Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer freezes and shuts off my malware protection and internet


  • This topic is locked This topic is locked
4 replies to this topic

#1 squooshy

squooshy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 01 January 2017 - 04:08 AM

To whom it may concern:

 

For the past couple of weeks, I have been dealing with a very frustrating issue. Its all started when I had a lapse in judgement and clicked on a registry fixer link. After that, malwarebytes detected a186 pup.infections, ranging from IE, to registry and so on. After that, I downloaded adware cleaner and thought the problem was resolved. Then Malwarebytes started turing its protection off. So I would uninstall, then reinstall. It would work fine the very first download, but as i started scanning it would zip though a full C: snan in 1 min. Then my computer started to freeze up. So i did perhaps another stupid thing, I reset my computer to factory defaults and clean windows install...so after numerous times up trying to correct this myself, the vast money i have already paid to what I thought would fix it, to resetting my unit 3x!! Im at my breaking point. The computer is only a year old. Almost forgot, I did have the Trojan syswow84\explorer and another one in this directory: Syswow64\svchost.exe. both have since been removed, I hope. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by chris (administrator) on DESKTOP-4HJ55J5 (01-01-2017 00:31:54)
Running from C:\Users\chris\Downloads
Loaded Profiles: chris (Available Profiles: defaultuser0 & chris & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\condom\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\condom\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\CONDOM\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [ ] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2f34427c-903f-4fbd-a981-e6a17e609da3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{855d601e-1c6d-4b72-89d6-67c45caf024b}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-220738921-1351747515-530867774-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [113152 2016-12-13] (Creative Technology Ltd)
R2 MBAMService; C:\Program Files\condom\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1064968 2016-12-13] (Creative Technology Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [228104 2016-10-05] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [133192 2015-10-01] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-31] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-31] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-31] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-31] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2016-12-31] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [419576 2016-03-10] (Realsil Semiconductor Corporation)
R3 UnlockMonitorUnlock; C:\Program Files\EMCO\UnLock IT\v4\UnlockMonitor.sys [16056 2015-04-23] (EMCO Software)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-01 00:31 - 2017-01-01 00:32 - 00006501 _____ C:\Users\chris\Downloads\FRST.txt
2017-01-01 00:29 - 2017-01-01 00:31 - 00000000 ____D C:\FRST
2017-01-01 00:28 - 2017-01-01 00:28 - 02420736 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe
2017-01-01 00:23 - 2017-01-01 00:23 - 00000000 ____D C:\Users\chris\AppData\Roaming\Macromedia
2017-01-01 00:20 - 2017-01-01 00:20 - 00000000 ____D C:\Users\chris\AppData\Local\NVIDIA
2017-01-01 00:20 - 2017-01-01 00:19 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-12-31 23:25 - 2016-12-31 23:25 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-12-31 23:25 - 2016-12-31 23:25 - 00000000 ____D C:\Users\Public\Creative
2016-12-31 23:15 - 2016-12-31 23:15 - 00007602 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-12-31 23:05 - 2016-12-31 23:05 - 00007607 _____ C:\Users\chris\AppData\Local\Resmon.ResmonCfg
2016-12-31 22:59 - 2016-12-31 23:00 - 00000000 ____D C:\Users\chris\Downloads\SysinternalsSuite
2016-12-31 22:59 - 2016-12-31 22:59 - 22239523 _____ C:\Users\chris\Downloads\SysinternalsSuite.zip
2016-12-31 22:46 - 2016-12-31 22:47 - 00002383 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-31 22:46 - 2016-12-31 22:47 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-12-31 22:46 - 2016-12-31 22:46 - 00000000 ___SD C:\Users\Administrator\AppData\LocalLow\Microsoft
2016-12-31 22:46 - 2016-12-31 22:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-12-31 22:46 - 2016-12-31 22:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2016-12-31 22:45 - 2017-01-01 00:29 - 00000000 ____D C:\Users\Administrator
2016-12-31 22:45 - 2017-01-01 00:12 - 00786432 ____H C:\Users\Administrator\NTUSER.DAT
2016-12-31 22:45 - 2017-01-01 00:12 - 00524288 ___SH C:\Users\Administrator\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 22:45 - 2017-01-01 00:12 - 00524288 ___SH C:\Users\Administrator\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 22:45 - 2017-01-01 00:12 - 00065536 ___SH C:\Users\Administrator\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-31 22:45 - 2017-01-01 00:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft
2016-12-31 22:45 - 2017-01-01 00:12 - 00000000 ____D C:\Users\Administrator\AppData\Local
2016-12-31 22:45 - 2016-12-31 23:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp
2016-12-31 22:45 - 2016-12-31 23:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-12-31 22:45 - 2016-12-31 22:47 - 00000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft
2016-12-31 22:45 - 2016-12-31 22:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-31 22:45 - 2016-12-31 22:46 - 00000000 ___RD C:\Users\Administrator\Searches
2016-12-31 22:45 - 2016-12-31 22:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming
2016-12-31 22:45 - 2016-12-31 22:46 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow
2016-12-31 22:45 - 2016-12-31 22:45 - 00245760 ___SH C:\Users\Administrator\ntuser.dat.LOG2
2016-12-31 22:45 - 2016-12-31 22:45 - 00245760 ___SH C:\Users\Administrator\ntuser.dat.LOG1
2016-12-31 22:45 - 2016-12-31 22:45 - 00000402 ___SH C:\Users\Administrator\Documents\desktop.ini
2016-12-31 22:45 - 2016-12-31 22:45 - 00000282 ___SH C:\Users\Administrator\Downloads\desktop.ini
2016-12-31 22:45 - 2016-12-31 22:45 - 00000282 ___SH C:\Users\Administrator\Desktop\desktop.ini
2016-12-31 22:45 - 2016-12-31 22:45 - 00000174 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-31 22:45 - 2016-12-31 22:45 - 00000174 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-31 22:45 - 2016-12-31 22:45 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Templates
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Start Menu
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\SendTo
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Recent
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\PrintHood
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\NetHood
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Local Settings
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Cookies
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\Application Data
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Temporary Internet Files
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\History
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Application Data
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Videos
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Saved Games
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Pictures
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Music
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Links
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Favorites
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Downloads
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Documents
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Desktop
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\Contacts
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ___HD C:\Users\Administrator\AppData
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-12-31 22:45 - 2016-12-31 22:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2016-12-31 22:45 - 2016-07-16 03:48 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-31 22:45 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-31 22:45 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-31 22:45 - 2016-07-16 03:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-31 22:40 - 2016-12-31 22:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-31 22:39 - 2017-01-01 00:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-31 22:39 - 2016-12-31 22:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-31 22:39 - 2016-12-31 22:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-31 22:39 - 2015-07-23 04:02 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-12-31 22:39 - 2015-07-23 04:02 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-12-31 22:39 - 2015-07-22 17:10 - 06873928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-31 22:39 - 2015-07-22 17:10 - 03493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-12-31 22:39 - 2015-07-22 17:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-31 22:39 - 2015-07-22 17:10 - 00937800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-12-31 22:39 - 2015-07-22 17:10 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-31 22:39 - 2015-07-22 17:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-12-31 22:39 - 2015-07-21 20:29 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2016-12-31 22:34 - 2016-12-31 22:34 - 00000000 ____D C:\Users\chris\AppData\Roaming\EMCO
2016-12-31 22:34 - 2016-12-31 22:34 - 00000000 ____D C:\ProgramData\EMCO
2016-12-31 22:33 - 2016-12-31 22:33 - 00002083 _____ C:\Users\Public\Desktop\EMCO UnLock IT 4.lnk
2016-12-31 22:33 - 2016-12-31 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
2016-12-31 22:33 - 2016-12-31 22:33 - 00000000 ____D C:\Program Files\EMCO
2016-12-31 22:32 - 2016-12-31 22:32 - 41793720 _____ (EMCO Software) C:\Users\chris\Downloads\UnLockITSetup.exe
