020-08-22 18:08 - 2020-08-24 06:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2020-08-22 18:08 - 2020-08-22 18:08 - 000016384 _____ C:\Users\Administrator\AppData\Local\Temp\~DF5CCFF4C2D9365100.TMP
2020-08-22 18:08 - 2020-08-22 18:08 - 000000000 ____D C:\Users\Administrator\Downloads\Video
2020-08-22 18:08 - 2020-08-22 18:08 - 000000000 ____D C:\Users\Administrator\Downloads\Compressed
2020-08-22 18:08 - 2020-08-22 18:08 - 000000000 ____D C:\ProgramData\IDM
2020-08-22 18:07 - 2020-08-22 18:08 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2020-08-22 18:07 - 2020-08-22 18:07 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2020-08-22 18:07 - 2020-08-22 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2020-08-22 17:46 - 2020-08-26 05:57 - 000000000 ____D C:\FRST
2020-08-22 17:44 - 2020-08-22 17:45 - 000003712 _____ C:\TDSSKiller.2.8.16.0_22.08.2020_17.44.02_log.txt
2020-08-22 17:38 - 2020-08-23 22:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\3
2020-08-22 12:14 - 2020-08-25 11:55 - 000261632 _____ C:\Users\Administrator\Documents\pcfornec.xls
2020-08-20 23:20 - 2020-08-20 23:20 - 001707475 _____ C:\Users\Administrator\AppData\Local\Temp\.unicode_cache_f0a01af2.dat
2020-08-20 07:08 - 2020-08-15 01:51 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2020-08-20 07:08 - 2020-08-15 01:51 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2020-08-20 07:08 - 2020-08-15 01:36 - 000428544 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2020-08-20 07:08 - 2020-08-15 01:16 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2020-08-20 07:08 - 2020-08-15 01:16 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2020-08-20 07:08 - 2020-08-15 01:05 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-08-20 07:08 - 2020-08-15 01:05 - 000401408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2020-08-20 07:08 - 2020-08-15 00:55 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2020-08-20 07:08 - 2020-08-15 00:48 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2020-08-20 07:08 - 2020-08-15 00:42 - 000796160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-08-20 07:08 - 2020-08-15 00:39 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2020-08-20 07:08 - 2020-08-15 00:35 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2020-08-20 07:08 - 2020-08-15 00:28 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-08-20 07:08 - 2020-08-15 00:26 - 000700928 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-08-20 07:08 - 2020-08-15 00:24 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2020-08-20 07:08 - 2020-08-15 00:16 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-08-20 01:01 - 2020-08-24 03:28 - 000000000 ____D C:\AdwCleaner
2020-08-19 18:57 - 2020-08-19 18:57 - 001013825 _____ C:\Users\Administrator\AppData\Local\Temp\tmpB19E.tmp
2020-08-19 18:17 - 2020-08-19 18:17 - 000000053 _____ C:\Users\Administrator\AppData\Local\Temp\.ses
2020-08-19 16:31 - 2020-08-19 16:31 - 000802870 _____ C:\Users\Administrator\AppData\Local\Temp\Guest.bmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000802870 _____ C:\Users\Administrator\AppData\Local\Temp\ASPNET.bmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000031832 _____ C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2020-08-19 08:07 - 2019-04-29 20:21 - 000058368 _____ (Jason Hood) C:\Windows\ANSI64.dll
2020-08-19 08:07 - 2019-04-29 20:21 - 000046592 _____ (Jason Hood) C:\Windows\ANSI32.dll
2020-08-19 08:07 - 2019-04-29 20:21 - 000016384 _____ (Jason Hood) C:\Windows\ansicon_x64.exe
2020-08-19 08:07 - 2019-04-29 20:21 - 000013312 _____ (Jason Hood) C:\Windows\ansicon_x86.exe
2020-08-19 07:53 - 2020-08-19 07:53 - 000349230 _____ C:\Users\Administrator\Documents\virus.txt
2020-08-19 06:19 - 2020-08-24 06:55 - 000000000 ____D C:\Windows\Minidump
2020-08-19 05:38 - 2020-08-24 03:35 - 000000079 _____ C:\Windows\system32\s
2020-08-19 05:38 - 2020-08-24 03:35 - 000000077 _____ C:\Windows\system32\ps
2020-08-19 05:38 - 2020-08-24 03:35 - 000000075 _____ C:\Windows\system32\p
2020-08-19 05:34 - 2020-08-19 05:37 - 000001444 _____ C:\Users\Administrator\Desktop\VB Restart.lnk
2020-08-14 13:55 - 2020-08-14 13:55 - 000000000 _____ C:\Windows\system32\Tmp5ACD.tmp
2020-08-13 14:33 - 2020-08-12 14:24 - 001748485 _____ C:\Users\Administrator\Documents\Produtos niteroiense2.xls
2020-08-13 13:46 - 2020-08-13 13:46 - 000000000 _____ C:\Windows\system32\Tmp4090.tmp
2020-08-12 16:42 - 2020-08-12 16:42 - 000000000 _____ C:\Windows\system32\Tmp32F4.tmp
2020-08-12 14:02 - 2020-08-19 02:06 - 000000234 _____ C:\Windows\system32\wmi.dat
2020-08-12 14:02 - 2020-08-19 02:06 - 000000234 _____ C:\Windows\system32\n1.dat
2020-08-12 10:39 - 2020-08-05 20:47 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-08-12 10:39 - 2020-08-05 20:19 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2020-08-12 10:39 - 2020-08-05 20:00 - 001098240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-08-12 10:39 - 2020-08-04 01:08 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-08-12 10:39 - 2020-08-04 00:58 - 001483264 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2020-08-12 10:39 - 2020-08-04 00:39 - 001441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-08-12 10:39 - 2020-08-04 00:39 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-08-12 10:39 - 2020-08-04 00:35 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-08-12 10:39 - 2020-08-04 00:32 - 001338368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2020-08-12 10:39 - 2020-08-04 00:15 - 000698880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-08-12 10:39 - 2020-07-23 04:33 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2020-08-12 10:39 - 2020-07-19 07:45 - 000431352 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-08-12 10:39 - 2020-07-19 07:39 - 000376056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-08-12 10:39 - 2020-07-19 07:36 - 000955432 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2020-08-12 10:39 - 2020-07-19 06:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-08-12 10:39 - 2020-07-19 05:41 - 000950784 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-08-12 10:39 - 2020-07-19 05:37 - 001756160 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-08-12 10:39 - 2020-07-19 05:15 - 000453120 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-08-12 10:39 - 2020-07-19 05:10 - 001730048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-08-12 10:39 - 2020-07-18 03:36 - 000317176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-08-12 10:39 - 2020-07-18 03:31 - 000317192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-08-12 10:39 - 2020-07-18 03:24 - 000788104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2020-08-12 10:39 - 2020-07-18 01:27 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-08-12 10:39 - 2020-07-18 00:40 - 000772096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-08-12 10:39 - 2020-07-18 00:38 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-08-12 10:39 - 2020-07-18 00:23 - 000329216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-08-12 10:39 - 2020-07-18 00:17 - 001548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-08-12 10:39 - 2020-07-17 16:19 - 001542672 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-08-12 10:39 - 2020-07-16 03:20 - 002745080 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2020-08-12 10:39 - 2020-07-16 03:18 - 002528696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2020-08-12 10:39 - 2020-07-14 05:11 - 001370688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-08-12 10:39 - 2020-07-14 01:55 - 025756672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-08-12 10:39 - 2020-07-14 01:43 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-08-12 10:39 - 2020-07-14 01:31 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-08-12 10:39 - 2020-07-14 01:19 - 005499392 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-08-12 10:39 - 2020-07-14 01:19 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-08-12 10:39 - 2020-07-14 01:15 - 020291584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-08-12 10:39 - 2020-07-14 01:00 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-08-12 10:39 - 2020-07-14 00:51 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-08-12 10:39 - 2020-07-14 00:51 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-08-12 10:39 - 2020-07-14 00:50 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-08-12 10:39 - 2020-07-14 00:43 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-08-12 10:39 - 2020-07-14 00:42 - 015479296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-08-12 10:39 - 2020-07-14 00:42 - 001384448 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-08-12 10:39 - 2020-07-14 00:30 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-08-12 10:39 - 2020-07-14 00:29 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-08-12 10:39 - 2020-07-14 00:27 - 004111872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-08-12 10:39 - 2020-07-14 00:27 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-08-12 10:39 - 2020-07-14 00:25 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-08-12 10:39 - 2020-07-14 00:25 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-08-12 10:39 - 2020-07-14 00:21 - 013861888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-08-12 10:39 - 2020-07-14 00:18 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-08-12 10:39 - 2020-07-14 00:07 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-08-12 10:39 - 2020-07-14 00:07 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-08-12 10:39 - 2020-07-14 00:03 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-08-12 10:39 - 2020-07-14 00:01 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-08-12 10:39 - 2020-07-13 22:17 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-08-12 10:39 - 2020-07-13 22:17 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2020-08-12 10:39 - 2020-07-13 22:17 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-08-12 10:39 - 2020-07-11 16:33 - 007363320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-08-12 10:39 - 2020-07-11 13:40 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2020-08-12 10:39 - 2020-07-11 13:29 - 000671744 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-08-12 10:39 - 2020-07-11 13:17 - 000254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2020-08-12 10:39 - 2020-07-11 13:08 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2020-08-12 10:39 - 2020-07-11 13:07 - 000252928 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2020-08-12 10:39 - 2020-07-11 12:57 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-08-12 10:39 - 2020-07-11 12:54 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2020-08-12 10:39 - 2020-07-11 12:53 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-08-12 10:39 - 2020-07-11 12:47 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-08-12 10:39 - 2020-07-09 20:33 - 000629504 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2020-08-12 10:39 - 2020-07-09 20:30 - 000464184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2020-08-12 10:39 - 2020-07-04 14:06 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2020-08-12 10:39 - 2020-07-04 13:46 - 003331584 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-08-12 10:39 - 2020-07-04 13:35 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2020-08-12 10:39 - 2020-07-04 13:23 - 003640832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-08-12 10:39 - 2020-07-02 19:26 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2020-08-12 10:39 - 2020-06-30 14:27 - 000955904 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2020-08-12 10:39 - 2020-06-28 06:16 - 001210112 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2020-08-12 10:39 - 2020-06-28 05:30 - 001037584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2020-08-12 09:04 - 2020-08-19 04:21 - 000000079 _____ C:\Windows\system32\wpd1.xml
2020-08-12 09:04 - 2020-08-19 04:21 - 000000079 _____ C:\Windows\system32\wpd.xml
2020-08-12 05:02 - 2020-08-19 06:27 - 000000084 _____ C:\Windows\xpwpd.dat
2020-08-12 05:02 - 2020-08-12 05:02 - 000011200 _____ C:\Windows\SysWOW64\wpd.dat
2020-08-12 05:01 - 2020-08-12 05:01 - 000282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll
2020-08-12 05:01 - 2020-08-12 05:01 - 000102136 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\packet.dll
2020-08-12 05:01 - 2020-08-12 05:01 - 000048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npptools.dll
2020-08-12 05:01 - 2020-08-12 05:01 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\npf.sys
2020-08-09 15:13 - 2020-08-14 12:21 - 000000713 _____ C:\Windows\system32\PerfStringse.ini
2020-08-09 15:13 - 2020-08-09 15:13 - 000000000 ____D C:\Program Files\shengda
2020-08-09 15:13 - 2020-08-09 15:13 - 000000000 ____D C:\Program Files\mainsoft
2020-08-09 01:39 - 2020-08-12 00:00 - 000015242 _____ C:\Users\Public\process.txt
2020-08-09 01:39 - 2020-08-12 00:00 - 000000936 _____ C:\Users\Public\date.txt
2020-08-09 01:39 - 2020-08-09 01:39 - 000000178 _____ C:\Users\MSSQLSERVER\AppData\Local\Temp\debug.txt
2020-08-01 15:06 - 2018-12-20 08:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2020-07-28 01:33 - 2020-07-28 01:33 - 000000615 _____ C:\ProgramData\emsda.vbs

