Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart Service Trojan


  • This topic is locked This topic is locked
10 replies to this topic

#1 homeband

homeband

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 06 October 2017 - 09:50 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2017 01
Ran by Owner (administrator) on OWNER-PC (06-10-2017 08:00:47)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\tprdpw64.exe
() C:\Windows\Temp\g6B30.tmp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Owner\AppData\Local\ntuserlitelist\dataup\dataup.exe
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\DfSdkS64.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(8BPRW) C:\Program Files\7VO5KAN3JS\T6OZKJBR1.exe
() C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
() C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Owner\AppData\Local\enntulc\qfuhzo\ct.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwReporter\21.122.6\software_reporter_tool.exe
(Google) C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwReporter\21.122.6\software_reporter_tool.exe
() C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5088872 2017-08-07] (Box, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [svcvmx] => C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-11] () <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\Owner\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM\...\RunOnce: [OWNER-PC] => C:\Windows\Temp\gB837.tmp.exe [212992 2017-10-06] () <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-08-05] (Glarysoft Ltd)
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\...\Run: [JGAR88Ah2V.exe] => C:\Program Files\InfraRecorder\8WPR5QY65UTST\JGAR88Ah2V.exe [375296 2017-06-13] ()
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\...\Run: [IA7T0I2VSYR6OD3] => C:\Program Files\7VO5KAN3JS\T6OZKJBR1.exe [1099264 2017-06-14] (8BPRW)
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\...\MountPoints2: {981dd7bd-aecd-11e6-8819-002219e71055} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\...\MountPoints2: {981dd7c8-aecd-11e6-8819-002219e71055} - E:\LaunchU3.exe -a
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{11110E9A-3998-40FF-B6F5-77B0B1AEF657}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{11110E9A-3998-40FF-B6F5-77B0B1AEF657}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{7A6AAF2B-B2AD-48C1-8AB4-6376CF170140}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7A6AAF2B-B2AD-48C1-8AB4-6376CF170140}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131418264461226545&GUID=AFC6DD3F-DDA6-44FC-A322-0386352A0F37
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 8skjpr67.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8skjpr67.default [2017-09-14]
FF Homepage: Mozilla\Firefox\Profiles\8skjpr67.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-23] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-10-06]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-28]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-08]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-08]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-08]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-28]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-14]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36680 2017-08-07] (Box, Inc.)
R2 Dataup; C:\Users\Owner\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-07-15] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Owner\AppData\Local\enntulc\qfuhzo\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
S2 srcsrv; C:\Windows\src_srv\winsrcsrv.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-03-02] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-03-02] (Disc Soft Ltd)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-08-11] (Glarysoft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2016-07-15] (Microsoft Corporation)
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
S1 jhduokhm; \??\C:\Windows\system32\drivers\jhduokhm.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-06 08:00 - 2017-10-06 08:06 - 000017360 _____ C:\Users\Owner\Downloads\FRST.txt
2017-10-06 08:00 - 2017-10-06 08:00 - 000000000 ____D C:\FRST
2017-10-06 07:59 - 2017-10-06 08:00 - 002399744 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-09-14 22:45 - 2017-09-14 22:45 - 000003536 ____N C:\bootsqm.dat
2017-09-14 20:32 - 2017-09-14 20:32 - 000109408 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-14 20:31 - 2017-09-14 20:31 - 000410040 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-14 16:19 - 2017-09-14 16:21 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.09.3.1001 (1).exe
2017-09-14 16:13 - 2017-09-14 16:16 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.09.3.1001.exe
2017-09-14 15:43 - 2017-09-14 15:53 - 068408664 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-10 10:09 - 2017-07-29 08:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-09-10 10:09 - 2017-07-21 08:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-09-10 10:09 - 2017-07-21 08:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-09-10 10:09 - 2017-07-21 08:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-09-10 10:09 - 2017-07-21 08:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-09-10 10:09 - 2017-07-15 12:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-10 10:09 - 2017-07-15 11:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-09-10 10:09 - 2017-07-14 09:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-09-10 10:09 - 2017-07-14 09:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-09-10 10:09 - 2017-07-14 09:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-09-10 10:09 - 2017-07-14 09:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-09-10 10:09 - 2017-07-14 09:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-09-10 10:09 - 2017-07-14 09:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-09-10 10:09 - 2017-07-14 09:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-09-10 10:09 - 2017-07-14 09:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-09-10 10:09 - 2017-07-14 08:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-09-10 10:09 - 2017-07-14 08:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-09-10 10:09 - 2017-07-14 08:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-10 10:09 - 2017-07-14 08:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-10 10:09 - 2017-07-14 08:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-09-10 10:09 - 2017-07-14 01:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-10 10:09 - 2017-07-14 01:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-10 10:09 - 2017-07-14 00:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-10 10:09 - 2017-07-14 00:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-10 10:09 - 2017-07-14 00:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-10 10:09 - 2017-07-14 00:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-10 10:09 - 2017-07-14 00:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-10 10:09 - 2017-07-14 00:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-10 10:09 - 2017-07-14 00:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-10 10:09 - 2017-07-14 00:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-10 10:09 - 2017-07-14 00:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-10 10:09 - 2017-07-14 00:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-10 10:09 - 2017-07-14 00:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-10 10:09 - 2017-07-14 00:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-10 10:09 - 2017-07-14 00:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-10 10:09 - 2017-07-14 00:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-10 10:09 - 2017-07-14 00:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-10 10:09 - 2017-07-14 00:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-10 10:09 - 2017-07-13 23:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-10 10:09 - 2017-07-13 23:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-10 10:09 - 2017-07-13 23:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-10 10:09 - 2017-07-13 23:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-10 10:09 - 2017-07-13 23:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-10 10:09 - 2017-07-13 23:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-10 10:09 - 2017-07-13 23:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-10 10:09 - 2017-07-13 23:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-10 10:09 - 2017-07-13 23:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-10 10:09 - 2017-07-13 23:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-10 10:09 - 2017-07-13 23:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-10 10:09 - 