2016-12-31 22:14 - 2016-12-31 22:14 - 00000000 ____D C:\Users\chris\AppData\Local\NetworkTiles
2016-12-31 22:13 - 2016-12-31 22:13 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-31 22:12 - 2016-12-31 22:53 - 00855532 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-31 22:12 - 2016-12-31 22:47 - 00003306 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-31 22:12 - 2016-12-31 22:13 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-31 22:12 - 2016-12-31 22:13 - 00000000 ____D C:\Program Files\condom
2016-12-31 22:12 - 2016-12-31 22:12 - 54199488 _____ (Malwarebytes ) C:\Users\chris\Downloads\condom.exe
2016-12-31 22:12 - 2016-12-31 22:12 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-31 22:12 - 2016-12-31 22:12 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-31 22:12 - 2016-12-31 22:12 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-31 22:12 - 2016-12-31 22:12 - 00001667 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-31 22:12 - 2016-12-31 22:12 - 00000000 ____D C:\Users\chris\AppData\Local\Programs
2016-12-31 22:12 - 2016-12-31 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\condom
2016-12-31 22:12 - 2016-12-31 22:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-31 22:12 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-31 22:11 - 2016-12-31 22:12 - 00002363 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-31 22:11 - 2016-12-31 22:12 - 00000000 ___RD C:\Users\chris\OneDrive
2016-12-31 22:11 - 2016-12-31 22:11 - 00000000 ____D C:\Users\chris\AppData\Roaming\Skype
2016-12-31 22:11 - 2016-12-31 22:11 - 00000000 ____D C:\Users\chris\AppData\Local\MicrosoftEdge
2016-12-31 22:11 - 2016-12-31 22:11 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-12-31 22:10 - 2017-01-01 00:19 - 00000000 ____D C:\Users\chris\AppData\Local\ConnectedDevicesPlatform
2016-12-31 22:10 - 2016-12-31 23:15 - 00000000 ____D C:\Users\chris\AppData\Local\Packages
2016-12-31 22:10 - 2016-12-31 22:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-31 22:10 - 2016-12-31 22:26 - 00000000 ____D C:\Users\chris\AppData\Local\PackageStaging
2016-12-31 22:10 - 2016-12-31 22:11 - 00000000 ___RD C:\Users\chris\Searches
2016-12-31 22:10 - 2016-12-31 22:10 - 00003340 ____H C:\Users\defaultuser0\AppData\Local\IconCache.db
2016-12-31 22:10 - 2016-12-31 22:10 - 00000402 ___SH C:\Users\chris\Documents\desktop.ini
2016-12-31 22:10 - 2016-12-31 22:10 - 00000282 ___SH C:\Users\chris\Downloads\desktop.ini
2016-12-31 22:10 - 2016-12-31 22:10 - 00000282 ___SH C:\Users\chris\Desktop\desktop.ini
2016-12-31 22:10 - 2016-12-31 22:10 - 00000174 ___SH C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-31 22:10 - 2016-12-31 22:10 - 00000174 ___SH C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ___SD C:\Users\chris\AppData\LocalLow\Microsoft
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\Contacts
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ____D C:\Users\chris\AppData\Roaming\Adobe
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ____D C:\Users\chris\AppData\Local\VirtualStore
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ____D C:\Users\chris\AppData\Local\TileDataLayer
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ____D C:\Users\chris\AppData\Local\Publishers
2016-12-31 22:10 - 2016-12-31 22:10 - 00000000 ____D C:\Users\chris\AppData\Local\Comms
2016-12-31 22:09 - 2017-01-01 00:32 - 00000000 ____D C:\Users\chris\AppData\Local\Temp
2016-12-31 22:09 - 2017-01-01 00:31 - 00000000 ___RD C:\Users\chris\Downloads
2016-12-31 22:09 - 2017-01-01 00:23 - 00000000 ____D C:\Users\chris\AppData\Roaming
2016-12-31 22:09 - 2017-01-01 00:20 - 00000000 ____D C:\Users\chris\AppData\Local
2016-12-31 22:09 - 2017-01-01 00:19 - 00000000 ____D C:\Users\chris
2016-12-31 22:09 - 2017-01-01 00:12 - 01310720 ____H C:\Users\chris\NTUSER.DAT
2016-12-31 22:09 - 2017-01-01 00:12 - 00524288 ___SH C:\Users\chris\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 22:09 - 2017-01-01 00:12 - 00065536 ___SH C:\Users\chris\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-31 22:09 - 2017-01-01 00:10 - 00000000 ____D C:\Users\chris\AppData\Local\Microsoft
2016-12-31 22:09 - 2016-12-31 22:14 - 00000000 ___RD C:\Users\chris\Favorites
2016-12-31 22:09 - 2016-12-31 22:12 - 00000000 ___RD C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-31 22:09 - 2016-12-31 22:11 - 00000000 ___RD C:\Users\chris\Pictures
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ___SD C:\Users\chris\AppData\Roaming\Microsoft
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\Videos
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\Saved Games
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\Music
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\Links
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\Documents
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\Desktop
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ___RD C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-31 22:09 - 2016-12-31 22:10 - 00000000 ____D C:\Users\chris\AppData\LocalLow