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-26 05:38 - 2020-05-06 17:59 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2472832658-3903326398-751777190-500
2020-08-26 05:04 - 2014-03-18 06:55 - 000969584 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-26 05:04 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2020-08-26 05:00 - 2013-08-22 11:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-25 15:19 - 2020-05-07 16:47 - 000000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2020-08-25 10:06 - 2020-05-07 09:44 - 000000000 ____D C:\Program Files\Tools
2020-08-25 09:54 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\ELAM
2020-08-24 11:06 - 2020-05-06 23:06 - 000000000 ____D C:\Temp
2020-08-24 08:15 - 2020-05-07 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-08-24 06:55 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\LiveKernelReports
2020-08-24 05:27 - 2020-05-07 09:34 - 000000000 ___RD C:\Users\Administrator\Desktop\Cia do Doce
2020-08-24 04:08 - 2020-06-23 05:17 - 090082032 _____ (Malwarebytes) C:\Users\Administrator\AppData\Local\Temp\MBAMInstallerService.exe
2020-08-24 03:25 - 2020-05-07 16:48 - 000000000 ____D C:\Users\ReportServer
2020-08-24 03:25 - 2020-05-07 16:48 - 000000000 ____D C:\Users\MSSQLServerOLAPService
2020-08-24 03:24 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MsDtsServer110
2020-08-24 03:24 - 2013-08-22 12:20 - 000000000 ____D C:\Windows\CbsTemp
2020-08-24 00:16 - 2020-05-07 09:04 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-08-24 00:16 - 2020-05-07 09:04 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-08-23 22:07 - 2020-05-06 18:46 - 000000000 ____D C:\Users\Administrator
2020-08-23 22:04 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MSSQLFDLauncher
2020-08-22 18:21 - 2020-05-07 16:19 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2020-08-22 18:21 - 2020-05-07 16:16 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2020-08-22 05:00 - 2020-05-07 09:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2020-08-21 17:17 - 2020-05-07 09:04 - 000002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-08-21 13:46 - 2020-05-07 09:31 - 000000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2020-08-21 02:30 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\rescache
2020-08-20 23:20 - 2020-05-07 10:13 - 000000000 ____D C:\Program Files\SoftEther VPN Server
2020-08-20 21:17 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-08-20 21:17 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\system32\setup
2020-08-20 01:03 - 2014-05-17 00:53 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-08-19 19:16 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\TAPI
2020-08-19 09:12 - 2020-07-09 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQL Backup Master
2020-08-19 08:08 - 2020-07-11 17:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2020-08-19 08:06 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\system32\NDF
2020-08-19 08:04 - 2015-04-15 12:47 - 000337896 _____ C:\Windows\system32\FNTCACHE.DAT
2020-08-19 08:03 - 2013-08-22 12:39 - 000000000 ___RD C:\Windows\ToastData
2020-08-19 07:42 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\System
2020-08-19 06:41 - 2020-05-08 12:30 - 000000000 ____D C:\SQL
2020-08-19 06:04 - 2020-06-23 05:12 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-08-18 07:53 - 2020-05-08 12:50 - 000000000 ____D C:\Solidcon
2020-08-11 02:25 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\BBI

==================== Files in the root of some directories ========

2020-07-28 01:33 - 2020-07-28 01:33 - 000000615 _____ () C:\ProgramData\emsda.vbs
2020-06-24 00:59 - 2020-06-24 00:59 - 000709928 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000706620 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI7334.txt
2020-06-24 00:59 - 2020-06-24 00:59 - 000011336 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000012436 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI7334.txt
2020-08-25 10:29 - 2020-08-25 11:00 - 000013464 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI7231.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000441214 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI765B.txt
2020-08-25 10:29 - 2020-08-25 11:00 - 000011632 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI7231.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000012758 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI765B.txt
2020-05-06 18:46 - 2020-08-26 05:38 - 000032749 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper.jpg
2020-05-06 18:46 - 2020-08-26 05:38 - 003145782 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper_ec2Config.bmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-26 05:10
==================== End of FRST.txt ========================

Addition.txt

Link to post
Share on other sites

Hi,

We are dealong wth a Hijack.BitCoinMiner infection.

Some bad registry entries are stlll reported.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

The Windows Restore point was not restored with my previous fix.
Let's check it out.

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services
  
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===

Please post the logs and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

Let me know of any remaining issues with this computer.

fixlist.txt

Link to post
Share on other sites


Sorry for the delay to answer. 
Re-infection is quick. Even doing the procedures, the virus attacks again and removes all antivirus (
Including Malwarebytes). 
I basically use KVRT several times to give a little stability so people can work (everyday). 
I'm already setting up another server

I don't know what else to do.

Link to post
Share on other sites

  • 2 weeks later...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2020
Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (14-09-2020 04:16:16)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher
Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Amazon Services LLC -> ) C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
(Amazon.com Services LLC -> Amazon Web Services, Inc.) C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe
(KEY METRIC SOFTWARE, LLC -> ) C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\Tools\Binn\SQLCMD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
IFEO\uihost32.exe: [Debugger] ntsd -d
IFEO\uihost64.exe: [Debugger] ntsd -d
IFEO\vid001.exe: [Debugger] ntsd -d
Lsa: [Notification Packages] rassfm scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-09-14]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ec2WallpaperInfo.url -> URL: file:///C:\Program Files\Amazon\Ec2ConfigService\Ec2WallpaperInfo.exe
BootExecute: autocheck autochk /q /v * 
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F86429-2703-4B26-BA24-E8017B5BFE04} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {2C1C78C2-1640-4750-8DDA-C5D7BA0C1365} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [129170736 2020-09-12] (Microsoft Windows -> Microsoft Corporation)
Task: {4F721357-E298-4B6F-B097-BA248119ADE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [235520 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {7AC3B9A0-F76F-4F71-BAC6-4870A1F68CA8} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [94208 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {ABBA8CD3-E2EE-4635-9DA9-350C6B1ACCE9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BB7EAFFE-9BEA-46C6-AC1B-E15FD4AC7E9D} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
Task: {CFACEE0F-4A61-4CD3-9182-9F6ED7407217} - System32\Tasks\Ec2ConfigMonitorTask => C:\Program Files\Amazon\Ec2ConfigService\Ec2ConfigMonitor.exe [23216 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{f9c6d36c-e4c5-44ef-b613-966411d73b7c} <==== ATTENTION (Restriction - IP)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.31.0.2
Tcpip\..\Interfaces\{0907A6F7-E08C-477F-A713-5A0BEE9784E4}: [DhcpNameServer] 172.31.0.2