2017-07-13 23:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-10 10:09 - 2017-07-13 23:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-10 10:09 - 2017-07-13 22:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-10 10:09 - 2017-07-13 22:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-10 10:09 - 2017-07-13 22:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-10 10:09 - 2017-07-13 21:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-10 10:09 - 2017-07-13 21:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-10 10:09 - 2017-07-13 20:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-10 10:09 - 2017-07-13 20:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-10 10:09 - 2017-07-13 20:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-10 10:09 - 2017-07-13 20:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-10 10:09 - 2017-07-13 20:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-10 10:09 - 2017-07-13 20:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-10 10:09 - 2017-07-13 20:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-10 10:09 - 2017-07-13 20:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-10 10:09 - 2017-07-13 20:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-10 10:09 - 2017-07-13 20:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-10 10:09 - 2017-07-13 20:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-10 10:09 - 2017-07-13 20:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-10 10:09 - 2017-07-13 20:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-10 10:09 - 2017-07-13 20:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-10 10:09 - 2017-07-13 20:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-10 10:09 - 2017-07-13 20:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-10 10:09 - 2017-07-13 20:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-10 10:09 - 2017-07-13 20:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-10 10:09 - 2017-07-13 20:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-10 10:09 - 2017-07-13 20:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-10 10:09 - 2017-07-13 20:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-10 10:09 - 2017-07-13 20:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-10 10:09 - 2017-07-13 20:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-10 10:09 - 2017-07-13 20:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-10 10:09 - 2017-07-13 20:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-10 10:09 - 2017-07-13 20:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-10 10:09 - 2017-07-13 20:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-10 10:09 - 2017-07-13 19:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-10 10:09 - 2017-07-13 19:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-10 10:09 - 2017-07-13 19:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-10 10:09 - 2017-07-08 09:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-09-10 10:09 - 2017-07-08 09:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-10 10:09 - 2017-07-07 09:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-10 10:09 - 2017-07-07 09:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-10 10:09 - 2017-07-07 09:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-10 10:09 - 2017-07-07 09:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-09-10 10:09 - 2017-07-07 09:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-10 10:09 - 2017-07-07 09:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-10 10:09 - 2017-07-07 09:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-10 10:09 - 2017-07-07 09:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-10 10:09 - 2017-07-07 09:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-10 10:09 - 2017-07-07 09:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 09:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-10 10:09 - 2017-07-07 09:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-10 10:09 - 2017-07-07 09:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-10 10:09 - 2017-07-07 09:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-10 10:09 - 2017-07-07 08:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-10 10:09 - 2017-07-07 08:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-10 10:09 - 2017-07-07 08:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-10 10:09 - 2017-07-07 08:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-10 10:09 - 2017-07-07 08:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-10 10:09 - 2017-07-07 08:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-10 10:09 - 2017-07-07 08:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-10 10:09 - 2017-07-07 08:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-10 10:09 - 2017-07-07 08:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-10 10:09 - 2017-07-07 08:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-10 10:09 - 2017-07-07 08:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-10 10:09 - 2017-07-07 08:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-10 10:09 - 2017-07-07 08:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-10 10:09 - 2017-07-07 08:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 08:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 08:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-10 10:09 - 2017-07-07 08:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-09-10 10:09 - 2017-07-01 07:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-09-10 10:09 - 2017-06-15 14:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-09-10 10:09 - 2017-06-12 16:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-09-10 10:09 - 2017-06-12 16:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-09-10 10:09 - 2017-06-12 16:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-09-10 10:09 - 2017-06-12 16:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-09-10 10:09 - 2017-06-12 16:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-09-10 10:09 - 2017-06-12 16:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-09-10 10:09 - 2017-06-12 16:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-09-10 10:09 - 2017-06-12 16:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-09-10 10:09 - 2017-06-12 16:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-09-10 10:09 - 2017-06-12 16:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-09-10 10:09 - 2017-06-12 16:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-09-10 10:09 - 2017-06-12 16:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-09-10 10:09 - 2017-06-12 16:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-09-10 10:09 - 2017-06-12 16:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-09-10 10:09 - 2017-06-10 09:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-10 10:09 - 2017-06-10 09:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-10 10:09 - 2017-06-09 09:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-09-10 10:09 - 2017-06-06 09:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-10 10:09 - 2017-06-06 09:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-10 10:09 - 2017-05-29 22:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-09-10 10:09 - 2017-05-29 22:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-09-10 10:09 - 2017-05-29 22:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-09-10 10:09 - 2017-05-20 22:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-09-10 10:09 - 2017-05-20 22:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-09-10 10:09 - 2017-05-16 09:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-09-10 10:09 - 2017-05-16 09:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-09-10 10:09 - 2017-05-16 09:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-06 08:07 - 2017-06-13 05:29 - 000016756 _____ C:\Windows\System32\Tasks\CD3WD Complete Protector
2017-10-06 08:00 - 2017-06-13 05:28 - 000016700 _____ C:\Windows\System32\Tasks\Crossibilip
2017-10-06 07:56 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-10-06 07:54 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-18 07:14 - 2009-07-13 22:45 - 000025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-18 07:14 - 2009-07-13 22:45 - 000025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-11 04:20 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2017-09-11 03:34 - 2009-07-13 23:13 - 000006214 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-11 03:05 - 2017-01-24 20:30 - 000000000 ____D C:\Windows\system32\MRT
2017-09-11 03:00 - 2017-01-24 20:29 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-10 11:17 - 2017-06-14 20:06 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2017-09-10 09:47 - 2016-08-11 12:33 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
 
