Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Memory Eating Virus Causes Avail. RAM To Run Out - Win7 x64


  • This topic is locked This topic is locked
4 replies to this topic

#1 OneZero8

OneZero8

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 11 September 2017 - 02:24 AM

Have a friend's computer here for repair with Windows 7 X64 8GB RAM. Works ok in Safe Mode, but in standard startup everything is fine for about 1 minute on the desktop. Immediately upon logging on, memory starts filling up until nothing works properly. gets up to 7.1GB in about 1 minute or so and stops. Then, the network adaptor suddenly becomes disabled and very few apps will run due to low memory.
 
It all apparently started with a fake Facebook page that claimed he was logged out of his FB account due to malware and needed to perform a scan with nefarious software. Browser window was immediately closed at that point, but apparently something got in.
 
I've scanned with Malwarebytes 3 (latest build), Malwarebytes Anti-Rootkit, NOD32 (latest build), and Combofix. Nothing is found, whether in safe mode or not.
 
Also, installed free trial of Malwarebytes and none of the real time protection works. Seems to follow with other users' reports related to real time protection not working. Software bug?
 
Thanks.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Ran by Vince (administrator) on 6-CORE-SERVER (10-09-2017 23:30:10)
Running from C:\Appz\Anti Spyware\Anti Spyware\Farbar Recovery Scan Tool x64
Loaded Profiles: Vince (Available Profiles: Vince & QBDataServiceUser20)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Vince\Desktop\zqdxgtme.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2011-04-21] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKU\S-1-5-21-41267499-1736875988-3745994754-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-41267499-1736875988-3745994754-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0827080F-6CF6-4398-876D-CB1BDFCC8E55}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{091E7F51-093F-4652-9027-A95C1D590621}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-41267499-1736875988-3745994754-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-41267499-1736875988-3745994754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-41267499-1736875988-3745994754-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-41267499-1736875988-3745994754-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-41267499-1736875988-3745994754-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-03] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\3klnt7tt.default [2017-09-10]
FF NewTab: Mozilla\Firefox\Profiles\3klnt7tt.default -> hxxps://www.google.com/?gws_rd=ssl
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3klnt7tt.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\3klnt7tt.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3klnt7tt.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\3klnt7tt.default -> hxxps://www.google.com/?gws_rd=ssl
FF Keyword.URL: Mozilla\Firefox\Profiles\3klnt7tt.default -> hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF Extension: (Google Toolbar for Firefox) - C:\Users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\3klnt7tt.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012-01-23] [not signed]
FF Extension: (File Convertor and Search Addon) - C:\Users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\3klnt7tt.default\Extensions\{3a8fc1bc-866d-4531-b0d9-6b36bc8a8884}.xpi [2017-06-26]
FF SearchPlugin: C:\Users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\3klnt7tt.default\searchplugins\google-lavasoft.xml [2017-04-18]
FF ProfilePath: C:\Users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\iy0mvpbr.default-1503873476239 [2017-08-27]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-08] (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Vince\AppData\Local\Google\Chrome\User Data\Default [2017-09-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdaptecStorageManagerAgent; C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe [119296 2011-02-14] (Adaptec Incorporated) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-09] (Advanced Micro Devices, Inc.) [File not signed]
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S3 ArcHwPrv; C:\Program Files\Adaptec\Adaptec Storage Manager\archwprv.exe [331776 2011-02-14] (Adaptec Inc.) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2625368 2017-06-13] (ESET)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-22] (Macrovision Europe Ltd.) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-07-13] (Microsoft Corporation)
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
S2 SamSs; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
S2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2017-07-14] (Microsoft Corporation)
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2017-07-14] (Microsoft Corporation)
S2 KDUpdater; "\\?\C:\Users\Vince\AppData\Local\Temp\kd6FE8.tmp" [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132824 2017-06-22] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178056 2017-05-04] (ESET)
S1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [77224 2017-05-04] (ESET)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-10] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-10] (Malwarebytes)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2013-08-09] (Realtek Semiconductor Corporation )
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 kxryquod; \??\C:\Users\Vince\AppData\Local\Temp\kxryquod.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-10 23:29 - 2017-09-10 23:30 - 000000000 ____D C:\FRST
2017-09-10 23:07 - 2017-09-10 23:07 - 000003288 ____N C:\bootsqm.dat
2017-09-10 22:55 - 2017-05-19 18:17 - 000380928 _____ C:\Users\Vince\Desktop\zqdxgtme.exe
2017-09-10 21:55 - 2017-09-10 23:08 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-10 21:55 - 2017-09-10 21:55 - 000001897 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-10 21:55 - 2017-09-10 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-10 21:55 - 2017-09-10 21:55 - 000000000 ____D C:\ProgramData\MB2Migration
2017-09-10 21:55 - 2017-09-10 21:55 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-10 21:55 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-10 21:39 - 2017-09-10 21:39 - 000000000 ____D C:\Users\Vince\AppData\Roaming\ESET
2017-09-10 21:16 - 2017-09-10 21:16 - 000022104 _____ C:\ComboFix.txt
2017-09-10 21:08 - 2017-09-10 21:16 - 000000000 ____D C:\Qoobox
2017-09-10 21:08 - 2017-09-10 21:15 - 000000000 ____D C:\Windows\erdnt
2017-09-10 21:08 - 2011-06-25 23:45 - 000256000 _____ C:\Windows\PEV.exe
2017-09-10 21:08 - 2010-11-07 10:20 - 000208896 _____ C:\Windows\MBR.exe
2017-09-10 21:08 - 2009-04-19 21:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-09-10 21:08 - 2000-08-30 17:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-09-10 21:08 - 2000-08-30 17:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-09-10 21:08 - 2000-08-30 17:00 - 000098816 _____ C:\Windows\sed.exe
2017-09-10 21:08 - 2000-08-30 17:00 - 000080412 _____ C:\Windows\grep.exe
2017-09-10 21:08 - 2000-08-30 17:00 - 000068096 _____ C:\Windows\zip.exe
2017-09-10 21:00 - 2017-09-10 21:03 - 000000000 ___RD C:\Users\Vince\Desktop\Desktop 9-10-2017
2017-09-10 19:34 - 2017-09-10 20:57 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-10 19:33 - 2017-09-10 19:33 - 000000000 ____D C:\- ERUNT
2017-09-10 19:30 - 2017-09-10 19:32 - 000000935 _____ C:\Users\Vince\Desktop\ERUNT.lnk
2017-09-10 19:30 - 2017-09-10 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2017-09-10 19:30 - 2017-09-10 19:32 - 000000000 ____D C:\Program Files (x86)\ERUNT
2017-09-10 19:23 - 2017-09-10 17:56 - 005659851 ____R (Swearware) C:\Users\Vince\Desktop\ComboFix.exe
2017-09-10 19:14 - 2017-09-10 23:09 - 000265004 _____ C:\Windows\ntbtlog.txt