2016-12-31 22:09 - 2016-12-31 22:09 - 00524288 ___SH C:\Users\chris\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 22:09 - 2016-12-31 22:09 - 00397312 ___SH C:\Users\chris\ntuser.dat.LOG2
2016-12-31 22:09 - 2016-12-31 22:09 - 00073728 ___SH C:\Users\chris\ntuser.dat.LOG1
2016-12-31 22:09 - 2016-12-31 22:09 - 00000020 ___SH C:\Users\chris\ntuser.ini
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Templates
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Start Menu
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\SendTo
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Recent
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\PrintHood
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\NetHood
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\My Documents
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Local Settings
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Documents\My Videos
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Documents\My Pictures
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Documents\My Music
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Cookies
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\Application Data
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\AppData\Local\Temporary Internet Files
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\AppData\Local\History
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 _SHDL C:\Users\chris\AppData\Local\Application Data
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 ___HD C:\Users\chris\AppData
2016-12-31 22:09 - 2016-12-31 22:09 - 00000000 ____D C:\ProgramData\USOShared
2016-12-31 22:09 - 2016-07-16 03:48 - 00000000 ___RD C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-31 22:09 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-31 22:09 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-31 22:09 - 2016-07-16 03:47 - 00000000 ____D C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-31 22:08 - 2017-01-01 00:19 - 2532429824 ___SH C:\hiberfil.sys
2016-12-31 22:08 - 2016-12-31 22:10 - 00262144 ____H C:\Users\defaultuser0\NTUSER.DAT
2016-12-31 22:08 - 2016-12-31 22:10 - 00000000 ____D C:\Windows\SoftwareDistribution
2016-12-31 22:08 - 2016-12-31 22:10 - 00000000 ____D C:\Users\defaultuser0\AppData\Local
2016-12-31 22:08 - 2016-12-31 22:08 - 00524288 ___SH C:\Users\defaultuser0\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 22:08 - 2016-12-31 22:08 - 00524288 ___SH C:\Users\defaultuser0\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 22:08 - 2016-12-31 22:08 - 00086016 ___SH C:\Users\defaultuser0\ntuser.dat.LOG2
2016-12-31 22:08 - 2016-12-31 22:08 - 00065536 ___SH C:\Users\defaultuser0\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-31 22:08 - 2016-12-31 22:08 - 00045056 ___SH C:\Users\defaultuser0\ntuser.dat.LOG1
2016-12-31 22:08 - 2016-12-31 22:08 - 00000275 _____ C:\Windows\WindowsUpdate.log
2016-12-31 22:08 - 2016-12-31 22:08 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Templates
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Start Menu
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\SendTo
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Recent
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\PrintHood
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\NetHood
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Local Settings
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Cookies
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\Application Data
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\Temporary Internet Files
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\History
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\Application Data
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Templates
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Start Menu
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\SendTo
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Recent
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\PrintHood
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\NetHood
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\My Documents
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Local Settings
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Cookies
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\Application Data
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Temporary Internet Files
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\History
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Application Data
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Temporary Internet Files
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\History
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Application Data
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\ProgramData\Templates
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\ProgramData\Start Menu
