Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant get vmxclient off my pc


  • This topic is locked This topic is locked
95 replies to this topic

#1 Seavote

Seavote

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 23 November 2017 - 12:02 PM

i've had lots of malware and virus' infect my PC and i've always been able to handle them. This one has me stumped. been trying for 3days now. went through the bleeping computers "get rid of vmxclient" process but vmx is still there.  Everytime i go on the internet 2 applications show up in task manager. one first reads vmxclient for a moment and then reads client. Other just reads client  any help is greatly appreciated. I've reached the end of my computer cleaning ability . dont know if it is relevent but a process scnzruk.exe*32 (i dont recognize on my pc) runs multiple instances as shown in task manager. i've run farbar recovery and attached the logs .Thank you for helping out .You guys(and/or Girls are awesome.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2017
Ran by DAD (administrator) on SAMANTHA-PC (23-11-2017 11:24:05)
Running from C:\Users\DAD\Downloads
Loaded Profiles: DAD (Available Profiles: Samantha & DAD & Guest & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\nvboehzsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\DAD\AppData\Local\rtsalex\rtsalex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\DAD\AppData\Local\igfxmtc\igfxmtc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
() C:\Users\DAD\AppData\Local\rtsalex\scnzruk.exe
() C:\Users\DAD\AppData\Local\rtsalex\scnzruk.exe
(Google) C:\Users\DAD\AppData\Local\Google\Chrome\User Data\SwReporter\23.130.201\software_reporter_tool.exe
(Google) C:\Users\DAD\AppData\Local\Google\Chrome\User Data\SwReporter\23.130.201\software_reporter_tool.exe
(Google) C:\Users\DAD\AppData\Local\Google\Chrome\User Data\SwReporter\23.130.201\software_reporter_tool.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-10-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3103468112-1094105050-4144447559-1013\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-09-18] (Apple Inc.)
HKU\S-1-5-21-3103468112-1094105050-4144447559-1013\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-09-18] (Apple Inc.)
HKU\S-1-5-21-3103468112-1094105050-4144447559-1013\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3103468112-1094105050-4144447559-1013\...\MountPoints2: {25878216-dcde-11e5-8509-00269e9f6b88} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2**
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-11-22]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * Partizan
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F221542F-C6C3-4B1C-AD88-C720636DFFCA}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F49521B2-0CB8-449B-A221-8F8AE85A7950}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM -> {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {69B38643-8C04-4B58-A328-1E9A27FDA35E} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> {69B38643-8C04-4B58-A328-1E9A27FDA35E} URL = 
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013 -> {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = 
SearchScopes: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013 -> {69B38643-8C04-4B58-A328-1E9A27FDA35E} URL = 
SearchScopes: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013 -> {74E885BB-BB56-4E0F-BE25-67EEFAF05439} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444552440000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Handler: WSKVAllmytubechrome - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-02] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-02] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default [2017-11-23]
CHR Extension: (Slides) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-23]
CHR Extension: (Docs) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-23]
CHR Extension: (Google Drive) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-23]
CHR Extension: (YouTube) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-23]
CHR Extension: (Tampermonkey) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-11-23]
CHR Extension: (Adobe Acrobat) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-23]
CHR Extension: (Sheets) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-23]
CHR Extension: (Gmail) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-23]
CHR Extension: (Chrome Media Router) - C:\Users\DAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-23]
CHR HKU\S-1-5-21-3103468112-1094105050-4144447559-1013\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
U4 Fdesvt; C:\Windows\SysWOW64\drivers\SynasUSB.sys [16896 2002-11-25] (Syncrosoft GmbH) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-11-20] (SurfRight B.V.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2009-10-14] (PC Tools)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\psia.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-07-22] ()
S3 iLokDrvr; C:\Windows\SysWOW64\DRIVERS\iLokDrvr.sys [27264 2005-01-12] (PACE Anti-Piracy, Inc.) [File not signed]
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-22] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S2 Nsynas32; C:\Windows\SysWow64\Drivers\Nsynas32.sys [17784 2001-04-09] (Syncrosoft Hard- und Software GmbH) [File not signed]
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-11-22] (Greatis Software)
S3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
S3 SynUSB64; C:\Windows\SysWOW64\DRIVERS\SynUSB64.sys [21888 2004-09-01] (Syncrosoft GmbH) [File not signed]
S0 Tpkd; C:\Windows\SysWow64\Drivers\Tpkd.sys [86528 2008-07-02] (PACE Anti-Piracy, Inc.) [File not signed]
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-11-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-20] (Zemana Ltd.)