2017-08-24 09:22 - 2017-08-24 09:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-08-24 09:22 - 2017-08-24 09:22 - 000000000 ____D C:\ProgramData\ESET
2017-08-24 09:22 - 2017-08-24 09:22 - 000000000 ____D C:\Program Files\ESET
2017-08-13 00:23 - 2017-07-29 07:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-13 00:23 - 2017-07-21 07:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-13 00:23 - 2017-07-21 07:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-13 00:23 - 2017-07-21 07:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-13 00:23 - 2017-07-21 07:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-13 00:23 - 2017-07-15 11:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-13 00:23 - 2017-07-15 10:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-13 00:23 - 2017-07-14 08:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-13 00:23 - 2017-07-14 08:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-13 00:23 - 2017-07-14 08:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-13 00:23 - 2017-07-14 08:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-13 00:23 - 2017-07-14 08:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-13 00:23 - 2017-07-14 08:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-13 00:23 - 2017-07-14 08:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-13 00:23 - 2017-07-14 08:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-13 00:23 - 2017-07-14 07:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-13 00:23 - 2017-07-14 07:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-13 00:23 - 2017-07-14 07:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-13 00:23 - 2017-07-14 07:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-13 00:23 - 2017-07-14 07:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-13 00:23 - 2017-07-14 00:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-13 00:23 - 2017-07-14 00:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-13 00:23 - 2017-07-13 23:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-13 00:23 - 2017-07-13 23:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-13 00:23 - 2017-07-13 23:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-13 00:23 - 2017-07-13 23:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-13 00:23 - 2017-07-13 23:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-13 00:23 - 2017-07-13 23:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-13 00:23 - 2017-07-13 23:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-13 00:23 - 2017-07-13 23:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-13 00:23 - 2017-07-13 23:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-13 00:23 - 2017-07-13 23:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-13 00:23 - 2017-07-13 23:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-13 00:23 - 2017-07-13 23:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-13 00:23 - 2017-07-13 23:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-13 00:23 - 2017-07-13 23:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-13 00:23 - 2017-07-13 23:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-13 00:23 - 2017-07-13 23:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-13 00:23 - 2017-07-13 22:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-13 00:23 - 2017-07-13 22:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-13 00:23 - 2017-07-13 22:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-13 00:23 - 2017-07-13 22:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-13 00:23 - 2017-07-13 22:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-13 00:23 - 2017-07-13 22:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-13 00:23 - 2017-07-13 22:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-13 00:23 - 2017-07-13 22:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-13 00:23 - 2017-07-13 22:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-13 00:23 - 2017-07-13 22:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-13 00:23 - 2017-07-13 22:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-13 00:23 - 2017-07-13 22:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-13 00:23 - 2017-07-13 22:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-13 00:23 - 2017-07-13 21:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-13 00:23 - 2017-07-13 21:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-13 00:23 - 2017-07-13 21:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-13 00:23 - 2017-07-13 20:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-13 00:23 - 2017-07-13 20:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-13 00:23 - 2017-07-13 19:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-13 00:23 - 2017-07-13 19:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-13 00:23 - 2017-07-13 19:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-13 00:23 - 2017-07-13 19:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-13 00:23 - 2017-07-13 19:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-13 00:23 - 2017-07-13 19:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-13 00:23 - 2017-07-13 19:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-13 00:23 - 2017-07-13 19:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-13 00:23 - 2017-07-13 19:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-13 00:23 - 2017-07-13 19:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-13 00:23 - 2017-07-13 19:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-13 00:23 - 2017-07-13 19:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-13 00:23 - 2017-07-13 19:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-13 00:23 - 2017-07-13 19:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-13 00:23 - 2017-07-13 19:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-13 00:23 - 2017-07-13 19:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-13 00:23 - 2017-07-13 19:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-13 00:23 - 2017-07-13 19:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-13 00:23 - 2017-07-13 19:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-13 00:23 - 2017-07-13 19:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-13 00:23 - 2017-07-13 19:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-13 00:23 - 2017-07-13 19:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-13 00:23 - 2017-07-13 19:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-13 00:23 - 2017-07-13 19:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-13 00:23 - 2017-07-13 19:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-13 00:23 - 2017-07-13 19:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-13 00:23 - 2017-07-13 19:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-13 00:23 - 2017-07-13 18:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-13 00:23 - 2017-07-13 18:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-13 00:23 - 2017-07-13 18:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-13 00:23 - 2017-07-08 08:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-13 00:23 - 2017-07-08 08:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-13 00:23 - 2017-07-07 08:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-13 00:23 - 2017-07-07 08:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-13 00:23 - 2017-07-07 08:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-13 00:23 - 2017-07-07 08:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-13 00:23 - 2017-07-07 08:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-13 00:23 - 2017-07-07 08:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-13 00:23 - 2017-07-07 08:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-13 00:23 - 2017-07-07 08:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-13 00:23 - 2017-07-07 08:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-13 00:23 - 2017-07-07 08:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 08:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-13 00:23 - 2017-07-07 08:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-13 00:23 - 2017-07-07 08:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-13 00:23 - 2017-07-07 08:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-13 00:23 - 2017-07-07 07:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-13 00:23 - 2017-07-07 07:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-13 00:23 - 2017-07-07 07:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-13 00:23 - 2017-07-07 07:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-13 00:23 - 2017-07-07 07:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-13 00:23 - 2017-07-07 07:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-13 00:23 - 2017-07-07 07:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-13 00:23 - 2017-07-07 07:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-13 00:23 - 2017-07-07 07:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-13 00:23 - 2017-07-07 07:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-13 00:23 - 2017-07-07 07:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-13 00:23 - 2017-07-07 07:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-13 00:23 - 2017-07-07 07:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-13 00:23 - 2017-07-07 07:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 07:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 07:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-13 00:23 - 2017-07-07 07:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-13 00:23 - 2017-07-05 21:56 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-08-13 00:23 - 2017-07-01 06:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-13 00:23 - 2017-07-01 06:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-13 00:23 - 2017-06-15 13:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-08-13 00:23 - 2017-06-12 15:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-08-13 00:23 - 2017-06-12 15:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-08-13 00:23 - 2017-06-12 15:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-08-13 00:23 - 2017-06-12 15:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-08-13 00:23 - 2017-06-12 15:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-08-13 00:23 - 2017-06-12 15:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-08-13 00:23 - 2017-06-12 15:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-08-13 00:23 - 2017-06-12 15:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-08-13 00:23 - 2017-06-12 15:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-08-13 00:23 - 2017-06-12 15:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-08-13 00:23 - 2017-06-12 15:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-08-13 00:23 - 2017-06-12 15:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-08-13 00:23 - 2017-06-12 15:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-08-13 00:23 - 2017-06-12 15:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-08-13 00:23 - 2017-06-10 08:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-08-13 00:23 - 2017-06-10 08:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-08-13 00:23 - 2017-06-09 08:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-08-13 00:23 - 2017-06-06 08:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-08-13 00:23 - 2017-06-06 08:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-08-13 00:23 - 2017-06-02 01:10 - 000733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-08-13 00:23 - 2017-05-29 21:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-08-13 00:23 - 2017-05-29 21:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-08-13 00:23 - 2017-05-29 21:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-08-13 00:23 - 2017-05-20 21:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-08-13 00:23 - 2017-05-20 21:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-08-13 00:23 - 2017-05-16 08:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-08-13 00:23 - 2017-05-16 08:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-08-13 00:23 - 2017-05-16 08:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-08-13 00:23 - 2017-05-12 11:26 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-08-13 00:23 - 2017-05-12 11:22 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-08-13 00:23 - 2017-05-12 11:22 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-08-13 00:23 - 2017-05-12 11:22 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-08-13 00:23 - 2017-05-12 11:22 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-08-13 00:23 - 2017-05-12 11:22 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-08-13 00:23 - 2017-05-12 11:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-08-13 00:23 - 2017-05-12 11:07 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-08-13 00:23 - 2017-05-12 11:03 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-08-13 00:23 - 2017-05-12 11:03 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-08-13 00:23 - 2017-05-12 11:03 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-08-13 00:23 - 2017-05-12 11:03 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-08-13 00:23 - 2017-05-12 11:03 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-08-13 00:23 - 2017-05-12 10:43 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-08-13 00:23 - 2017-05-12 09:25 - 001251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-08-13 00:23 - 2017-05-12 08:58 - 001648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-08-13 00:23 - 2017-05-12 08:58 - 001180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-08-13 00:23 - 2017-05-10 08:33 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-08-13 00:23 - 2017-05-10 08:29 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-08-13 00:23 - 2017-05-10 08:29 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-08-13 00:23 - 2017-05-10 08:29 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-08-13 00:23 - 2017-05-10 08:29 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-08-13 00:23 - 2017-05-10 08:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-08-13 00:23 - 2017-05-10 08:16 - 000091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-08-13 00:23 - 2017-05-10 08:14 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-08-13 00:23 - 2017-05-10 08:13 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-08-13 00:23 - 2017-05-10 08:13 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-08-13 00:23 - 2017-05-10 08:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-08-13 00:23 - 2017-05-10 08:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-08-13 00:23 - 2017-05-10 08:13 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-08-13 00:23 - 2017-05-10 08:13 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-08-13 00:23 - 2017-05-10 08:12 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-08-13 00:23 - 2017-05-10 08:12 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-08-13 00:23 - 2017-05-10 08:00 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-08-13 00:23 - 2017-05-10 08:00 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-08-13 00:23 - 2017-05-10 08:00 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-08-13 00:23 - 2017-05-10 08:00 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-08-13 00:23 - 2017-05-09 08:30 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-08-13 00:23 - 2017-05-09 08:29 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-08-13 00:23 - 2017-05-09 08:15 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-08-13 00:23 - 2017-05-09 08:11 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-08-13 00:23 - 2017-05-07 08:33 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-08-13 00:23 - 2017-05-07 08:29 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-08-13 00:23 - 2017-04-27 15:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-08-13 00:23 - 2017-04-21 