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2020-09-14]
Edge HKU\S-1-5-21-2472832658-3903326398-751777190-500\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AmazonSSMAgent; C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe [23410856 2020-01-27] (Amazon Services LLC -> )
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3670480 2020-09-14] (philandro Software GmbH -> philandro Software GmbH)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation -> Microsoft Corporation)
S2 AWSLiteAgent; C:\Program Files\Amazon\XenTools\LiteAgent.exe [470680 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 cfn-hup; C:\Program Files\Amazon\cfn-bootstrap\winhup.exe [29696 2018-08-20] () [File not signed]
R2 Ec2Config; C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe [187568 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-09-14] (Malwarebytes Inc -> Malwarebytes)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218736 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50280 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [193648 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2502768 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [88064 2020-08-10] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [77312 2020-08-10] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 SQL Backup Master; C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe [95640 2020-07-02] (KEY METRIC SOFTWARE, LLC -> )
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137840 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [343152 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [607344 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6645608 2020-07-14] (TeamViewer Germany GmbH -> TeamViewer GmbH)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-09-04] (Microsoft Windows -> Microsoft Corporation)
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe" [X]
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\Windows\System32\DRIVERS\atc.sys [2113184 2020-06-18] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208024 2020-06-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 AWSNVMe; C:\Windows\System32\drivers\AWSNVMe.sys [154264 2019-09-03] (Amazon Web Services, Inc. -> Amazon)
S0 BDElam; C:\Windows\System32\drivers\bdelam.sys [23176 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications)
R0 ec2winutildriver; C:\Windows\System32\drivers\EC2WinUtilDriver.sys [67480 2018-08-27] (Amazon Web Services, Inc. -> Amazon)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex)
R3 ena; C:\Windows\system32\DRIVERS\ena.sys [182424 2019-11-18] (Amazon Web Services, Inc. -> Amazon Web Services, Inc.)
S3 fenrir; C:\Windows\System32\drivers\fenrir.sys [54312 2019-04-05] (Bitdefender SRL -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217608 2020-09-14] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-09-14] (Malwarebytes Inc -> Malwarebytes)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [117760 2016-07-09] (Microsoft Windows -> Microsoft Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38088 2020-05-06] (SoftEther Corporation -> SoftEther Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2020-08-12] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S4 RsFx0204; C:\Windows\System32\DRIVERS\RsFx0204.sys [347800 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [52424 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50888 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
S3 vxn; C:\Windows\system32\DRIVERS\vxn64x64.sys [133392 2016-05-09] (Intel Corporation -> Intel Corporation)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 XEN; C:\Windows\System32\Drivers\XEN.sys [105416 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 XENBUS; C:\Windows\System32\DRIVERS\xenbus.sys [202184 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
R0 xenfilt; C:\Windows\System32\DRIVERS\xenfilt.sys [70088 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xeniface; C:\Windows\System32\drivers\xeniface.sys [112792 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xennet; C:\Windows\system32\DRIVERS\xennet.sys [71816 2018-12-03] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 xenvbd; C:\Windows\System32\DRIVERS\xenvbd.sys [130200 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xenvif; C:\Windows\system32\DRIVERS\xenvif.sys [303768 2019-06-27] (Amazon Web Services, Inc. -> Amazon Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-14 04:16 - 2020-09-14 04:16 - 000017564 _____ C:\Users\Administrator\Desktop\FRST.txt
2020-09-14 04:15 - 2020-09-14 04:16 - 000000000 ____D C:\FRST
2020-09-14 04:15 - 2020-09-14 04:15 - 000000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2020-09-14 04:06 - 2020-09-14 04:06 - 000217608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-09-14 04:06 - 2020-09-14 04:06 - 000026964 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos LiveQuery Install Log 20200914 040612.txt
2020-09-14 04:06 - 2020-09-14 04:06 - 000009948 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos Live Terminal Install Log 20200914 040614.txt
2020-09-14 04:06 - 2020-09-14 04:06 - 000001700 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos Clean Uninstall log 20200914T070605.txt
2020-09-14 04:06 - 2020-03-18 12:23 - 000311584 _____ (Sophos Limited) C:\Users\Administrator\AppData\Local\Temp\deleter.dll
2020-09-14 04:05 - 2020-09-14 04:06 - 000014988 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos HitmanPro Alert uninstall log 20200914T070554.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000019394 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos Management Communications System Install Log 20200914 070523.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000018641 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos File Scanner Install Log 20200914 040525.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000004266 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos ML Engine Uninstall Log  20200914 040539.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000003822 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos Standalone Engine Install Log  20200914 040528.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000001532 _____ C:\Users\Administrator\Desktop\PCHunter64.exe - Shortcut.lnk
2020-09-14 03:53 - 2020-09-14 04:06 - 000000000 ____D C:\Windows\CryptoGuard
2020-09-14 03:53 - 2020-03-23 13:12 - 001240192 _____ (Sophos Limited) C:\Users\Administrator\AppData\Local\Temp\86a305d15214101b1f546ba2dc5547cc2416911bf6d9a025d64fea7e819b054c.tmp
2020-09-14 03:52 - 2020-09-14 04:15 - 002297856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2020-09-14 03:44 - 2020-09-14 03:44 - 001572344 _____ (Sophos Limited) C:\Users\Administrator\Downloads\SophosSetup.exe
2020-09-14 03:35 - 2020-09-14 03:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\.CR.13545
2020-09-14 03:30 - 2020-09-14 03:30 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2020-09-14 03:28 - 2020-09-14 03:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\.CR.11000
2020-09-14 03:21 - 2020-09-14 03:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\.CR.24295
2020-09-14 03:13 - 2020-09-14 03:13 - 000000000 ____D C:\Users\Public\Security Sessions
2020-09-14 03:13 - 2020-09-14 03:13 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2020-09-14 03:11 - 2020-09-14 03:11 - 004434320 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_pt-br_sptl1_51699486-1600062933__featurews.exe
2020-09-14 03:09 - 2020-09-14 03:22 - 244049747 _____ C:\Users\Administrator\Downloads\EEA.EES.v7.1.2045.5-RSLOAD.NET-.zip
2020-09-14 02:57 - 2020-09-14 02:57 - 000057449 _____ C:\Windows\system32\NOTICE_mod
2020-09-14 02:56 - 2020-09-14 03:40 - 000000000 ____D C:\Windows\ELAMBKUP
2020-09-14 02:55 - 2020-09-14 02:55 - 155643904 _____ C:\Users\Administrator\Downloads\efsw_nt64.msi
2020-09-14 02:48 - 2020-09-14 02:48 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-09-14 02:48 - 2020-09-14 02:48 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-09-14 02:48 - 2020-09-14 02:48 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-09-14 02:48 - 2020-09-14 02:48 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-09-14 02:48 - 2020-09-14 02:48 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-09-14 02:40 - 2020-09-14 02:40 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2020-09-14 02:40 - 2020-06-09 13:37 - 000208024 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2020-09-14 02:40 - 2020-04-30 12:37 - 000199752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2020-09-14 02:40 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2020-09-14 02:40 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2020-09-14 02:36 - 2020-09-14 03:36 - 000000000 ____D C:\ProgramData\Avira
2020-09-14 02:36 - 2020-09-14 03:31 - 000000000 ____D C:\Program Files (x86)\Avira
2020-09-14 02:33 - 2020-09-14 02:34 - 204127448 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_antivirus_pt-br.exe
2020-09-14 02:00 - 2020-09-14 02:00 - 000293992 _____ C:\Windows\Minidump\091420-5390-01.dmp
2020-09-14 01:40 - 2020-09-14 01:40 - 000285736 _____ C:\Windows\Minidump\091420-5015-01.dmp
2020-09-14 01:28 - 2020-09-14 01:28 - 000285736 _____ C:\Windows\Minidump\091420-5156-01.dmp
2020-09-14 01:20 - 2020-09-14 02:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-09-14 01:19 - 2020-09-14 02:48 - 000000000 ____D C:\Program Files\Malwarebytes
2020-09-14 01:19 - 2020-09-14 01:19 - 000285736 _____ C:\Windows\Minidump\091420-5484-01.dmp
2020-09-14 01:11 - 2020-09-14 01:11 - 000289832 _____ C:\Windows\Minidump\091420-4593-01.dmp
2020-09-14 00:56 - 2020-09-14 00:56 - 000298088 _____ C:\Windows\Minidump\091420-4781-01.dmp
2020-09-14 00:56 - 2020-09-14 00:56 - 000001258 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2020-09-14 00:56 - 2020-09-14 00:56 - 000001258 _____ C:\ProgramData\Desktop\Panda Cloud Cleaner.lnk
2020-09-14 00:56 - 2020-09-14 00:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2020-09-14 00:56 - 2020-09-14 00:56 - 000000000 ____D C:\Program Files (x86)\Panda Security
2020-09-14 00:56 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2020-09-14 00:56 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2020-09-14 00:50 - 2020-09-14 00:50 - 038186040 _____ (Panda Security ) C:\Users\Administrator\Downloads\PandaCloudCleaner.exe
2020-09-14 00:48 - 2020-09-14 00:48 - 000285736 _____ C:\Windows\Minidump\091420-6656-01.dmp
2020-09-14 00:42 - 2020-09-14 00:42 - 009671584 _____ (NortonLifeLock Inc.) C:\Users\Administrator\Downloads\NPE.exe
2020-09-14 00:42 - 2020-09-14 00:42 - 000000000 ____D C:\ProgramData\Norton
2020-09-14 00:38 - 2020-09-14 00:38 - 000285736 _____ C:\Windows\Minidump\091420-4500-01.dmp
2020-09-14 00:28 - 2020-09-14 00:28 - 000293992 _____ C:\Windows\Minidump\091420-4437-01.dmp
2020-09-14 00:21 - 2020-09-14 00:21 - 003670480 _____ (philandro Software GmbH) C:\Users\Administrator\Downloads\AnyDesk.exe
2020-09-14 00:21 - 2020-09-14 00:21 - 000001860 _____ C:\Users\Public\Desktop\AnyDesk.lnk
2020-09-14 00:21 - 2020-09-14 00:21 - 000001860 _____ C:\ProgramData\Desktop\AnyDesk.lnk
2020-09-14 00:21 - 2020-09-14 00:21 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AnyDesk
2020-09-14 00:21 - 2020-09-14 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2020-09-14 00:21 - 2020-09-14 00:21 - 000000000 ____D C:\ProgramData\AnyDesk
2020-09-14 00:21 - 2020-09-14 00:21 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2020-09-14 00:19 - 2020-09-14 02:00 - 974226345 _____ C:\Windows\MEMORY.DMP
2020-09-14 00:19 - 2020-09-14 00:19 - 000289864 _____ C:\Windows\Minidump\091420-5125-01.dmp
2020-09-14 00:08 - 2020-09-14 02:05 - 000000000 ____D C:\KVRT_Data
2020-09-14 00:07 - 2020-09-14 02:47 - 000000077 _____ C:\Windows\system32\ps
2020-09-14 00:07 - 2020-09-14 02:47 - 000000075 _____ C:\Windows\system32\p
2020-09-13 05:00 - 2020-09-13 05:02 - 000000000 ____D C:\Windows\system32\tmp00007cc7
2020-09-12 18:39 - 2020-09-12 18:39 - 000000000 ____D C:\ProgramData\GenPatch
2020-09-12 18:08 - 2019-04-05 06:27 - 000054312 _____ C:\Windows\system32\Drivers\fenrir.sys
2020-09-12 18:08 - 2019-04-05 06:27 - 000010048 _____ C:\Windows\system32\Drivers\fenrir.cat
2020-09-12 18:06 - 2020-09-12 18:04 - 000009972 _____ C:\Windows\system32\Drivers\gzflt.cat
2020-09-12 17:34 - 2020-06-18 07:29 - 002113184 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2020-09-12 17:34 - 2020-06-18 07:29 - 000009950 _____ C:\Windows\system32\Drivers\atc.cat
2020-09-12 17:34 - 2019-03-20 22:12 - 000023176 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2020-09-12 17:34 - 2019-03-20 19:12 - 000010246 _____ C:\Windows\system32\Drivers\bdelam.cat
2020-09-12 00:00 - 2020-09-12 00:00 - 000000000 ____D C:\Windows\system32\tmp0000715b
2020-09-11 21:34 - 2020-09-11 21:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\bsodhandlersym
2020-09-11 21:34 - 2020-09-11 21:34 - 000000000 ____D C:\ProgramData\dbg
2020-09-11 21:29 - 2020-09-11 21:29 - 000000000 ____D C:\ProgramData\restored_quar
2020-09-11 21:23 - 2020-09-12 17:00 - 003340464 _____ (Malwarebytes Corporation) C:\Users\Administrator\AppData\Local\Temp\mbstcmd.exe
2020-09-11 21:19 - 2020-09-11 21:19 - 000000000 ____D C:\Windows\system32\appmgmt
2020-09-11 21:13 - 2020-09-14 04:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2
2020-09-09 08:02 - 2020-09-11 21:28 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-09-09 08:02 - 2020-09-09 08:02 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-09-09 08:01 - 2020-09-09 08:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2020-09-09 01:25 - 2020-09-02 02:25 - 003641344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-09-09 01:25 - 2020-08-15 04:22 - 001370680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-09-09 01:25 - 2020-08-15 01:14 - 001383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-09-09 01:25 - 2020-08-15 00:59 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-09-09 01:25 - 2020-08-15 00:57 - 001559040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-09-09 01:25 - 2020-08-13 01:17 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-09-09 01:25 - 2020-08-13 01:06 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-09-09 01:25 - 2020-08-13 01:06 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-09-09 01:25 - 2020-08-13 00:50 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-09-09 01:25 - 2020-08-13 00:40 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-09-09 01:25 - 2020-08-13 00:30 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-09-09 01:25 - 2020-08-13 00:29 - 015480320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-09-09 01:25 - 2020-08-13 00:18 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-09-09 01:25 - 2020-08-13 00:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-09-09 01:25 - 2020-08-13 00:11 - 013862400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-09-09 01:25 - 2020-08-13 00:04 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-09-09 01:25 - 2020-08-12 23:57 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-09-09 01:25 - 2020-08-12 23:53 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-09-09 01:25 - 2020-08-11 03:16 - 000376072 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-09-09 01:25 - 2020-08-11 01:33 - 000317176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-09-09 01:25 - 2020-08-10 23:32 - 000329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-09-09 01:24 - 2020-09-02 02:52 - 003332608 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-09-09 01:24 - 2020-08-28 23:41 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-09-09 01:24 - 2020-08-27 02:04 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-09-09 01:24 - 2020-08-20 17:54 - 022382424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-09-09 01:24 - 2020-08-20 17:51 - 019805104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-09-09 01:24 - 2020-08-15 04:18 - 007363328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-09-09 01:24 - 2020-08-15 04:18 - 002012928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2020-09-09 