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\ProgramData\Documents
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\ProgramData\Desktop
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\ProgramData\Application Data
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 _SHDL C:\Documents and Settings
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 __SHD C:\Recovery
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ___SD C:\Users\defaultuser0\AppData\LocalLow\Microsoft
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ___RD C:\Users\defaultuser0\Documents
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ___HD C:\Users\defaultuser0\AppData
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ____D C:\Users\defaultuser0\AppData\LocalLow
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Temp
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Microsoft
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2016-12-31 22:08 - 2016-12-31 22:08 - 00000000 ____D C:\Users\defaultuser0
2016-12-31 22:08 - 2016-07-16 03:48 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\Videos
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\Pictures
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\Music
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\Links
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\Favorites
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\Downloads
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\Desktop
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Users\defaultuser0\Saved Games
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming
2016-12-31 22:08 - 2016-07-16 03:41 - 02716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-12-31 22:07 - 2017-01-01 00:30 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 22:07 - 2017-01-01 00:30 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-31 22:07 - 2017-01-01 00:29 - 00000000 ____D C:\Windows\Prefetch
2016-12-31 22:07 - 2017-01-01 00:19 - 00067584 ____S C:\Windows\bootstat.dat
2016-12-31 22:07 - 2016-12-31 23:25 - 00008190 _____ C:\Windows\setupact.log
2016-12-31 22:07 - 2016-12-31 22:51 - 00000103 _____ C:\Windows\setuperr.log
2016-12-31 22:07 - 2016-12-31 22:34 - 00000000 __SHD C:\System Volume Information
2016-12-31 22:07 - 2016-12-31 22:08 - 3087007744 ___SH C:\pagefile.sys
2016-12-31 22:07 - 2016-12-31 22:08 - 16777216 ___SH C:\swapfile.sys
2016-12-31 22:07 - 2016-12-31 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-31 22:07 - 2016-12-31 22:07 - 00524288 ___SH C:\Windows\system32\config\ELAM{1cc41df8-4b1b-11e6-80cc-e41d2d1026d0}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 22:07 - 2016-12-31 22:07 - 00524288 ___SH C:\Windows\system32\config\ELAM{1cc41df8-4b1b-11e6-80cc-e41d2d1026d0}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 22:07 - 2016-12-31 22:07 - 00524288 ___SH C:\Windows\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 22:07 - 2016-12-31 22:07 - 00524288 ___SH C:\Windows\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 22:07 - 2016-12-31 22:07 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 22:07 - 2016-12-31 22:07 - 00524288 ___SH C:\Users\Default\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 22:07 - 2016-12-31 22:07 - 00524288 ___SH C:\Users\Default\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 22:07 - 2016-12-31 22:07 - 00194192 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-31 22:07 - 2016-12-31 22:07 - 00065536 ___SH C:\Windows\system32\config\ELAM{1cc41df8-4b1b-11e6-80cc-e41d2d1026d0}.TM.blf
2016-12-31 22:07 - 2016-12-31 22:07 - 00065536 ___SH C:\Windows\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-31 22:07 - 2016-12-31 22:07 - 00065536 ___SH C:\Users\Default\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-31 22:07 - 2016-12-31 22:07 - 00036796 _____ C:\Windows\SysWOW64\license.rtf
2016-12-31 22:07 - 2016-12-31 22:07 - 00036796 _____ C:\Windows\system32\license.rtf
2016-12-31 22:07 - 2016-12-31 22:07 - 00001340 _____ C:\Windows\lsasetup.log
2016-12-31 22:07 - 2016-12-31 22:07 - 00000000 ___SD C:\Windows\system32\Microsoft
2016-12-31 22:07 - 2016-12-31 22:07 - 00000000 ___HD C:\Program Files\Uninstall Information
2016-12-31 22:07 - 2016-12-31 22:07 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-12-31 22:07 - 2016-12-31 22:07 - 00000000 ____D C:\Windows\ServiceProfiles
2016-12-31 22:07 - 2016-12-31 22:07 - 00000000 ____D C:\ProgramData\HP
2016-12-31 22:06 - 2016-12-31 22:07 - 00000000 ____D C:\Windows\Panther
2016-12-13 03:47 - 2016-12-13 03:47 - 01064968 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\cthda.sys
2016-12-13 03:47 - 2016-12-13 03:47 - 00612352 _____ (Creative Technology Ltd) C:\Windows\system32\CtHdaC64.dll
2016-12-13 03:47 - 2016-12-13 03:47 - 00505856 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaCtl.dll
2016-12-13 03:47 - 2016-12-13 03:47 - 00245248 _____ (Creative Technology Limited) C:\Windows\system32\CtDco64.dll