08:34 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-08-13 00:23 - 2017-04-21 08:15 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-08-13 00:23 - 2017-04-17 08:37 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-08-13 00:23 - 2017-04-17 08:37 - 000876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-08-13 00:23 - 2017-04-17 08:37 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-08-13 00:23 - 2017-04-17 08:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-08-13 00:23 - 2017-04-17 08:37 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-08-13 00:23 - 2017-04-17 08:12 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-08-13 00:23 - 2017-04-17 08:12 - 000581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-08-13 00:23 - 2017-04-17 08:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-08-13 00:23 - 2017-04-17 07:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-08-13 00:23 - 2017-04-12 08:32 - 001483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-08-13 00:23 - 2017-04-12 08:32 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-08-13 00:23 - 2017-04-12 08:32 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-08-13 00:23 - 2017-04-12 08:32 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-08-13 00:23 - 2017-04-12 08:26 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-08-13 00:23 - 2017-04-12 08:25 - 001176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-08-13 00:23 - 2017-04-12 08:25 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-08-13 00:23 - 2017-04-12 08:25 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-08-13 00:23 - 2017-04-12 06:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-08-13 00:23 - 2017-04-05 07:55 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-08-13 00:23 - 2017-04-05 07:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-08-13 00:23 - 2017-04-05 07:55 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-08-13 00:23 - 2017-04-04 07:53 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-08-13 00:23 - 2017-03-30 08:03 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-08-13 00:23 - 2017-03-30 07:58 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-08-13 00:23 - 2017-03-10 09:32 - 001389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-08-13 00:23 - 2017-03-10 09:32 - 000300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-08-13 00:23 - 2017-03-10 09:20 - 001508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-08-13 00:23 - 2017-03-10 09:20 - 000237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-08-13 00:23 - 2017-03-10 08:57 - 000009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-08-13 00:23 - 2017-03-10 08:55 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-08-13 00:23 - 2017-03-10 08:55 - 000195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-08-13 00:23 - 2017-03-07 09:30 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-08-13 00:23 - 2017-03-07 09:17 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-08-13 00:23 - 2017-03-07 07:05 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-08-13 00:23 - 2017-03-03 18:27 - 001574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-08-13 00:23 - 2017-03-03 18:27 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-08-13 00:23 - 2017-03-03 18:14 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-08-13 00:23 - 2017-03-03 18:14 - 000077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-08-13 00:23 - 2017-02-09 09:32 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-08-13 00:23 - 2017-02-09 09:32 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-08-13 00:23 - 2017-02-09 09:32 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-08-13 00:23 - 2017-02-09 09:31 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-08-13 00:23 - 2017-02-09 09:31 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-08-13 00:23 - 2017-02-09 09:14 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-08-13 00:23 - 2017-02-09 09:14 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-08-13 00:23 - 2017-02-09 09:14 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-08-13 00:23 - 2017-02-09 08:51 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:36 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-08-13 00:23 - 2017-01-18 08:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-08-13 00:23 - 2017-01-13 11:00 - 000976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-08-13 00:23 - 2017-01-13 11:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-08-13 00:23 - 2017-01-13 10:45 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-08-13 00:23 - 2017-01-13 10:45 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-08-13 00:23 - 2017-01-11 11:01 - 001887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-08-13 00:23 - 2017-01-11 11:01 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-08-13 00:23 - 2017-01-11 10:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-08-13 00:23 - 2017-01-11 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-08-13 00:23 - 2016-03-23 15:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-08-13 00:23 - 2016-03-23 15:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-10 23:13 - 2009-07-13 22:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-10 23:13 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-09-10 23:08 - 2014-06-27 17:23 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-10 23:08 - 2014-06-27 17:23 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-10 22:56 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-10 21:55 - 2014-06-27 17:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-10 21:43 - 2009-07-13 21:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-10 21:43 - 2009-07-13 21:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-10 21:21 - 2012-11-13 14:37 - 000000000 ____D C:\Windows\pss
2017-09-10 21:14 - 2011-04-21 15:15 - 000000000 ____D C:\Users\Vince
2017-09-10 21:14 - 2009-07-13 19:34 - 000000215 _____ C:\Windows\system.ini
2017-09-10 21:07 - 2014-06-26 02:00 - 000000000 ____D C:\Users\Vince\AppData\Local\Adobe
2017-09-10 19:23 - 2011-11-18 17:53 - 000000000 ____D C:\Appz
2017-09-08 15:08 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-08 11:57 - 2011-04-22 14:34 - 000000880 _____ C:\Windows\Tasks\Google Software Updater.job
2017-09-08 10:53 - 2015-10-07 12:59 - 000000000 ____D C:\Windows\rescache
2017-08-27 16:20 - 2009-07-13 21:45 - 005385376 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-27 16:18 - 2015-04-23 11:17 - 000000000 ____D C:\Windows\system32\appraiser
2017-08-27 16:18 - 2014-06-20 22:49 - 000000000 ___SD C:\Windows\system32\CompatTel
2017-08-27 16:18 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\DVD Maker
2017-08-27 16:18 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2017-08-27 16:18 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\migwiz
2017-08-27 16:18 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-08-27 16:15 - 2013-04-17 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-08-27 16:14 - 2013-04-17 17:40 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-08-27 16:14 - 2013-04-17 17:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-08-27 16:09 - 2013-11-13 16:31 - 000000000 ____D C:\Windows\system32\MRT
2017-08-27 16:05 - 2011-04-21 22:37 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-27 15:37 - 2016-11-22 02:16 - 000000000 ____D C:\Users\Vince\AppData\LocalLow\Mozilla
2017-08-27 15:29 - 2017-06-23 08:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 15:29 - 2012-12-07 14:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-17 12:38 - 2011-04-22 14:35 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-13 00:28 - 2015-10-07 12:13 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-13 00:28 - 2015-10-07 12:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-13 00:15 - 2012-11-13 14:50 - 000000000 ____D C:\Users\QBDataServiceUser20.6-Core-Server.000
 