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
U4 eabfiltr; no ImagePath
S1 MpKsl13c709da; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3AAD8BE-C6AB-4AF6-B43C-F960C3C19120}\MpKsl13c709da.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R3 udiskMgr; system32\drivers\ycfilp.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-23 11:24 - 2017-11-23 11:26 - 000018989 _____ C:\Users\DAD\Downloads\FRST.txt
2017-11-23 11:23 - 2017-11-23 11:24 - 000000000 ____D C:\FRST
2017-11-23 11:19 - 2017-11-23 11:20 - 002391552 _____ (Farbar) C:\Users\DAD\Downloads\FRST64.exe
2017-11-23 07:59 - 2017-11-23 07:59 - 000140112 ____N C:\Windows\system32\Drivers\uprxaehk.sys
2017-11-22 23:48 - 2017-11-22 23:48 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-11-22 15:00 - 2017-11-22 15:00 - 000000957 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-11-22 14:53 - 2017-11-22 14:55 - 000000000 ____D C:\Users\DAD\Downloads\Game of Thrones Season 4
2017-11-22 13:23 - 2017-11-22 13:23 - 000000000 ____D C:\@RestoreQuarantine
2017-11-22 11:47 - 2017-11-23 08:00 - 000000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-11-22 10:55 - 2017-11-22 12:11 - 000000000 ____D C:\ProgramData\RegRun
2017-11-22 10:52 - 2017-11-22 13:21 - 000000000 ____D C:\Users\DAD\Documents\RegRun2
2017-11-22 10:52 - 2017-11-22 13:14 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2017-11-22 10:52 - 2017-11-22 10:52 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2017-11-22 10:52 - 2017-11-22 10:52 - 000000971 _____ C:\Users\DAD\Desktop\UnHackMe.lnk
2017-11-22 10:52 - 2017-11-22 10:52 - 000000418 _____ C:\Windows\Tasks\UnHackMe Task Scheduler.job
2017-11-22 10:52 - 2017-11-22 10:52 - 000000002 RSHOT C:\Windows\winstart.bat
2017-11-22 10:52 - 2017-11-22 10:52 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-11-22 10:52 - 2017-11-22 10:52 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-11-22 10:52 - 2017-11-22 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-11-22 10:52 - 2017-11-22 10:52 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-11-22 10:52 - 2017-11-09 13:23 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-11-22 10:52 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2017-11-22 10:50 - 2017-11-22 10:51 - 000000000 ____D C:\Users\DAD\Downloads\unhack
2017-11-21 18:58 - 2017-11-21 18:58 - 000000000 ____D C:\Users\DAD\AppData\Local\Secunia PSI
2017-11-21 18:57 - 2017-11-21 18:57 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-11-21 16:52 - 2017-11-23 08:34 - 000000000 ____D C:\AdwCleaner
2017-11-20 19:09 - 2017-11-22 10:28 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-20 19:07 - 2017-11-23 07:58 - 000000000 ____D C:\Users\DAD\Desktop\mbar
2017-11-20 19:03 - 2017-11-20 19:03 - 000000000 ____D C:\Program Files (x86)\Secunia
2017-11-20 19:01 - 2017-11-20 19:02 - 005490752 _____ (Secunia) C:\Users\DAD\Desktop\PSISetup.exe
2017-11-20 17:12 - 2017-11-20 17:12 - 000000000 ____D C:\Users\Samantha\AppData\Local\Zemana
2017-11-20 16:34 - 2017-11-20 16:34 - 008261584 _____ (Malwarebytes) C:\Users\DAD\Desktop\AdwCleaner.exe
2017-11-20 14:59 - 2017-11-21 11:39 - 000003430 _____ C:\Users\DAD\Desktop\Rkill.txt
2017-11-20 14:55 - 2017-11-20 14:55 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\DAD\Downloads\rkill.exe
2017-11-20 14:28 - 2017-11-20 14:28 - 016563352 _____ (Malwarebytes Corp.) C:\Users\DAD\Desktop\mbar-1.09.3.1001.exe
2017-11-20 13:29 - 2017-11-20 13:29 - 000059992 _____ C:\Windows\system32\.crusader
2017-11-20 09:18 - 2017-11-22 23:49 - 000000000 ____D C:\Users\DAD\AppData\Local\igfxmtc
2017-11-20 08:43 - 2017-11-20 08:43 - 000000000 ____D C:\ProgramData\dbg
2017-11-20 08:33 - 2017-11-20 12:00 - 000001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-11-20 08:33 - 2017-11-20 08:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-11-20 08:33 - 2017-11-20 08:33 - 000000000 ____D C:\Program Files\HitmanPro
2017-11-20 08:31 - 2017-11-20 13:29 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-20 08:30 - 2017-11-20 08:30 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-20 08:30 - 2017-11-20 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-20 08:30 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-20 08:27 - 2017-11-23 09:00 - 000056537 _____ C:\Windows\ZAM.krnl.trace
2017-11-20 08:27 - 2017-11-23 09:00 - 000029589 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-11-20 08:27 - 2017-11-23 08:44 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-11-20 08:27 - 2017-11-20 08:27 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-11-20 08:27 - 2017-11-20 08:27 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-11-20 08:27 - 2017-11-20 08:27 - 000000000 ____D C:\Users\DAD\AppData\Local\Zemana
2017-11-20 08:27 - 2017-11-20 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-11-20 08:23 - 2017-11-20 08:24 - 011584088 _____ (SurfRight B.V.) C:\Users\DAD\Downloads\hitmanpro_x64.exe