01:24 - 2020-08-15 04:18 - 000373512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-09-09 01:24 - 2020-08-15 02:11 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-09-09 01:24 - 2020-08-15 01:43 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-09-09 01:24 - 2020-08-15 01:39 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-09-09 01:24 - 2020-08-15 01:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-09-09 01:24 - 2020-08-15 01:17 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-09-09 01:24 - 2020-08-15 01:14 - 001442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-09-09 01:24 - 2020-08-15 01:12 - 000364032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2020-09-09 01:24 - 2020-08-15 01:12 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2020-09-09 01:24 - 2020-08-15 01:11 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2020-09-09 01:24 - 2020-08-15 01:11 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2020-09-09 01:24 - 2020-08-15 01:04 - 001757184 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-09-09 01:24 - 2020-08-15 01:02 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-09-09 01:24 - 2020-08-15 00:55 - 000292352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2020-09-09 01:24 - 2020-08-15 00:55 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2020-09-09 01:24 - 2020-08-15 00:55 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2020-09-09 01:24 - 2020-08-15 00:55 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2020-09-09 01:24 - 2020-08-15 00:50 - 001495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-09-09 01:24 - 2020-08-13 02:25 - 001308256 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-09-09 01:24 - 2020-08-13 02:24 - 000355576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2020-09-09 01:24 - 2020-08-13 01:41 - 025756672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-09-09 01:24 - 2020-08-13 01:06 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-09-09 01:24 - 2020-08-13 00:37 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-09-09 01:24 - 2020-08-13 00:26 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2020-09-09 01:24 - 2020-08-13 00:20 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-09-09 01:24 - 2020-08-13 00:16 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-09-09 01:24 - 2020-08-13 00:15 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-09-09 01:24 - 2020-08-13 00:12 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2020-09-09 01:24 - 2020-08-12 23:54 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-09-09 01:24 - 2020-08-12 23:52 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-09-09 01:24 - 2020-08-11 03:19 - 000136824 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-09-09 01:24 - 2020-08-11 03:17 - 000537632 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2020-09-09 01:24 - 2020-08-11 03:16 - 001210112 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2020-09-09 01:24 - 2020-08-11 03:12 - 002173376 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-09-09 01:24 - 2020-08-11 03:12 - 001665104 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2020-09-09 01:24 - 2020-08-11 01:33 - 001037600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2020-09-09 01:24 - 2020-08-11 01:33 - 000450312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2020-09-09 01:24 - 2020-08-11 01:31 - 001561296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-09-09 01:24 - 2020-08-11 01:31 - 001215736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-09-09 01:24 - 2020-08-11 00:30 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-09-09 01:24 - 2020-08-11 00:03 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2020-09-09 01:24 - 2020-08-11 00:03 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-09-09 01:24 - 2020-08-11 00:00 - 003720192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-09-09 01:24 - 2020-08-10 23:57 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2020-09-09 01:24 - 2020-08-10 23:56 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2020-09-09 01:24 - 2020-08-10 23:45 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-09-09 01:24 - 2020-08-10 23:44 - 001099264 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-09-09 01:24 - 2020-08-10 23:44 - 000453632 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-09-09 01:24 - 2020-08-10 23:41 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-09-09 01:24 - 2020-08-10 21:44 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2020-09-09 01:24 - 2020-08-10 06:18 - 000160144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2020-09-09 01:24 - 2020-08-10 03:44 - 000077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsopprov.exe
2020-09-09 01:24 - 2020-08-10 00:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\rsopprov.exe
2020-09-09 01:24 - 2020-08-09 21:04 - 003223552 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2020-09-09 01:24 - 2020-08-09 21:04 - 001998848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000843776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000700416 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-09-09 01:24 - 2020-08-08 10:43 - 001545912 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-09-09 01:24 - 2020-08-06 10:37 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-09-09 01:24 - 2020-08-06 10:35 - 000359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-08-27 08:54 - 2020-08-27 08:54 - 000000547 _____ C:\Windows\SysWOW64\pstor.xml
2020-08-27 08:18 - 2020-08-27 08:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\01061C3299B24C77B04B3932C70EEECF
2020-08-27 08:15 - 2020-08-27 08:15 - 000578662 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI272C.txt
2020-08-27 08:14 - 2020-08-27 08:15 - 000014602 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI272C.txt
2020-08-27 08:14 - 2020-08-27 08:14 - 000012538 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI2715.txt
2020-08-27 08:14 - 2020-08-27 08:14 - 000002796 _____ C:\Users\Administrator\AppData\Local\Temp\VWLC7B1.tmp
2020-08-27 08:13 - 2020-08-27 08:14 - 000167130 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI25DF.txt
2020-08-27 08:13 - 2020-08-27 08:14 - 000014608 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI25DF.txt
2020-08-27 08:13 - 2020-08-27 08:13 - 000579602 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI25A1.txt
2020-08-27 08:12 - 2020-08-27 08:13 - 000014368 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI25A1.txt
2020-08-27 08:12 - 2020-08-27 08:12 - 000178950 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI2559.txt
2020-08-27 08:12 - 2020-08-27 08:12 - 000014592 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI2559.txt
2020-08-27 08:12 - 2020-08-27 08:12 - 000002796 _____ C:\Users\Administrator\AppData\Local\Temp\VWL3EBF.tmp
2020-08-27 07:48 - 2020-09-11 21:23 - 000000000 ___HD C:\kleaner.tmp
2020-08-27 07:44 - 2020-08-27 07:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\AF93E82821A94BC68C88E53E7C32ECF4
2020-08-26 15:32 - 2020-08-26 15:30 - 000033280 _____ C:\Users\Administrator\Documents\Niteroiense ultima (com ean).xls
2020-08-26 13:57 - 2020-08-26 13:57 - 000054272 _____ C:\Users\Administrator\Documents\Nao associado com estoque Atual (COM EAN).xls
2020-08-26 11:03 - 2020-08-26 11:13 - 001787392 _____ C:\Users\Administrator\Documents\NiteroienseAtual.xls
2020-08-25 15:56 - 2020-08-25 15:54 - 004265984 _____ C:\Users\Administrator\Documents\cliente 01.xls
2020-08-25 11:25 - 2020-08-25 11:25 - 000722432 _____ C:\Users\Administrator\Documents\PRODUTOS DECRETO.xls
2020-08-25 10:01 - 2020-08-25 10:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\B0032CBE56F648DAB8DA7EAA7D04DF91
2020-08-25 09:33 - 2020-08-25 09:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\8F3983E9925F48CC805DBB51645E45B4
2020-08-25 09:29 - 2020-08-25 09:29 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\359DAE04C4F94B7A87A28C81542206CE
2020-08-24 04:18 - 2020-08-24 04:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\94B892E6AE0445DF8690B016D7842726
2020-08-24 04:09 - 2020-08-24 04:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\nsc1CDA.tmp
2020-08-24 03:42 - 2020-08-24 03:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\{F0EEF6F5-E2CF-41CC-9A59-23DA7D5E96FE}
2020-08-22 18:08 - 2020-08-22 18:08 - 000016384 _____ C:\Users\Administrator\AppData\Local\Temp\~DF5CCFF4C2D9365100.TMP
2020-08-22 18:08 - 2020-08-22 18:08 - 000000000 ____D C:\Users\Administrator\Downloads\Video
2020-08-22 18:08 - 2020-08-22 18:08 - 000000000 ____D C:\Users\Administrator\Downloads\Compressed
2020-08-22 12:14 - 2020-08-25 11:55 - 000261632 _____ C:\Users\Administrator\Documents\pcfornec.xls
2020-08-20 23:20 - 2020-08-20 23:20 - 001707475 _____ C:\Users\Administrator\AppData\Local\Temp\.unicode_cache_f0a01af2.dat
2020-08-20 07:08 - 2020-08-15 01:51 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2020-08-20 07:08 - 2020-08-15 01:51 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2020-08-20 07:08 - 2020-08-15 01:36 - 000428544 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2020-08-20 07:08 - 2020-08-15 01:16 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2020-08-20 07:08 - 2020-08-15 01:16 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2020-08-20 07:08 - 2020-08-15 01:05 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-08-20 07:08 - 2020-08-15 01:05 - 000401408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2020-08-20 07:08 - 2020-08-15 00:55 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2020-08-20 07:08 - 2020-08-15 00:48 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2020-08-20 07:08 - 2020-08-15 00:42 - 000796160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-08-20 07:08 - 2020-08-15 00:39 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2020-08-20 07:08 - 2020-08-15 00:35 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2020-08-20 07:08 - 2020-08-15 00:28 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-08-20 07:08 - 2020-08-15 00:26 - 000700928 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-08-20 07:08 - 2020-08-15 00:24 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2020-08-20 07:08 - 2020-08-15 00:16 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-08-19 18:57 - 2020-08-19 18:57 - 001013825 _____ C:\Users\Administrator\AppData\Local\Temp\tmpB19E.tmp
2020-08-19 18:17 - 2020-09-14 02:43 - 000000053 _____ C:\Users\Administrator\AppData\Local\Temp\.ses
2020-08-19 16:31 - 2020-08-19 16:31 - 000802870 _____ C:\Users\Administrator\AppData\Local\Temp\Guest.bmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000802870 _____ C:\Users\Administrator\AppData\Local\Temp\ASPNET.bmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000031832 _____ C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2020-08-19 08:07 - 2019-04-29 20:21 - 000058368 _____ (Jason Hood) C:\Windows\ANSI64.dll
2020-08-19 08:07 - 2019-04-29 20:21 - 000046592 _____ (Jason Hood) C:\Windows\ANSI32.dll
2020-08-19 08:07 - 2019-04-29 20:21 - 000016384 _____ (Jason Hood) C:\Windows\ansicon_x64.exe
2020-08-19 07:53 - 2020-08-19 07:53 - 000349230 _____ C:\Users\Administrator\Documents\virus.txt
2020-08-19 06:19 - 2020-09-14 01:40 - 000000000 ____D C:\Windows\Minidump
2020-08-19 05:34 - 2020-08-19 05:37 - 000001444 _____ C:\Users\Administrator\Desktop\VB Restart.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-14 04:12 - 2020-05-06 17:59 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2472832658-3903326398-751777190-500
2020-09-14 04:11 - 2014-03-18 06:55 - 000978742 _____ C:\Windows\system32\PerfStringBackup.INI
2020-09-14 04:11 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2020-09-14 04:06 - 2013-08-22 11:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-14 03:39 - 2015-04-15 12:47 - 000337920 _____ C:\Windows\system32\FNTCACHE.DAT
2020-09-14 03:32 - 2014-05-17 07:36 - 000000000 ____D C:\ProgramData\Package Cache
2020-09-14 03:23 - 2020-05-06 23:06 - 000000000 ____D C:\Temp
2020-09-14 02:52 - 2020-05-07 16:48 - 000000000 ____D C:\Users\MSSQLServerOLAPService
2020-09-14 02:44 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\rescache
2020-09-14 02:35 - 2020-07-11 22:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMart Solution
2020-09-14 02:00 - 2020-05-07 16:48 - 000000000 ____D C:\Users\ReportServer
2020-09-14 02:00 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MSSQLFDLauncher
2020-09-14 02:00 - 2020-05-06 18:46 - 000000000 ____D C:\Users\Administrator
2020-09-14 00:48 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MsDtsServer110
2020-09-13 21:00 - 2020-08-12 09:04 - 000000079 _____ C:\Windows\system32\wpd1.xml
2020-09-13 21:00 - 2020-08-12 09:04 - 000000079 _____ C:\Windows\system32\wpd.xml
2020-09-12 21:24 - 2019-10-09 03:21 - 000000000 ___SD C:\Windows\system32\CompatTel
2020-09-12 21:24 - 2019-10-09 03:21 - 000000000 ____D C:\Windows\system32\Appraiser
2020-09-12 21:24 - 2014-05-17 00:53 - 000000000 ____D C:\Windows\system32\MRT
2020-09-12 21:24 - 2013-08-22 12:39 - 000000000 ___RD C:\Windows\ToastData
2020-09-12 21:24 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-09-12 21:23 - 2020-05-07 09:34 - 000000000 ___RD C:\Users\Administrator\Desktop\Cia do Doce
2020-09-12 21:22 - 2014-05-17 00:53 - 129170736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-09-12 21:22 - 2013-08-22 12:20 - 000000000 ____D C:\Windows\CbsTemp
2020-09-12 21:21 - 2020-05-07 09:44 - 000000000 ____D C:\Program Files\Tools
2020-09-12 17:00 - 2020-06-23 05:17 - 092328304 _____ (Malwarebytes) C:\Users\Administrator\AppData\Local\Temp\MBAMInstallerService.exe
2020-09-12 00:00 - 2020-05-06 23:41 - 000000546 __RSH C:\ProgramData\ntuser.pol
2020-09-11 23:44 - 2020-05-07 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-09-11 21:12 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\BBI
2020-09-11 21:08 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\ELAM
2020-09-11 05:11 - 2020-05-07 09:04 - 000002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-09-09 08:02 - 2020-05-11 10:23 - 000992492 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-09-08 10:34 - 2020-05-07 16:31 - 000000000 ____D C:\Users\Administrator\Documents\Visual Studio 2010
2020-08-28 10:40 - 2020-05-07 16:47 - 000000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2020-08-24 06:55 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\LiveKernelReports
2020-08-24 00:16 - 2020-05-07 09:04 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-08-24 00:16 - 2020-05-07 09:04 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-08-22 18:21 - 2020-05-07 16:19 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2020-08-22 18:21 - 2020-05-07 16:16 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2020-08-22 05:00 - 2020-05-07 09:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2020-08-21 13:46 - 2020-05-07 09:31 - 000000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2020-08-20 23:20 - 2020-05-07 10:13 - 000000000 ____D C:\Program Files\SoftEther VPN Server
2020-08-20 21:17 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-08-20 21:17 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\system32\setup
2020-08-19 19:16 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\TAPI
2020-08-19 09:12 - 2020-07-09 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQL Backup Master
2020-08-19 08:08 - 2020-07-11 17:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2020-08-19 08:06 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\system32\NDF
2020-08-19 07:42 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\System
2020-08-19 06:41 - 2020-05-08 12:30 - 000000000 ____D C:\SQL
2020-08-19 06:27 - 2020-08-12 05:02 - 000000084 _____ C:\Windows\xpwpd.dat
2020-08-19 06:04 - 2020-06-23 05:12 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-08-19 02:06 - 2020-08-12 14:02 - 000000234 _____ C:\Windows\system32\wmi.dat
2020-08-19 02:06 - 2020-08-12 14:02 - 000000234 _____ C:\Windows\system32\n1.dat
2020-08-18 07:53 - 2020-05-08 12:50 - 000000000 ____D C:\Solidcon