==================== Files in the root of some directories =======
 
2011-05-17 12:12 - 2011-05-17 12:12 - 000002784 _____ () C:\Program Files (x86)\INSTALL.LOG
2011-04-21 21:57 - 2014-05-07 12:45 - 000000079 _____ () C:\Users\Vince\AppData\Local\CrystalDiskMark30.ini
2011-04-21 16:46 - 2011-04-21 16:47 - 000007551 _____ () C:\Users\Vince\AppData\Local\HWVendorDetection.log
2011-05-11 18:46 - 2011-05-11 18:46 - 000000017 _____ () C:\Users\Vince\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2017-09-10 23:01 - 2017-09-10 23:03 - 000000000 _____ () C:\Users\Vince\AppData\Local\Temp\{E8D91814-9E96-4D06-8C43-90CBECD7BF6A}-60.0.3112.113_60.0.3112.101_chrome_updater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-08 10:46
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
Ran by Vince (10-09-2017 23:30:38)
Running from C:\Appz\Anti Spyware\Anti Spyware\Farbar Recovery Scan Tool x64
Windows 7 Professional Service Pack 1 (X64) (2011-04-21 22:15:31)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-41267499-1736875988-3745994754-500 - Administrator - Disabled)
Guest (S-1-5-21-41267499-1736875988-3745994754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-41267499-1736875988-3745994754-1012 - Limited - Enabled)
QBDataServiceUser20 (S-1-5-21-41267499-1736875988-3745994754-1013 - Limited - Enabled) => C:\Users\QBDataServiceUser20.6-Core-Server.000
Vince (S-1-5-21-41267499-1736875988-3745994754-1000 - Administrator - Enabled) => C:\Users\Vince
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adaptec Storage Manager (HKLM\...\{7C3DAF8E-37AB-47D6-9157-ED9B56558341}) (Version: 6.50.00.18771 - PMC-Sierra, Inc.)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.4.30 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM\...\{3BFA80E7-C4DB-45E7-B6B7-5E1804ED3652}) (Version: 2014.1.0.375 - Adobe Systems, Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.64 - ArcSoft)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.8.0 - ASUS)
ATI AVIVO64 Codecs (HKLM\...\{2231CA42-C1E1-13C2-FAA5-4A832ABE3AAB}) (Version: 10.12.0.00210 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{4BAC245B-932C-30CA-B7C4-9BAF2C4F7946}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.5.0 - BitTorrent Inc.)
Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.)
Canon MF4320-4350 (HKLM\...\{99A5569D-9F86-4f32-A227-1538B731DA42}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CrystalDiskMark 3.0.1a (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.1a - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DealerClick (HKLM-x32\...\DealerClick) (Version:  - )
Driver Install 64-Bit (HKLM-x32\...\{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China) Hidden
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{3B4AB7BA-0734-4547-9604-3FCC40873B3D}) (Version: 10.1.219.0 - ESET, spol. s r.o.)
FileMaker Pro 11 Advanced (HKLM-x32\...\{C53BECC0-C579-44F8-A995-E97FACB04DFC}) (Version: 11.0.2.0 - FileMaker, Inc.) Hidden
FileMaker Pro 11 Advanced (HKLM-x32\...\{C53BECC0-C579-44F8-A995-E97FACB04DFC}_FileMaker) (Version: 11.0.2.0 - FileMaker, Inc.)
FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.5.0.0 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeyPlayr (HKLM-x32\...\{A21A2C02-B537-4418-858C-1F79C309FD0C}) (Version: 1.00.0000 - KeyDownload)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-41267499-1736875988-3745994754-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{D6C9AF27-9414-46C8-B9D8-D878BA041033}) (Version: 8.3.314 - Nero AG)
PC Wizard 2010.1.96 (HKLM-x32\...\PC Wizard 2010_is1) (Version:  - CPUID)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickBooks (HKLM-x32\...\{1D70AABC-CB59-4700-A708-EA56D1CA07B0}) (Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6024 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WhatsApp (HKU\S-1-5-21-41267499-1736875988-3745994754-1000\...\WhatsApp) (Version: 0.2.4240 - WhatsApp)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WMV9/VC-1 Video Playback (HKLM\...\{40B91513-A7B9-94AB-5353-926FB1C07334}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-41267499-1736875988-3745994754-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Vince\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-41267499-1736875988-3745994754-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Vince\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-41267499-1736875988-3745994754-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Vince\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-41267499-1736875988-3745994754-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Vince\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-41267499-1736875988-3745994754-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Vince\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-09] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {19655D4B-588D-4586-90AB-221D0BB7B2A0} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-12-05] (Google) <==== ATTENTION
Task: {19F70369-3C1C-49DD-A384-AE508CD1B94D} - System32\Tasks\{1907D87B-237D-4C77-99D6-D9CCFA2A5BE6} => C:\Windows\system32\pcalua.exe -a "Y:\Download (Program Files to Install)\Adobe\Shockwave_Installer_Full.exe" -d C:\Users\Vince\Desktop
Task: {4DD5214A-636A-4CF3-BACD-D3EF34B70E52} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-22] ()
Task: {502C484C-B662-4AAB-BCF0-ACBF8620EA8F} - System32\Tasks\{4351D768-30BA-4824-9EE0-5126E39C0F8E} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\DlrClick\UNWISE.EXE -c C:\PROGRA~2\DlrClick\DCINSTALL.LOG