2017-11-20 08:21 - 2017-11-20 08:22 - 078346672 _____ (Malwarebytes ) C:\Users\DAD\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-20 08:20 - 2017-11-20 08:20 - 006625600 _____ (Zemana Ltd. ) C:\Users\DAD\Downloads\Zemana.AntiMalware.Setup.exe
2017-11-19 23:33 - 2016-10-20 15:11 - 000452371 _____ C:\Windows\system32\Drivers\etc\hosts.20171119-233313.backup
2017-11-19 23:29 - 2017-11-19 23:29 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-11-19 23:29 - 2017-11-19 23:29 - 000001343 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-11-19 23:29 - 2017-11-19 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-11-19 23:29 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-11-19 18:37 - 2017-11-19 18:37 - 000001340 _____ C:\Users\DAD\Desktop\Lesson Plans for the week of Nov.20--23, 2017 (1).docx - Shortcut.lnk
2017-11-17 15:01 - 2017-11-17 15:01 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\DAD\Downloads\spybotsd-2.6.46.exe
2017-11-17 13:46 - 2017-11-17 13:47 - 000280864 _____ C:\Windows\Minidump\111717-50450-01.dmp
2017-11-17 13:46 - 2017-11-17 13:46 - 1323043403 _____ C:\Windows\MEMORY.DMP
2017-11-17 02:12 - 2017-11-22 14:40 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-16 18:55 - 2017-11-21 07:50 - 000000000 ____D C:\Users\DAD\AppData\Local\spkebzr
2017-11-16 18:48 - 2017-11-16 18:48 - 000000103 _____ C:\Windows\SysWOW64\del.bat
2017-11-16 17:28 - 2017-11-16 17:28 - 000001042 _____ C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-16 17:28 - 2017-11-16 17:28 - 000001042 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-16 17:28 - 2017-11-16 17:28 - 000001042 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-16 16:57 - 2017-11-23 11:17 - 000000000 ____D C:\Users\DAD\AppData\Local\rtsalex
2017-11-16 16:56 - 2017-11-23 08:00 - 002883072 _____ (TOSHIBA CORPORATION) C:\Windows\system32\nvboehzsvc.exe
2017-11-16 16:56 - 2017-11-16 17:28 - 000000000 ____D C:\Users\DAD\AppData\Local\dvulmb
2017-11-16 16:56 - 2017-11-16 16:56 - 000000000 ____D C:\Windows\SysWOW64\wmkpbzr
2017-11-16 16:56 - 2017-11-16 16:56 - 000000000 ____D C:\Windows\system32\wmkpbzr
2017-11-16 16:56 - 2017-11-16 16:56 - 000000000 ____D C:\Users\DAD\AppData\Roaming\et
2017-11-16 16:55 - 2017-11-16 16:55 - 000002043 _____ C:\Users\DAD\Desktop\Textify.lnk
2017-11-16 16:55 - 2017-11-16 16:55 - 000000000 ____D C:\Program Files (x86)\Textify Company
2017-11-16 16:22 - 2017-11-16 16:22 - 000837120 _____ C:\Users\DAD\Downloads\TurtleTechnique.ppt
2017-11-16 16:20 - 2017-11-16 16:20 - 001369088 _____ C:\Users\DAD\Downloads\TuckerTurtleTakesTime.ppt
2017-11-16 10:37 - 2017-11-16 10:37 - 000340005 _____ C:\Users\DAD\Desktop\VOUGHT-HOSTY RENTAL CONTRACTsigned.pdf
2017-11-16 10:31 - 2017-11-16 10:31 - 000279580 _____ C:\Users\DAD\Downloads\VOUGHT-HOSTY RENTAL CONTRACT.pdf
2017-11-16 05:58 - 2017-11-16 05:58 - 000039816 _____ C:\Windows\uninstaller.dat
2017-11-15 18:47 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 18:47 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 18:47 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 18:47 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 18:47 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 18:47 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 18:47 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 18:47 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 18:47 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 18:47 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 18:47 - 2017-10-16 17:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 18:47 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 18:47 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 18:47 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-15 18:47 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-15 18:47 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 18:47 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-15 18:47 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 18:47 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-15 18:47 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-15 18:47 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-15 18:47 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 18:47 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-15 18:47 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-15 18:47 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-15 18:47 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 18:47 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-15 18:47 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-15 18:47 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 18:47 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-15 18:47 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-15 18:47 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-15 18:47 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-15 18:47 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-15 18:47 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-15 18:47 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-15 18:47 