==================== Files in the root of some directories ========

2020-07-28 01:33 - 2020-07-28 01:33 - 000000615 _____ () C:\ProgramData\emsda.vbs
2020-06-24 00:59 - 2020-06-24 00:59 - 000709928 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000706620 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI7334.txt
2020-06-24 00:59 - 2020-06-24 00:59 - 000011336 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000012436 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI7334.txt
2020-08-27 07:53 - 2020-08-27 08:01 - 000013556 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI1669.txt
2020-08-27 08:11 - 2020-08-27 08:11 - 000013860 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI247B.txt
2020-08-25 10:29 - 2020-08-25 11:00 - 000013464 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI7231.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000441214 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI765B.txt
2020-08-27 07:53 - 2020-08-27 08:01 - 000011728 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI1669.txt
2020-08-27 08:11 - 2020-08-27 08:11 - 000011680 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI247B.txt
2020-08-25 10:29 - 2020-08-25 11:00 - 000011632 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI7231.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000012758 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI765B.txt
2020-05-06 18:46 - 2020-09-14 04:12 - 000087866 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper.jpg
2020-05-06 18:46 - 2020-09-14 04:12 - 003145782 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper_ec2Config.bmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-06 05:10
==================== End of FRST.txt ========================

Addition.txt

Link to post
Share on other sites


Hi,

There are more issues this time.
Run this fix.