Task: {5217BB97-47F6-42F8-A6F1-0970795975B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {619E3AFD-2DE5-4187-ABD4-EB55A16BEFC0} - System32\Tasks\AdobeAAMUpdater-1.0-6-Core-Server-Vince => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {6834A518-9793-4840-94AC-8E9BFA87EF80} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-22] ()
Task: {7D83165F-D585-48B5-A0DF-49FC2E80A288} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 -> No File <==== ATTENTION
Task: {8651695E-B567-4182-987E-EA631085D8D0} - System32\Tasks\{D61BEC38-1F5B-457D-B454-5FE00ADBCB9F} => C:\Windows\system32\pcalua.exe -a C:\Users\Vince\Desktop\smartdraw_YM_15WSUJ_setup.exe -d C:\Users\Vince\Desktop
Task: {97BE4C43-D38D-4B3E-87E0-ACFEB3223BA5} - System32\Tasks\{41771ED4-F861-4619-BCBA-9C5314F7642C} => C:\Windows\system32\pcalua.exe -a D:\Driver\x64\setup.exe -d D:\Driver\x64
Task: {B6B001D9-E474-4BD8-89F2-CA2291875F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {D9DE44D9-0D26-4317-A4F1-A5F7C0673E89} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {E04861E7-7BCC-4E31-9607-08AB475B5AA6} - System32\Tasks\{F87D0FE1-1CCC-4267-88AA-51D3C11607B4} => C:\Windows\system32\pcalua.exe -a C:\Users\Vince\Downloads\AdobeAIRInstaller.exe -d C:\Users\Vince\Downloads
Task: {E140D0DF-F677-4E66-8181-85394B36B20E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {E5757577-B55C-4856-AB94-43FE0802F00F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E8B277F4-B33F-4E8A-A355-93E7037272F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {FEF1F60D-7778-44C5-8D85-075FE23CEC0E} - System32\Tasks\{F88462A2-0348-4AB1-8EA9-746DE67B0FFD} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-16 11:06 - 2014-07-16 11:06 - 000672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2017-02-21 14:09 - 2017-02-21 14:09 - 000052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-08-17 12:38 - 2017-08-11 00:40 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\swiftshader\libglesv2.dll
2017-08-17 12:38 - 2017-08-11 00:40 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\swiftshader\libegl.dll
2017-09-10 22:55 - 2017-05-19 18:17 - 000380928 _____ () C:\Users\Vince\Desktop\zqdxgtme.exe
2017-08-08 12:25 - 2017-07-28 11:18 - 031134720 _____ () C:\Users\Vince\AppData\Local\Google\Chrome\User Data\PepperFlash\26.0.0.151\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-41267499-1736875988-3745994754-1000\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2017-09-10 21:14 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-41267499-1736875988-3745994754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vince\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{6873BE05-CB2A-4530-8A95-5CFCBA14A2EC}C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe] => (Allow) C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe
FirewallRules: [UDP Query User{98027556-C2B6-4941-A6BA-4AF8C2CAAEC3}C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe] => (Allow) C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe
FirewallRules: [TCP Query User{D5465F2F-4007-4921-AC09-E3C9F84DA25F}C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe] => (Allow) C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe
FirewallRules: [UDP Query User{97C7FB10-4953-4E2C-890E-75500B5899C1}C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe] => (Allow) C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe
FirewallRules: [{36ACE84D-6629-41BB-8E2D-D6A6A5B18FCA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5E47ED6-AC4A-4AA5-A868-21CF3BD1CCF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{9BD889F0-51E3-482B-AF25-2705565056E5}C:\program files (x86)\filemaker\filemaker pro 11 advanced\filemaker pro advanced.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11 advanced\filemaker pro advanced.exe
FirewallRules: [UDP Query User{0B7406B8-04B8-44EF-B5FC-8ABC5D31F36A}C:\program files (x86)\filemaker\filemaker pro 11 advanced\filemaker pro advanced.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11 advanced\filemaker pro advanced.exe
FirewallRules: [{623B71E9-0A39-49CA-B90A-78CD8D474645}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{D14BCBCB-7D97-4B99-B201-AFF3D2D707AB}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{F7BE2C3A-FB74-4B83-BA05-8E77D9DE3927}C:\program files (x86)\filemaker\filemaker pro 11 advanced\filemaker pro advanced.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11 advanced\filemaker pro advanced.exe
FirewallRules: [UDP Query User{D708D83F-DEA1-41A3-809C-2D0D6DAE9671}C:\program files (x86)\filemaker\filemaker pro 11 advanced\filemaker pro advanced.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11 advanced\filemaker pro advanced.exe
FirewallRules: [TCP Query User{CE78978C-A2F0-4EF2-A8B6-FCF133958DCC}C:\program files (x86)\adobe muse\adobe muse.exe] => (Allow) C:\program files (x86)\adobe muse\adobe muse.exe
FirewallRules: [UDP Query User{476E951A-1364-4DB5-ABA6-3D5982D17CE0}C:\program files (x86)\adobe muse\adobe muse.exe] => (Allow) C:\program files (x86)\adobe muse\adobe muse.exe
FirewallRules: [{9984AEA0-48E1-41CC-9477-C76A0423AFBD}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{5D78BA50-8C3C-422C-A489-62C4EF78A929}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{3934D105-A23E-4A8A-9EC7-4146E223B2A8}] => (Allow) LPort=1542
FirewallRules: [{0928622B-8B90-4408-970C-D0E91554F70F}] => (Allow) LPort=1542
FirewallRules: [{55826BDC-D7AF-41FC-A674-37372AAE93BB}] => (Allow) LPort=53