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-15 18:47 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-15 18:47 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 18:47 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 18:47 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 18:47 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 18:47 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-15 18:47 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 18:47 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 18:47 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 18:47 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 18:47 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-15 18:47 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 18:47 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 18:47 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-15 18:47 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-15 18:47 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-15 18:47 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-15 18:47 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 18:47 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-15 18:47 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-15 18:47 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-15 18:47 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 18:47 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-15 18:47 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-15 18:47 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-15 18:47 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-15 18:47 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-15 18:47 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-15 18:47 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 18:47 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-15 18:47 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-15 18:47 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-15 18:47 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-15 18:47 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 18:47 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 18:47 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 18:47 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 18:47 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-15 18:47 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 18:47 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 18:47 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 18:47 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 18:47 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 18:47 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 18:47 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 18:47 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-15 18:47 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 18:47 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 18:47 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 18:47 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-15 18:47 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-15 18:47 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-15 18:47 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-15 18:47 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-15 18:47 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-15 18:47 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-15 18:47 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-15 18:47 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-15 18:47 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-15 18:47 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 18:47 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-11 15:42 - 2017-11-11 15:42 - 000037236 _____ C:\Users\DAD\Desktop\teleheadstock.pdf
2017-11-10 00:59 - 2017-11-10 01:05 - 000000000 ____D C:\Users\DAD\Desktop\me
2017-11-09 15:21 - 2017-11-15 18:52 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-09 14:57 - 2017-09-13 10:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-11-09 14:57 - 2017-09-13 10:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-11-09 14:57 - 2017-09-13 10:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-11-09 14:57 - 2017-09-13 10:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-11-09 14:57 - 2017-09-13 10:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-11-09 14:57 - 2017-09-13 10:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-11-09 14:57 - 2017-09-13 10:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-11-09 14:57 - 2017-09-13 10:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-11-09 14:57 - 2017-09-13 10:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-11-09 14:57 - 2017-09-13 10:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 10:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-11-09 14:57 - 2017-09-13 10:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-11-09 14:57 - 2017-09-13 10:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-11-09 14:57 - 2017-09-13 10:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-11-09 14:57 - 2017-09-13 10:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-11-09 14:57 - 2017-09-13 09:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-11-09 14:57 - 2017-09-13 09:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-11-09 14:57 - 2017-09-13 09:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-11-09 14:57 - 2017-09-13 09:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-11-09 14:57 - 2017-09-13 09:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-11-09 14:57 - 2017-09-13 09:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-11-09 14:57 - 2017-09-13 09:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-11-09 14:57 - 2017-09-13 09:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-11-09 14:57 - 2017-09-13 09:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-11-09 14:57 - 2017-09-13 09:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-11-09 14:57 - 2017-09-13 09:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-11-09 14:57 - 2017-09-13 09:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-11-09 14:57 - 2017-09-13 09:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 09:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 09:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 09:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-11-09 14:57 - 2017-09-13 09:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-11-09 14:57 - 2017-09-08 10:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-11-09 14:57 - 2017-09-08 10:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-11-09 14:57 - 2017-09-08 09:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-11-09 14:57 - 2017-09-08 09:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-11-09 14:57 - 2017-09-07 10:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-11-09 14:57 - 2017-09-07 10:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-11-09 14:57 - 2017-09-07 09:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-11-09 14:57 - 2017-09-07 09:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-11-09 14:57 - 2017-09-07 09:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-11-09 14:57 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-09 14:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-09 14:57 - 2017-08-19 10:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-11-09 14:57 - 2017-08-19 10:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-11-09 14:57 - 2017-08-19 10:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-11-09 14:57 - 2017-08-19 10:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-11-09 14:57 - 2017-08-19 10:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-11-09 14:57 - 2017-08-19 10:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-11-09 14:57 - 2017-08-19 10:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-11-09 14:57 - 2017-08-19 10:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-11-09 14:57 - 2017-08-19 10:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-11-09 14:57 - 2017-08-19 10:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-11-09 14:57 - 2017-08-19 09:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-11-09 14:57 - 2017-08-19 09:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-11-09 14:57 - 2017-08-16 10:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-11-09 14:57 - 2017-08-16 10:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-11-09 14:57 - 2017-08-15 10:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-11-09 14:57 - 2017-08-15 10:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-11-09 14:57 - 2017-08-15 10:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-11-09 14:57 - 2017-08-15 10:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-11-09 14:57 - 2017-08-14 12:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-11-09 14:57 - 2017-08-14 12:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-11-09 14:57 - 2017-08-13 16:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-11-09 14:57 - 2017-08-13 16:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-11-09 14:57 - 2017-08-13 16:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-11-09 14:57 - 2017-08-11 01:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-11-09 14:57 - 2017-08-11 01:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-11-09 14:57 - 2017-08-11 01:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-11-09 14:57 - 2017-08-11 01:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-11-09 14:57 - 2017-08-11 01:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-11-09 14:57 - 2017-08-11 01:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-11-09 14:57 - 2017-08-11 01:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-11-09 14:57 - 2017-08-11 01:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-11-09 14:57 - 2017-08-11 01:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-11-09 