Run the Farbar program and post fresh logs.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

Let me know what problems you are having with this computer.

fixlist.txt

Link to post
Share on other sites


I did your fix (follow fixlog.txt),

But then I tried too, Eset File Security for Windows Server and at each restart of the PC, it gives this message:

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
15-09-20 12:43:06 AM;Real-time file system protection;file;C:\Windows\TEMP\Tmp666B.tmp;a variant of MSIL/CoinMiner.BFE trojan;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred on a file modified by the application: C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (3FDA32D19C8A28483F662C7400B8B347B408D500).;3818A0E5EDAAC3B13FC9350E5AB5C16D764D561D;14-09-20 4:45:56 AM


I ran Malwarebytes again and the "*****" warning continues. I ran FARBAR again, and here are the logs:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2020
Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (15-09-2020 00:46:39)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher
Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Amazon Services LLC -> ) C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
(Amazon.com Services LLC -> Amazon Web Services, Inc.) C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(KEY METRIC SOFTWARE, LLC -> ) C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\Tools\Binn\SQLCMD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [180464 2020-03-26] (ESET, spol. s r.o. -> ESET)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2020-04-15] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Notification Packages] rassfm scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-09-14]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ec2WallpaperInfo.url -> URL: file:///C:\Program Files\Amazon\Ec2ConfigService\Ec2WallpaperInfo.exe
BootExecute: autocheck autochk /q /v * 
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F86429-2703-4B26-BA24-E8017B5BFE04} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {2C1C78C2-1640-4750-8DDA-C5D7BA0C1365} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [129170736 2020-09-12] (Microsoft Windows -> Microsoft Corporation)
Task: {4F721357-E298-4B6F-B097-BA248119ADE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [235520 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {7AC3B9A0-F76F-4F71-BAC6-4870A1F68CA8} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [94208 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {ABBA8CD3-E2EE-4635-9DA9-350C6B1ACCE9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BB7EAFFE-9BEA-46C6-AC1B-E15FD4AC7E9D} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
Task: {CFACEE0F-4A61-4CD3-9182-9F6ED7407217} - System32\Tasks\Ec2ConfigMonitorTask => C:\Program Files\Amazon\Ec2ConfigService\Ec2ConfigMonitor.exe [23216 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.31.0.2
Tcpip\..\Interfaces\{0907A6F7-E08C-477F-A713-5A0BEE9784E4}: [DhcpNameServer] 172.31.0.2

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2020-09-15]