==================== Files in the root of some directories =======
 
2017-06-13 05:30 - 2017-06-13 05:30 - 007307264 _____ () C:\Users\Owner\AppData\Local\agent.dat
2017-06-13 05:30 - 2017-06-13 05:31 - 000070800 _____ () C:\Users\Owner\AppData\Local\Config.xml
2017-06-13 05:29 - 2017-06-13 05:30 - 001896509 _____ () C:\Users\Owner\AppData\Local\Dongphase.tst
2017-06-13 05:22 - 2017-06-13 05:22 - 000140800 _____ () C:\Users\Owner\AppData\Local\installer.dat
2017-06-13 05:31 - 2017-06-13 05:31 - 000018432 _____ () C:\Users\Owner\AppData\Local\Main.dat
2017-06-13 05:31 - 2017-06-13 05:31 - 000005568 _____ () C:\Users\Owner\AppData\Local\md.xml
2017-06-13 05:31 - 2017-06-13 05:31 - 000126464 _____ () C:\Users\Owner\AppData\Local\noah.dat
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\Owner\AppData\Local\report
2017-06-13 05:22 - 2017-06-13 05:22 - 000930816 _____ () C:\Users\Owner\AppData\Local\test_db_cara.db
 
Files to move or delete:
====================
C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
C:\Windows\Temp\gB837.tmp.exe
 
 
Some files in TEMP:
====================
2016-10-19 09:11 - 2016-10-19 09:11 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Owner\AppData\Local\Temp\libeay32.dll
2016-10-19 09:11 - 2016-10-19 09:11 - 000970912 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
2016-10-19 09:11 - 2016-10-19 09:11 - 000772672 _____ () C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
 
LastRegBack: 2017-09-10 11:10
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 06 October 2017 - 02:55 PM

  • Highlight the entire content of the quote box below.