FirewallRules: [{700CC8C7-FF67-42DE-84C6-9FBADA62942C}] => (Allow) LPort=67
FirewallRules: [{D415CDB1-6EE0-4346-86AC-38FADE4F8932}] => (Allow) LPort=68
FirewallRules: [{55580E1E-DD0E-4D36-AE1E-8A185233CB96}] => (Allow) LPort=53
FirewallRules: [{E9CF9DFC-8AA2-4EE5-89CB-7434AFBECDF4}] => (Allow) LPort=53
FirewallRules: [{8D6C30E1-DDCD-458F-BB72-C2F04EDF3425}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [TCP Query User{0E6427F4-1A41-4A0B-980A-350B8F498BD9}C:\program files (x86)\adobe muse\adobe muse.exe] => (Allow) C:\program files (x86)\adobe muse\adobe muse.exe
FirewallRules: [UDP Query User{96FD8E3D-E1F9-4CDC-91C6-045F2307D50B}C:\program files (x86)\adobe muse\adobe muse.exe] => (Allow) C:\program files (x86)\adobe muse\adobe muse.exe
FirewallRules: [TCP Query User{FE4213F1-8996-4614-B395-2614920FAF24}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [UDP Query User{8D49498B-FE37-49DC-9CC3-A600568C99FB}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [{611F0C29-8429-4300-952E-892CA12D1932}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{66BAF8D9-9167-44CE-8C64-71F1E63FB8CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E76458C-9A7B-4EA1-BD73-7EE1A99DF45F}] => (Allow) C:\Users\Vince\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7423C974-A3B4-40E6-85BC-33EF67CE02FE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2A2907CF-FAC9-4F84-9B65-F0FC4188B828}] => (Allow) LPort=2869
FirewallRules: [{EE9ED29A-2D3B-47E4-B67B-BBAFA4CD74BF}] => (Allow) LPort=1900
FirewallRules: [{4354C2AB-194C-452B-84B4-19CDAC4B0680}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4CDD3B5D-C80B-4D75-AF73-E19E0A353490}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDECF5DB-4666-48C4-9A3D-5B0A755ED140}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB72B6EA-6A44-4955-B2CD-8821EB3CBC4F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{F317383A-9F6A-45E3-81E7-0472EF23474B}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe
FirewallRules: [{54C71C44-F9AB-4735-A9E4-6C5327989FFD}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe
FirewallRules: [{FA798922-1D0D-4502-842B-5DF17AD222CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-08-2017 16:04:52 Windows Update
08-09-2017 10:53:36 Scheduled Checkpoint
08-09-2017 10:54:18 Windows Backup
10-09-2017 21:08:54 ComboFix created restore point
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: ehdrv
Description: ehdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ehdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2017 11:10:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/10/2017 11:02:31 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
Error: (09/10/2017 11:00:06 PM) (Source: ESENT) (EventID: 481) (User: )
Description: wuaueng.dll (440) SUS20ClientDataStore: An attempt to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 275316736 (0x0000000010690000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ".  The read operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (09/10/2017 11:00:06 PM) (Source: ESENT) (EventID: 481) (User: )
Description: wuaueng.dll (440) SUS20ClientDataStore: An attempt to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 183500800 (0x000000000af00000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ".  The read operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (09/10/2017 11:00:06 PM) (Source: ESENT) (EventID: 481) (User: )
Description: wuaueng.dll (440) SUS20ClientDataStore: An attempt to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 372146176 (0x00000000162e8000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ".  The read operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (09/10/2017 11:00:06 PM) (Source: ESENT) (EventID: 481) (User: )
Description: wuaueng.dll (440) SUS20ClientDataStore: An attempt to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 1263075328 (0x000000004b490000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ".  The read operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (09/10/2017 11:00:06 PM) (Source: ESENT) (EventID: 481) (User: )
Description: wuaueng.dll (440) SUS20ClientDataStore: An attempt to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 1243217920 (0x000000004a1a0000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ".  The read operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (09/10/2017 11:00:06 PM) (Source: ESENT) (EventID: 481) (User: )
Description: wuaueng.dll (440) SUS20ClientDataStore: An attempt to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 1243152384 (0x000000004a190000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ".  The read operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (09/10/2017 11:00:06 PM) (Source: ESENT) (EventID: 481) (User: )
Description: wuaueng.dll (440) SUS20ClientDataStore: An attempt to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 298287104 (0x0000000011c78000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ".  The read operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (09/10/2017 11:00:06 PM) (Source: ESENT) (EventID: 481) (User: )
Description: wuaueng.dll (440) SUS20ClientDataStore: An attempt to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 176947200 (0x000000000a8c0000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1450 (0x000005aa): "Insufficient system resources exist to complete the requested service. ".  The read operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
 