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AmazonSSMAgent; C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe [23410856 2020-01-27] (Amazon Services LLC -> )
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3670480 2020-09-14] (philandro Software GmbH -> philandro Software GmbH)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation -> Microsoft Corporation)
S2 AWSLiteAgent; C:\Program Files\Amazon\XenTools\LiteAgent.exe [470680 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 cfn-hup; C:\Program Files\Amazon\cfn-bootstrap\winhup.exe [29696 2018-08-20] () [File not signed]
R2 Ec2Config; C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe [187568 2020-04-06] (Amazon.com Services LLC -> Amazon Web Services, Inc.)
S3 EHttpSrv; C:\Program Files\ESET\ESET Security\ehttpsrv.exe [56928 2020-03-26] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2422600 2020-03-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2422600 2020-03-26] (ESET, spol. s r.o. -> ESET)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-09-14] (Malwarebytes Inc -> Malwarebytes)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218736 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50280 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [193648 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2502768 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [88064 2020-08-10] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [77312 2020-08-10] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 SQL Backup Master; C:\Program Files (x86)\Key Metric Software\SQL Backup Master\SQLBackupMaster.Service.exe [95640 2020-07-02] (KEY METRIC SOFTWARE, LLC -> )
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137840 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [343152 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [607344 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6645608 2020-07-14] (TeamViewer Germany GmbH -> TeamViewer GmbH)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-09-04] (Microsoft Windows -> Microsoft Corporation)
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe" [X]
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\Windows\System32\DRIVERS\atc.sys [2113184 2020-06-18] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208024 2020-06-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 AWSNVMe; C:\Windows\System32\drivers\AWSNVMe.sys [154264 2019-09-03] (Amazon Web Services, Inc. -> Amazon)
S0 BDElam; C:\Windows\System32\drivers\bdelam.sys [23176 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [148648 2020-03-26] (ESET, spol. s r.o. -> ESET)
R0 ec2winutildriver; C:\Windows\System32\drivers\EC2WinUtilDriver.sys [67480 2018-08-27] (Amazon Web Services, Inc. -> Amazon)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [104592 2020-03-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2020-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [192888 2020-03-26] (ESET, spol. s r.o. -> ESET)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex)
R3 ena; C:\Windows\system32\DRIVERS\ena.sys [182424 2019-11-18] (Amazon Web Services, Inc. -> Amazon Web Services, Inc.)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [84776 2020-03-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [115976 2020-03-26] (ESET, spol. s r.o. -> ESET)
S3 fenrir; C:\Windows\System32\drivers\fenrir.sys [54312 2019-04-05] (Bitdefender SRL -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217608 2020-09-15] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-09-14] (Malwarebytes Inc -> Malwarebytes)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [117760 2016-07-09] (Microsoft Windows -> Microsoft Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38088 2020-05-06] (SoftEther Corporation -> SoftEther Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2020-08-12] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S4 RsFx0204; C:\Windows\System32\DRIVERS\RsFx0204.sys [347800 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [52424 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50888 2020-05-07] (SoftEther Corporation -> SoftEther Corporation)
S3 vxn; C:\Windows\system32\DRIVERS\vxn64x64.sys [133392 2016-05-09] (Intel Corporation -> Intel Corporation)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
U5 XEN; C:\Windows\System32\Drivers\XEN.sys [105416 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 XENBUS; C:\Windows\System32\DRIVERS\xenbus.sys [202184 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
R0 xenfilt; C:\Windows\System32\DRIVERS\xenfilt.sys [70088 2019-04-28] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xeniface; C:\Windows\System32\drivers\xeniface.sys [112792 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xennet; C:\Windows\system32\DRIVERS\xennet.sys [71816 2018-12-03] (Amazon Web Services, Inc. -> Amazon Inc.)
S0 xenvbd; C:\Windows\System32\DRIVERS\xenvbd.sys [130200 2020-01-22] (Amazon Web Services, Inc. -> Amazon Inc.)
S3 xenvif; C:\Windows\system32\DRIVERS\xenvif.sys [303768 2019-06-27] (Amazon Web Services, Inc. -> Amazon Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-15 00:43 - 2020-09-15 00:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2
2020-09-15 00:42 - 2020-09-15 00:42 - 000008190 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2020-09-15 00:20 - 2020-09-15 00:20 - 000217608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-09-14 04:21 - 2020-09-14 04:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-09-14 04:21 - 2020-09-14 04:21 - 000000000 ____D C:\ProgramData\ESET
2020-09-14 04:21 - 2020-09-14 04:21 - 000000000 ____D C:\Program Files\ESET
2020-09-14 04:16 - 2020-09-15 00:46 - 000018143 _____ C:\Users\Administrator\Desktop\FRST.txt
2020-09-14 04:16 - 2020-09-14 04:16 - 000036098 _____ C:\Users\Administrator\Desktop\Addition.txt
2020-09-14 04:15 - 2020-09-15 00:46 - 000000000 ____D C:\FRST
2020-09-14 04:06 - 2020-09-14 04:06 - 000026964 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos LiveQuery Install Log 20200914 040612.txt
2020-09-14 04:06 - 2020-09-14 04:06 - 000009948 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos Live Terminal Install Log 20200914 040614.txt
2020-09-14 04:06 - 2020-09-14 04:06 - 000001700 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos Clean Uninstall log 20200914T070605.txt
2020-09-14 04:06 - 2020-03-18 12:23 - 000311584 _____ (Sophos Limited) C:\Users\Administrator\AppData\Local\Temp\deleter.dll
2020-09-14 04:05 - 2020-09-14 04:06 - 000014988 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos HitmanPro Alert uninstall log 20200914T070554.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000019394 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos Management Communications System Install Log 20200914 070523.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000018641 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos File Scanner Install Log 20200914 040525.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000004266 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos ML Engine Uninstall Log  20200914 040539.txt
2020-09-14 04:05 - 2020-09-14 04:05 - 000003822 _____ C:\Users\Administrator\AppData\Local\Temp\Sophos Standalone Engine Install Log  20200914 040528.txt
2020-09-14 03:53 - 2020-09-14 04:06 - 000000000 ____D C:\Windows\CryptoGuard
2020-09-14 03:53 - 2020-03-23 13:12 - 001240192 _____ (Sophos Limited) C:\Users\Administrator\AppData\Local\Temp\86a305d15214101b1f546ba2dc5547cc2416911bf6d9a025d64fea7e819b054c.tmp
2020-09-14 03:52 - 2020-09-14 04:15 - 002297856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2020-09-14 03:35 - 2020-09-14 03:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\.CR.13545
2020-09-14 03:30 - 2020-09-14 03:30 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2020-09-14 03:28 - 2020-09-14 03:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\.CR.11000
2020-09-14 03:21 - 2020-09-14 03:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\.CR.24295
2020-09-14 03:13 - 2020-09-14 03:13 - 000000000 ____D C:\Users\Public\Security Sessions
2020-09-14 03:13 - 2020-09-14 03:13 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2020-09-14 02:57 - 2020-09-14 02:57 - 000057449 _____ C:\Windows\system32\NOTICE_mod
2020-09-14 02:56 - 2020-09-14 04:21 - 000000000 ____D C:\Windows\ELAMBKUP
2020-09-14 02:48 - 2020-09-14 02:48 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-09-14 02:48 - 2020-09-14 02:48 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-09-14 02:48 - 2020-09-14 02:48 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-09-14 02:40 - 2020-09-14 02:40 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2020-09-14 02:40 - 2020-06-09 13:37 - 000208024 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2020-09-14 02:40 - 2020-04-30 12:37 - 000199752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2020-09-14 02:40 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2020-09-14 02:40 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2020-09-14 02:36 - 2020-09-14 03:36 - 000000000 ____D C:\ProgramData\Avira
2020-09-14 02:36 - 2020-09-14 03:31 - 000000000 ____D C:\Program Files (x86)\Avira
2020-09-14 01:20 - 2020-09-14 02:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-09-14 01:19 - 2020-09-14 02:48 - 000000000 ____D C:\Program Files\Malwarebytes
2020-09-14 00:56 - 2020-09-14 00:56 - 000000000 ____D C:\Program Files (x86)\Panda Security
2020-09-14 00:56 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2020-09-14 00:56 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2020-09-14 00:42 - 2020-09-14 00:42 - 000000000 ____D C:\ProgramData\Norton
2020-09-14 00:21 - 2020-09-14 00:21 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AnyDesk
2020-09-14 00:21 - 2020-09-14 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2020-09-14 00:21 - 2020-09-14 00:21 - 000000000 ____D C:\ProgramData\AnyDesk
2020-09-14 00:21 - 2020-09-14 00:21 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2020-09-14 00:08 - 2020-09-14 02:05 - 000000000 ____D C:\KVRT_Data
2020-09-14 00:07 - 2020-09-14 02:47 - 000000077 _____ C:\Windows\system32\ps
2020-09-14 00:07 - 2020-09-14 02:47 - 000000075 _____ C:\Windows\system32\p
2020-09-13 05:00 - 2020-09-13 05:02 - 000000000 ____D C:\Windows\system32\tmp00007cc7
2020-09-12 18:39 - 2020-09-12 18:39 - 000000000 ____D C:\ProgramData\GenPatch
2020-09-12 18:08 - 2019-04-05 06:27 - 000054312 _____ C:\Windows\system32\Drivers\fenrir.sys
2020-09-12 18:08 - 2019-04-05 06:27 - 000010048 _____ C:\Windows\system32\Drivers\fenrir.cat
2020-09-12 18:06 - 2020-09-12 18:04 - 000009972 _____ C:\Windows\system32\Drivers\gzflt.cat
2020-09-12 17:34 - 2020-06-18 07:29 - 002113184 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2020-09-12 17:34 - 2020-06-18 07:29 - 000009950 _____ C:\Windows\system32\Drivers\atc.cat
2020-09-12 17:34 - 2019-03-20 22:12 - 000023176 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2020-09-12 17:34 - 2019-03-20 19:12 - 000010246 _____ C:\Windows\system32\Drivers\bdelam.cat
2020-09-12 00:00 - 2020-09-12 00:00 - 000000000 ____D C:\Windows\system32\tmp0000715b
2020-09-11 21:34 - 2020-09-11 21:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\bsodhandlersym
2020-09-11 21:34 - 2020-09-11 21:34 - 000000000 ____D C:\ProgramData\dbg
2020-09-11 21:29 - 2020-09-11 21:29 - 000000000 ____D C:\ProgramData\restored_quar
2020-09-11 21:23 - 2020-09-12 17:00 - 003340464 _____ (Malwarebytes Corporation) C:\Users\Administrator\AppData\Local\Temp\mbstcmd.exe
2020-09-11 21:19 - 2020-09-11 21:19 - 000000000 ____D C:\Windows\system32\appmgmt
2020-09-09 08:02 - 2020-09-11 21:28 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-09-09 08:02 - 2020-09-09 08:02 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-09-09 08:01 - 2020-09-09 08:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2020-09-09 01:25 - 2020-09-02 02:25 - 003641344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-09-09 01:25 - 2020-08-15 04:22 - 001370680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-09-09 01:25 - 2020-08-15 01:14 - 001383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-09-09 01:25 - 2020-08-15 00:59 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-09-09 01:25 - 2020-08-15 00:57 - 001559040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-09-09 01:25 - 2020-08-13 01:17 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-09-09 01:25 - 2020-08-13 01:06 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-09-09 01:25 - 2020-08-13 01:06 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-09-09 01:25 - 2020-08-13 00:50 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-09-09 01:25 - 2020-08-13 00:40 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-09-09 01:25 - 2020-08-13 00:30 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-09-09 01:25 - 2020-08-13 00:29 - 015480320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-09-09 01:25 - 2020-08-13 00:18 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-09-09 01:25 - 2020-08-13 00:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-09-09 01:25 - 2020-08-13 00:11 - 013862400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-09-09 01:25 - 2020-08-13 00:04 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-09-09 01:25 - 2020-08-12 23:57 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-09-09 01:25 - 2020-08-12 23:53 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-09-09 01:25 - 2020-08-11 03:16 - 000376072 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-09-09 01:25 - 2020-08-11 01:33 - 000317176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-09-09 01:25 - 2020-08-10 23:32 - 000329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-09-09 01:24 - 2020-09-02 02:52 - 003332608 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-09-09 01:24 - 2020-08-28 23:41 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-09-09 01:24 - 2020-08-27 02:04 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-09-09 01:24 - 2020-08-20 17:54 - 022382424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-09-09 01:24 - 2020-08-20 17:51 - 019805104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-09-09 01:24 - 2020-08-15 04:18 - 007363328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-09-09 01:24 - 2020-08-15 04:18 - 002012928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2020-09-09 01:24 - 2020-08-15 04:18 - 000373512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-09-09 01:24 - 2020-08-15 02:11 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-09-09 01:24 - 2020-08-15 01:43 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-09-09 01:24 - 2020-08-15 01:39 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-09-09 01:24 - 2020-08-15 01:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-09-09 01:24 - 2020-08-15 01:17 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-09-09 01:24 - 2020-08-15 01:14 - 001442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-09-09 01:24 - 2020-08-15 01:12 - 000364032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2020-09-09 01:24 - 2020-08-15 01:12 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2020-09-09 01:24 - 2020-08-15 01:11 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2020-09-09 01:24 - 2020-08-15 01:11 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2020-09-09 01:24 - 2020-08-15 01:04 - 001757184 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-09-09 01:24 - 2020-08-15 01:02 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-09-09 01:24 - 2020-08-15 00:55 - 000292352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2020-09-09 01:24 - 2020-08-15 00:55 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2020-09-09 01:24 - 2020-08-15 00:55 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2020-09-09 01:24 - 2020-08-15 00:55 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2020-09-09 01:24 - 2020-08-15 00:50 - 001495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-09-09 01:24 - 2020-08-13 02:25 - 001308256 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-09-09 01:24 - 2020-08-13 02:24 - 000355576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2020-09-09 01:24 - 2020-08-13 01:41 - 025756672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-09-09 01:24 - 2020-08-13 01:06 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-09-09 01:24 - 2020-08-13 00:37 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-09-09 01:24 - 2020-08-13 00:26 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2020-09-09 01:24 - 2020-08-13 00:20 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-09-09 01:24 - 2020-08-13 00:16 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-09-09 01:24 - 2020-08-13 00:15 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-09-09 01:24 - 2020-08-13 00:12 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2020-09-09 01:24 - 2020-08-12 23:54 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-09-09 01:24 - 2020-08-12 23:52 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-09-09 01:24 - 2020-08-11 03:19 - 000136824 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-09-09 01:24 - 2020-08-11 03:17 - 000537632 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2020-09-09 01:24 - 2020-08-11 03:16 - 001210112 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2020-09-09 01:24 - 2020-08-11 03:12 - 002173376 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-09-09 01:24 - 2020-08-11 03:12 - 001665104 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2020-09-09 01:24 - 2020-08-11 01:33 - 001037600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2020-09-09 01:24 - 2020-08-11 01:33 - 000450312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2020-09-09 01:24 - 2020-08-11 01:31 - 001561296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-09-09 01:24 - 2020-08-11 01:31 - 001215736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-09-09 01:24 - 2020-08-11 00:30 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-09-09 01:24 - 2020-08-11 00:03 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2020-09-09 01:24 - 2020-08-11 00:03 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-09-09 01:24 - 2020-08-11 00:00 - 003720192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-09-09 01:24 - 2020-08-10 23:57 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2020-09-09 01:24 - 2020-08-10 23:56 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2020-09-09 01:24 - 2020-08-10 23:45 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-09-09 01:24 - 2020-08-10 23:44 - 001099264 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-09-09 01:24 - 2020-08-10 23:44 - 000453632 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-09-09 01:24 - 2020-08-10 23:41 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-09-09 01:24 - 2020-08-10 21:44 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2020-09-09 01:24 - 2020-08-10 06:18 - 000160144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2020-09-09 01:24 - 2020-08-10 03:44 - 000077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsopprov.exe
2020-09-09 01:24 - 2020-08-10 00:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\rsopprov.exe
2020-09-09 01:24 - 2020-08-09 21:04 - 003223552 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2020-09-09 01:24 - 2020-08-09 21:04 - 001998848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000843776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000700416 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2020-09-09 01:24 - 2020-08-09 21:04 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-09-09 01:24 - 2020-08-08 10:43 - 001545912 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-09-09 01:24 - 2020-08-06 10:37 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-09-09 01:24 - 2020-08-06 10:35 - 000359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-08-27 08:54 - 2020-08-27 08:54 - 000000547 _____ C:\Windows\SysWOW64\pstor.xml
2020-08-27 08:18 - 2020-08-27 08:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\01061C3299B24C77B04B3932C70EEECF
2020-08-27 08:15 - 2020-08-27 08:15 - 000578662 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI272C.txt
2020-08-27 08:14 - 2020-08-27 08:15 - 000014602 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI272C.txt
2020-08-27 08:14 - 2020-08-27 08:14 - 000012538 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI2715.txt
2020-08-27 08:14 - 2020-08-27 08:14 - 000002796 _____ C:\Users\Administrator\AppData\Local\Temp\VWLC7B1.tmp
2020-08-27 08:13 - 2020-08-27 08:14 - 000167130 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI25DF.txt
2020-08-27 08:13 - 2020-08-27 08:14 - 000014608 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI25DF.txt
2020-08-27 08:13 - 2020-08-27 08:13 - 000579602 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI25A1.txt
2020-08-27 08:12 - 2020-08-27 08:13 - 000014368 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI25A1.txt
2020-08-27 08:12 - 2020-08-27 08:12 - 000178950 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI2559.txt
2020-08-27 08:12 - 2020-08-27 08:12 - 000014592 _____ C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI2559.txt
2020-08-27 08:12 - 2020-08-27 08:12 - 000002796 _____ C:\Users\Administrator\AppData\Local\Temp\VWL3EBF.tmp
2020-08-27 07:48 - 2020-09-11 21:23 - 000000000 ___HD C:\kleaner.tmp
2020-08-27 07:44 - 2020-08-27 07:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\AF93E82821A94BC68C88E53E7C32ECF4
2020-08-26 15:32 - 2020-08-26 15:30 - 000033280 _____ C:\Users\Administrator\Documents\Niteroiense ultima (com ean).xls
2020-08-26 13:57 - 2020-08-26 13:57 - 000054272 _____ C:\Users\Administrator\Documents\Nao associado com estoque Atual (COM EAN).xls
2020-08-26 11:03 - 2020-08-26 11:13 - 001787392 _____ C:\Users\Administrator\Documents\NiteroienseAtual.xls
2020-08-25 15:56 - 2020-08-25 15:54 - 004265984 _____ C:\Users\Administrator\Documents\cliente 01.xls
2020-08-25 11:25 - 2020-08-25 11:25 - 000722432 _____ C:\Users\Administrator\Documents\PRODUTOS DECRETO.xls
2020-08-25 10:01 - 2020-08-25 10:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\B0032CBE56F648DAB8DA7EAA7D04DF91
2020-08-25 09:33 - 2020-08-25 09:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\8F3983E9925F48CC805DBB51645E45B4
2020-08-25 09:29 - 2020-08-25 09:29 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\359DAE04C4F94B7A87A28C81542206CE
2020-08-24 04:18 - 2020-08-24 04:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\94B892E6AE0445DF8690B016D7842726
2020-08-24 04:09 - 2020-08-24 04:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\nsc1CDA.tmp
2020-08-24 03:42 - 2020-08-24 03:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\{F0EEF6F5-E2CF-41CC-9A59-23DA7D5E96FE}
2020-08-22 18:08 - 2020-08-22 18:08 - 000016384 _____ C:\Users\Administrator\AppData\Local\Temp\~DF5CCFF4C2D9365100.TMP
2020-08-22 12:14 - 2020-08-25 11:55 - 000261632 _____ C:\Users\Administrator\Documents\pcfornec.xls
2020-08-20 23:20 - 2020-08-20 23:20 - 001707475 _____ C:\Users\Administrator\AppData\Local\Temp\.unicode_cache_f0a01af2.dat
2020-08-20 07:08 - 2020-08-15 01:51 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2020-08-20 07:08 - 2020-08-15 01:51 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2020-08-20 07:08 - 2020-08-15 01:36 - 000428544 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2020-08-20 07:08 - 2020-08-15 01:16 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2020-08-20 07:08 - 2020-08-15 01:16 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2020-08-20 07:08 - 2020-08-15 01:05 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-08-20 07:08 - 2020-08-15 01:05 - 000401408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2020-08-20 07:08 - 2020-08-15 00:55 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2020-08-20 07:08 - 2020-08-15 00:48 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2020-08-20 07:08 - 2020-08-15 00:42 - 000796160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-08-20 07:08 - 2020-08-15 00:39 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2020-08-20 07:08 - 2020-08-15 00:35 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2020-08-20 07:08 - 2020-08-15 00:28 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-08-20 07:08 - 2020-08-15 00:26 - 000700928 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-08-20 07:08 - 2020-08-15 00:24 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2020-08-20 07:08 - 2020-08-15 00:16 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-08-19 18:57 - 2020-08-19 18:57 - 001013825 _____ C:\Users\Administrator\AppData\Local\Temp\tmpB19E.tmp
2020-08-19 18:17 - 2020-09-14 02:43 - 000000053 _____ C:\Users\Administrator\AppData\Local\Temp\.ses
2020-08-19 16:31 - 2020-08-19 16:31 - 000802870 _____ C:\Users\Administrator\AppData\Local\Temp\Guest.bmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000802870 _____ C:\Users\Administrator\AppData\Local\Temp\ASPNET.bmp
2020-08-19 16:31 - 2020-08-19 16:31 - 000031832 _____ C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2020-08-19 08:07 - 2019-04-29 20:21 - 000058368 _____ (Jason Hood) C:\Windows\ANSI64.dll
2020-08-19 08:07 - 2019-04-29 20:21 - 000046592 _____ (Jason Hood) C:\Windows\ANSI32.dll
2020-08-19 08:07 - 2019-04-29 20:21 - 000016384 _____ (Jason Hood) C:\Windows\ansicon_x64.exe
2020-08-19 07:53 - 2020-08-19 07:53 - 000349230 _____ C:\Users\Administrator\Documents\virus.txt
2020-08-19 06:19 - 2020-09-14 05:09 - 000000000 ____D C:\Windows\Minidump
2020-08-19 05:34 - 2020-08-19 05:37 - 000001444 _____ C:\Users\Administrator\Desktop\VB Restart.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-15 00:43 - 2020-05-06 17:59 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2472832658-3903326398-751777190-500
2020-09-15 00:42 - 2013-08-22 11:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-15 00:26 - 2014-03-18 06:55 - 000978742 _____ C:\Windows\system32\PerfStringBackup.INI
2020-09-15 00:26 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2020-09-14 05:10 - 2020-05-07 09:34 - 000000000 ___RD C:\Users\Administrator\Desktop\Cia do Doce
2020-09-14 05:09 - 2020-05-07 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-09-14 05:09 - 2020-05-06 23:06 - 000000000 ____D C:\Temp
2020-09-14 03:39 - 2015-04-15 12:47 - 000337920 _____ C:\Windows\system32\FNTCACHE.DAT
2020-09-14 03:32 - 2014-05-17 07:36 - 000000000 ____D C:\ProgramData\Package Cache
2020-09-14 02:52 - 2020-05-07 16:48 - 000000000 ____D C:\Users\MSSQLServerOLAPService
2020-09-14 02:44 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\rescache
2020-09-14 02:35 - 2020-07-11 22:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMart Solution
2020-09-14 02:00 - 2020-05-07 16:48 - 000000000 ____D C:\Users\ReportServer
2020-09-14 02:00 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MSSQLFDLauncher
2020-09-14 02:00 - 2020-05-06 18:46 - 000000000 ____D C:\Users\Administrator
2020-09-14 00:48 - 2020-05-07 16:47 - 000000000 ____D C:\Users\MsDtsServer110
2020-09-13 21:00 - 2020-08-12 09:04 - 000000079 _____ C:\Windows\system32\wpd1.xml
2020-09-13 21:00 - 2020-08-12 09:04 - 000000079 _____ C:\Windows\system32\wpd.xml
2020-09-12 21:24 - 2019-10-09 03:21 - 000000000 ___SD C:\Windows\system32\CompatTel
2020-09-12 21:24 - 2019-10-09 03:21 - 000000000 ____D C:\Windows\system32\Appraiser
2020-09-12 21:24 - 2014-05-17 00:53 - 000000000 ____D C:\Windows\system32\MRT
2020-09-12 21:24 - 2013-08-22 12:39 - 000000000 ___RD C:\Windows\ToastData
2020-09-12 21:24 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-09-12 21:22 - 2014-05-17 00:53 - 129170736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-09-12 21:22 - 2013-08-22 12:20 - 000000000 ____D C:\Windows\CbsTemp
2020-09-12 21:21 - 2020-05-07 09:44 - 000000000 ____D C:\Program Files\Tools
2020-09-12 17:00 - 2020-06-23 05:17 - 092328304 _____ (Malwarebytes) C:\Users\Administrator\AppData\Local\Temp\MBAMInstallerService.exe
2020-09-12 00:00 - 2020-05-06 23:41 - 000000546 __RSH C:\ProgramData\ntuser.pol
2020-09-11 21:12 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\BBI
2020-09-11 21:08 - 2013-08-22 10:25 - 000008192 ___SH C:\Windows\system32\config\ELAM
2020-09-11 05:11 - 2020-05-07 09:04 - 000002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-09-09 08:02 - 2020-05-11 10:23 - 000992492 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-09-08 10:34 - 2020-05-07 16:31 - 000000000 ____D C:\Users\Administrator\Documents\Visual Studio 2010
2020-08-28 10:40 - 2020-05-07 16:47 - 000000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2020-08-24 06:55 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\LiveKernelReports
2020-08-24 00:16 - 2020-05-07 09:04 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-08-24 00:16 - 2020-05-07 09:04 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-08-22 18:21 - 2020-05-07 16:19 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2020-08-22 18:21 - 2020-05-07 16:16 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2020-08-22 05:00 - 2020-05-07 09:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2020-08-21 13:46 - 2020-05-07 09:31 - 000000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2020-08-20 23:20 - 2020-05-07 10:13 - 000000000 ____D C:\Program Files\SoftEther VPN Server
2020-08-20 21:17 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-08-20 21:17 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\system32\setup
2020-08-19 19:16 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\TAPI
2020-08-19 09:12 - 2020-07-09 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQL Backup Master
2020-08-19 08:08 - 2020-07-11 17:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2020-08-19 08:06 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\system32\NDF
2020-08-19 07:42 - 2013-08-22 12:39 - 000000000 ____D C:\Windows\System
2020-08-19 06:41 - 2020-05-08 12:30 - 000000000 ____D C:\SQL
2020-08-19 06:27 - 2020-08-12 05:02 - 000000084 _____ C:\Windows\xpwpd.dat
2020-08-19 06:04 - 2020-06-23 05:12 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-08-19 02:06 - 2020-08-12 14:02 - 000000234 _____ C:\Windows\system32\wmi.dat
2020-08-19 02:06 - 2020-08-12 14:02 - 000000234 _____ C:\Windows\system32\n1.dat
2020-08-18 07:53 - 2020-05-08 12:50 - 000000000 ____D C:\Solidcon