2016-12-13 03:47 - 2016-12-13 03:47 - 00119808 _____ (Creative Technology Ltd) C:\Windows\system32\CtHdaS64.exe
2016-12-13 03:47 - 2016-12-13 03:47 - 00113152 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
2016-12-13 03:47 - 2016-12-13 03:47 - 00051200 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\AddMCat.exe
2016-12-13 03:47 - 2016-12-13 03:47 - 00031232 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\CtEpDef32.exe
2016-12-13 03:46 - 2016-12-13 03:46 - 02383104 _____ (Creative Technology Ltd.) C:\Windows\system32\CTHRFX64.dll
2016-12-12 23:44 - 2016-12-12 23:44 - 00026792 _____ C:\Windows\system32\CtHda.ini
2016-12-12 23:44 - 2016-12-12 23:44 - 00019873 _____ C:\Windows\SysWOW64\CtHRFX64.hda
2016-12-12 23:44 - 2016-12-12 23:44 - 00019873 _____ C:\Windows\system32\CTHRFX64.hda
2016-12-12 23:44 - 2016-12-12 23:44 - 00004850 _____ C:\Windows\CtHdaLoc.reg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-01 00:32 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-01-01 00:28 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-01 00:12 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-31 23:39 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\Microsoft.NET
2016-12-31 23:25 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\Public
2016-12-31 23:25 - 2016-07-15 22:04 - 00000000 ____D C:\Windows\SysWOW64
2016-12-31 23:22 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2016-12-31 22:53 - 2016-07-16 03:49 - 00723580 _____ C:\Windows\system32\perfh009.dat
2016-12-31 22:53 - 2016-07-16 03:49 - 00136386 _____ C:\Windows\system32\perfc009.dat
2016-12-31 22:47 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\Tasks
2016-12-31 22:46 - 2016-07-16 03:47 - 00000000 __SHD C:\$Recycle.Bin
2016-12-31 22:45 - 2016-07-15 22:04 - 00000000 ___RD C:\Users
2016-12-31 22:40 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\Public\Pictures
2016-12-31 22:40 - 2016-07-16 03:47 - 00000000 ___HD C:\ProgramData
2016-12-31 22:39 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Help
2016-12-31 22:39 - 2016-07-15 22:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-31 22:39 - 2016-07-15 22:04 - 00000000 ___RD C:\Program Files
2016-12-31 22:35 - 2016-07-15 22:04 - 05242880 _____ C:\Windows\system32\config\DRIVERS
2016-12-31 22:33 - 2016-07-16 03:47 - 00000000 __SHD C:\Windows\Installer
2016-12-31 22:33 - 2016-07-16 03:47 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-31 22:33 - 2016-07-16 03:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-31 22:33 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\restore
2016-12-31 22:19 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\CodeIntegrity
2016-12-31 22:11 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\wbem
2016-12-31 22:09 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-12-31 22:09 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\Public\Documents
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ___RD C:\Users\Default\Documents
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\spool
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\debug
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Users\Default\AppData\Local
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\Users\Default User\AppData\Local
2016-12-31 22:08 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-31 22:08 - 2016-07-15 22:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-31 22:08 - 2016-07-15 22:04 - 00000000 __RHD C:\Users\Default
2016-12-31 22:07 - 2016-07-16 03:49 - 00001947 _____ C:\Windows\DtcInstall.log
2016-12-31 22:07 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\PrintDialog
2016-12-31 22:07 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\MiracastView
2016-12-31 22:07 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-12-31 22:07 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Tasks
2016-12-31 22:07 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\Tasks\Microsoft
2016-12-31 22:07 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\Recovery
2016-12-31 22:07 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-31 22:07 - 2016-07-15 22:04 - 64487424 _____ C:\Windows\system32\config\SOFTWARE
2016-12-31 22:07 - 2016-07-15 22:04 - 12058624 _____ C:\Windows\system32\config\SYSTEM
2016-12-31 22:07 - 2016-07-15 22:04 - 00262144 _____ C:\Windows\system32\config\DEFAULT
2016-12-31 22:07 - 2016-07-15 22:04 - 00262144 _____ C:\Windows\system32\config\BBI
2016-12-31 22:07 - 2016-07-15 22:04 - 00065536 _____ C:\Windows\system32\config\SECURITY
2016-12-31 22:07 - 2016-07-15 22:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2016-12-31 22:07 - 2016-07-15 22:04 - 00000000 ____D C:\Windows\system32\Sysprep
2016-12-31 22:06 - 2016-07-16 03:47 - 00028672 _____ C:\Windows\system32\config\BCD-Template
==================== Files in the root of some directories =======
2016-12-31 23:05 - 2016-12-31 23:05 - 0007607 _____ () C:\Users\chris\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-31 22:07
==================== End of FRST.txt ============================