System errors:
=============
Error: (09/10/2017 11:30:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:30:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:30:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:25:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:25:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:25:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:23:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:23:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:23:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/10/2017 11:18:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-10 21:14:29.265
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-10 21:14:29.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X6 1035T Processor
Percentage of memory in use: 23%
Total physical RAM: 7934.14 MB
Available physical RAM: 6078.97 MB
Total Virtual: 9932.32 MB
Available Virtual: 8107.09 MB
 
==================== Drives ================================
 
Drive c: (Main Drive (SSD) OS & Programs) (Fixed) (Total:107.03 GB) (Free:16.27 GB) NTFS
Drive x: (1TB Mirror RAID (Save All)) (Fixed) (Total:930.99 GB) (Free:148.57 GB) NTFS
Drive y: () (Fixed) (Total:915.35 GB) (Free:821.99 GB) NTFS
Drive z: (SYSTEM RESERVE- GATEWAY RESTORE) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 107.1 GB) (Disk ID: 0BBA70B6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BA1D51B1)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=915.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931 GB) (Disk ID: 9DF13EC9)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by OneZero8, 11 September 2017 - 04:38 AM.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 13 September 2017 - 10:58 PM

Hi OneZero8

 

My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#3 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 15 September 2017 - 04:52 PM

Hi OneZero8 :)

We need to run a fix with FRST.

Please boot to Safe mode with networking again.
Note that you originally downloaded FRST64 to this folder:C:\Appz\Anti Spyware\Anti Spyware\Farbar Recovery Scan Tool x64
It may be easier to download FRST64 again but this time save it to your Desktop

Next:

  • Launch FRST64
  • Highlight the contents of the text below in its entirety and the press Ctrl-C to copy it to the clipboard
start::
CreateRestorePoint:
CloseProcesses:
S2 KDUpdater; "\\?\C:\Users\Vince\AppData\Local\Temp\kd6FE8.tmp" [X] <==== ATTENTION
U3 kxryquod; \??\C:\Users\Vince\AppData\Local\Temp\kxryquod.sys [X] <==== ATTENTION
Toolbar: HKU\S-1-5-21-41267499-1736875988-3745994754-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Task: {7D83165F-D585-48B5-A0DF-49FC2E80A288} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 -> No File <==== ATTENTION
cmd: type C:\ComboFix.txt
cmd: gpresult /v
File: C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
emptytemp:
end::
  • Now click on Fix in the FRST window
  • After a few moments, you will be prompted to restart your computer
  • Click OK to restart your computer
  • After restarting, a file named Fixlog.txt will be created in the folder from which you ran FRST64
  • If you saved FRST64 to your Desktop, you will find Fixlog.txt there
  • Please copy and paste Fixlog.txt into your next reply to me
  • Try booting to Normal mode and let me know if you were successful

In summary I will need from you:

  • Fixlog.txt
  • Were you able to boot into normal mode?

Let me know if you have any questions.

polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 18 September 2017 - 04:53 PM

Hi OneZero8 :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:16 PM

Posted 20 September 2017 - 07:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users