==================== Files in the root of some directories ========

2020-06-24 00:59 - 2020-06-24 00:59 - 000709928 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000706620 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI7334.txt
2020-06-24 00:59 - 2020-06-24 00:59 - 000011336 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5157.txt
2020-06-23 06:13 - 2020-06-23 06:13 - 000012436 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI7334.txt
2020-08-27 07:53 - 2020-08-27 08:01 - 000013556 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI1669.txt
2020-08-27 08:11 - 2020-08-27 08:11 - 000013860 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI247B.txt
2020-08-25 10:29 - 2020-08-25 11:00 - 000013464 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI7231.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000441214 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI765B.txt
2020-08-27 07:53 - 2020-08-27 08:01 - 000011728 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI1669.txt
2020-08-27 08:11 - 2020-08-27 08:11 - 000011680 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI247B.txt
2020-08-25 10:29 - 2020-08-25 11:00 - 000011632 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI7231.txt
2020-06-23 06:17 - 2020-06-23 06:17 - 000012758 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI765B.txt
2020-05-06 18:46 - 2020-09-15 00:43 - 000087866 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper.jpg
2020-05-06 18:46 - 2020-09-15 00:43 - 003145782 _____ () C:\Users\Administrator\AppData\Local\Ec2Wallpaper_ec2Config.bmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-06 05:10
==================== End of FRST.txt ========================

Addition.txt Fixlog.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.