Start::  
S2 srcsrv; C:\Windows\src_srv\winsrcsrv.exe [X] <==== ATTENTION
S1 jhduokhm; \??\C:\Windows\system32\drivers\jhduokhm.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
HKLM-x32\...\Run: [svcvmx] => C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-11] () <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\Owner\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM\...\RunOnce: [OWNER-PC] => C:\Windows\Temp\gB837.tmp.exe [212992 2017-10-06] () <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
"drmkpro64" => service could not be unlocked. <==== ATTENTION
R2 Dataup; C:\Users\Owner\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 windowsmanagementservice; C:\Users\Owner\AppData\Local\enntulc\qfuhzo\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
S2 srcsrv; C:\Windows\src_srv\winsrcsrv.exe [X] <==== ATTENTION
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
C:\Windows\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Owner\AppData\Local\ntuserlitelist
HKLM-x32\...\Run: [svcvmx] => C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-11] () <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\Owner\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
R2 Dataup; C:\Users\Owner\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
C:\Windows\Temp\g6B30.tmp.exe
HKLM\...\RunOnce: [OWNER-PC] => C:\Windows\Temp\gB837.tmp.exe [212992 2017-10-06] () <==== ATTENTION
C:\Windows\Temp\gB837.tmp.exe
2016-10-19 09:11 - 2016-10-19 09:11 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Owner\AppData\Local\Temp\libeay32.dll
2016-10-19 09:11 - 2016-10-19 09:11 - 000970912 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
2016-10-19 09:11 - 2016-10-19 09:11 - 000772672 _____ () C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
() C:\Windows\Temp\g6B30.tmp.exe
HKLM\...\RunOnce: [OWNER-PC] => C:\Windows\Temp\gB837.tmp.exe [212992 2017-10-06] () <==== ATTENTION
C:\Windows\Temp\gB837.tmp.exe
2017-09-14 22:45 - 2017-09-14 22:45 - 000003536 ____N C:\bootsqm.dat
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 09 October 2017 - 06:36 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 homeband

homeband
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 14 October 2017 - 08:17 AM

Still here. Thought reply would come in email My bad. Thanks for the speedy response. Will work on it and let you know. Thanks again!
Kit

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 14 October 2017 - 01:33 PM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 homeband

homeband
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 14 October 2017 - 06:39 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2017
Ran by Owner (14-10-2017 17:30:44) Run:1
Running from E:\
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
S2 srcsrv; C:\Windows\src_srv\winsrcsrv.exe [X] <==== ATTENTION
S1 jhduokhm; \??\C:\Windows\system32\drivers\jhduokhm.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
HKLM-x32\...\Run: [svcvmx] => C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-11] () <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\Owner\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM\...\RunOnce: [OWNER-PC] => C:\Windows\Temp\gB837.tmp.exe [212992 2017-10-06] () <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
"drmkpro64" => service could not be unlocked. <==== ATTENTION
R2 Dataup; C:\Users\Owner\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 windowsmanagementservice; C:\Users\Owner\AppData\Local\enntulc\qfuhzo\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
S2 srcsrv; C:\Windows\src_srv\winsrcsrv.exe [X] <==== ATTENTION
R5 drmkpro64; <==== ATTENTION: Locked Service <==== ATTENTION
C:\Windows\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Owner\AppData\Local\ntuserlitelist
HKLM-x32\...\Run: [svcvmx] => C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-11] () <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\Owner\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
R2 Dataup; C:\Users\Owner\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
C:\Windows\Temp\g6B30.tmp.exe
HKLM\...\RunOnce: [OWNER-PC] => C:\Windows\Temp\gB837.tmp.exe [212992 2017-10-06] () <==== ATTENTION
C:\Windows\Temp\gB837.tmp.exe
2016-10-19 09:11 - 2016-10-19 09:11 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Owner\AppData\Local\Temp\libeay32.dll
2016-10-19 09:11 - 2016-10-19 09:11 - 000970912 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
2016-10-19 09:11 - 2016-10-19 09:11 - 000772672 _____ () C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
() C:\Windows\Temp\g6B30.tmp.exe
HKLM\...\RunOnce: [OWNER-PC] => C:\Windows\Temp\gB837.tmp.exe [212992 2017-10-06] () <==== ATTENTION
C:\Windows\Temp\gB837.tmp.exe
2017-09-14 22:45 - 2017-09-14 22:45 - 000003536 ____N C:\bootsqm.dat
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
srcsrv => service not found.
jhduokhm => service not found.
ZAM => service not found.
ZAM_Guard => service not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OWNER-PC => value not found.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key not found. 
"drmkpro64" => service could not be unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
Dataup => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
windowsmanagementservice => Unable to stop service.
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
srcsrv => service not found.
drmkpro64 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove. Access Denied.
"C:\Windows\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION" => not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
 