Attached Files


Edited by squooshy, 01 January 2017 - 04:16 AM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:08 PM

Posted 05 January 2017 - 07:45 AM

squooshy:

 

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and  I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:08 PM

Posted 05 January 2017 - 09:33 AM

squooshy:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I am not detecting any active malware, so far, on your computer, based on a review of your FRST logs, but there are some anomalies which you might be able to explain.

First off, you have two missing, critical system files, which I presume you deliberately deleted because you though that they were malware:

 

1. C:\Windows\SysWOW64\explorer.exe
2. C:\Windows\SysWOW64\svchost.exe

We have to get those files back.

Please run a System File Checker (SFC) scan to assess the integrity of the Windows 10 file system.

  • Click on the "Start" button.
  • In the "search" box at the bottom, type cmd.
  • Look for Cmd.exe to appear at the top of the menu.
  • Right-click on cmd.exe and choose Run As Administrator.
  • Type sfc /scannow. Ensure that there is a space between "sfc" and "/scannow"
  • The scan will start and may take from 20 minutes to an hour to run.
  • Please report the results from the System File Checker in your next post. Does it report "No Resource Integrity Violations Found", "Errors Repaired", or "Unable to Repair", or words to that effect?

If SFC reports uncorrectable errors, please immediately navigate to the folder: C:\Windows\Logs\CBS, locate the file "CBS.log, and copy, not move it, to your Desktop. That file is "volatile", so we need to ensure that it is not overwritten with new results.

.

:step2: From what I can see, someone seems to have renamed a Malwarebytes folder to "Condom" and a Malwarebyes file to "condom.exe". Do you know anything about this?

.

:step3: Please run a FRST "Fix" for me.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to your "Downloads" folder: C:\Users\chris\Downloads


NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:

File: C:\Program Files\condom\mbamtray.exe
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
File: C:\Users\chris\Downloads\condom.exe
  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log in your Downloads folder (Fixlog.txt). Please copy and paste the contents of that file into your reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:08 PM

Posted 08 January 2017 - 06:26 AM

squooshy:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:08 PM

Posted 10 January 2017 - 08:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users