"C:\Users\Owner\AppData\Local\ntuserlitelist" folder move:
 
Could not move "C:\Users\Owner\AppData\Local\ntuserlitelist" => Scheduled to move on reboot.
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
C:\Users\Owner\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe => moved successfully
"C:\Windows\Temp\g6B30.tmp.exe" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OWNER-PC => value not found.
"C:\Windows\Temp\gB837.tmp.exe" => not found.
C:\Users\Owner\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Windows\Temp\g6B30.tmp.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OWNER-PC => value not found.
"C:\Windows\Temp\gB837.tmp.exe" => not found.
C:\bootsqm.dat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3069469998-163028437-2736415792-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
The system cannot execute the specified program.
The system cannot execute the specified program.
The system cannot execute the specified program.
The system cannot execute the specified program.
The system cannot execute the specified program.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {34FC5BB1-9665-4392-BDFA-2F038A29B40A}.
Unable to cancel {4D95339C-C94F-482A-AED9-51C2FE1AA69B}.
Unable to cancel {C57235A4-2060-4D1E-83EA-18D1547E1F43}.
Unable to cancel {6C541D1C-B588-4BE4-B1D6-33BA5B5414D8}.
Unable to cancel {2F28D879-9A24-4696-86ED-4E8D3DCE766B}.
Unable to cancel {F6B07522-ABD4-4F40-8155-8C5F0A524CE0}.
Unable to cancel {E182D210-71A5-4E20-8513-BC297EAB190A}.
Unable to cancel {4B030C29-CD86-4CAE-9A07-689E2F192E48}.
Unable to cancel {AC121C30-A7F4-4E91-AC89-96C264CDE6A8}.
{BA0FD5BA-3EA1-4BAA-8FBB-D78D38CABF71} canceled.
{119194E8-2DEE-4EC0-91AD-05EFF13F12E3} canceled.
{971C0D41-9594-4DAE-B8B0-F812F55C3EB6} canceled.
{C874F4BF-F6A2-4BED-B9D5-39A487887DD3} canceled.
{C730B813-2349-473E-A63C-8639BF43D05F} canceled.
{B35E0BB7-8EDF-4FA9-804B-8C8B4ECD4D4F} canceled.
{DDEE4013-815F-4A04-89C3-E90F792188BB} canceled.
{BCC4D77D-EF7E-487B-ABC0-8750011CF08C} canceled.
{6B6F4BC6-CAC8-4E9E-A223-58677BEBD917} canceled.
9 out of 18 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27961320 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 177322520 B
Edge => 0 B
Chrome => 74639321 B
Firefox => 21210208 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 2076109 B
systemprofile32 => 33186 B
LocalService => 0 B
NetworkService => 78786600 B
Owner => 1772967 B
 
RecycleBin => 27967802 B
EmptyTemp: => 400.7 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-10-2017 17:33:07)
 
C:\Users\Owner\AppData\Local\ntuserlitelist => moved successfully
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
 
==== End of Fixlog 17:33:14 ====


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 14 October 2017 - 07:47 PM

Must run Malwarebytes Anti-Rootkit to remove the rootkit.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 17 October 2017 - 05:30 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 20 October 2017 - 09:30 PM

This topic has been re-opened at the request of the person who originally posted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 20 October 2017 - 09:33 PM

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 06 November 2017 - 12:20 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users