14:57 - 2017-08-11 01:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-11-09 14:57 - 2017-08-11 01:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-11-09 14:57 - 2017-08-11 01:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-11-09 14:57 - 2017-08-11 01:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-11-09 14:57 - 2017-08-11 01:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-11-09 14:57 - 2017-08-11 01:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-11-09 14:57 - 2017-08-11 01:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-11-09 14:57 - 2017-08-11 01:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-11-09 14:57 - 2017-08-11 01:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-11-09 14:57 - 2017-08-11 01:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-11-09 14:57 - 2017-08-11 01:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-11-09 14:57 - 2017-08-11 01:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-11-09 14:57 - 2017-08-11 01:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-11-09 14:57 - 2017-08-11 01:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-11-09 14:57 - 2017-08-11 01:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-11-09 14:57 - 2017-08-11 01:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-11-09 14:57 - 2017-08-11 01:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-11-09 14:57 - 2017-08-11 01:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-11-09 14:57 - 2017-08-11 00:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-11-09 14:57 - 2017-07-07 10:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-11-09 14:57 - 2017-07-07 10:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-11-09 14:29 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-09 14:29 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-09 14:29 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-09 14:29 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-09 14:29 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-09 14:29 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-09 14:29 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-09 14:29 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-09 14:29 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-09 14:29 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-09 10:18 - 2017-11-09 10:18 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-08 11:09 - 2017-11-08 11:09 - 003957221 _____ C:\Users\DAD\Desktop\spb-8c_manual.pdf
2017-10-30 20:07 - 2017-10-30 20:07 - 000000218 _____ C:\Users\DAD\AppData\Local\recently-used.xbel
2017-10-30 20:04 - 2017-10-30 20:05 - 000000000 ____D C:\Users\DAD\nnnnn
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-23 11:24 - 2009-07-13 21:34 - 021495808 _____ C:\Windows\system32\config\HARDWARE
2017-11-23 09:08 - 2015-10-04 14:36 - 000000000 ____D C:\Users\DAD\AppData\Roaming\BitTorrent
2017-11-23 08:19 - 2009-07-13 23:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-23 08:19 - 2009-07-13 23:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-23 08:16 - 2013-01-25 12:33 - 000000000 ____D C:\Program Files (x86)\Wise PC Engineer
2017-11-23 08:05 - 2015-10-22 16:21 - 000000000 ___RD C:\Users\DAD\iCloudDrive
2017-11-23 08:01 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-23 07:59 - 2010-02-24 15:43 - 005296218 _____ C:\Windows\ntbtlog.txt
2017-11-22 23:45 - 2010-04-02 19:11 - 000000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-11-22 13:23 - 2010-11-19 19:07 - 000000000 ____D C:\extensions
2017-11-21 18:54 - 2016-12-19 16:52 - 000002185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-21 18:54 - 2016-12-19 16:52 - 000002173 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-21 13:39 - 2014-12-06 23:22 - 000000000 ____D C:\Windows\Minidump
2017-11-21 13:38 - 2016-04-21 21:18 - 000326375 ____N C:\Windows\Minidump\112117-48063-01.dmp
2017-11-21 11:48 - 2015-09-23 20:17 - 000000000 ____D C:\Users\DAD
2017-11-21 09:23 - 2010-02-27 22:07 - 000000000 ____D C:\Windows\pss
2017-11-20 17:13 - 2015-08-27 17:08 - 000000000 ____D C:\Users\Samantha\Desktop\MSOffice2007Settings
2017-11-20 15:32 - 2009-12-25 00:37 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-20 11:46 - 2016-12-19 16:51 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-20 11:46 - 2016-12-19 16:51 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-20 10:37 - 2015-09-23 20:18 - 000000282 _____ C:\Users\DAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2017-11-20 08:30 - 2011-01-23 11:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-19 23:33 - 2009-07-13 21:34 - 000452300 ____R C:\Windows\system32\Drivers\etc\hosts.old
2017-11-19 23:29 - 2016-04-22 13:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-19 23:29 - 2010-10-05 21:36 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-19 23:27 - 2009-07-14 00:13 - 000876154 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-19 23:27 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-11-19 23:26 - 2015-09-24 07:28 - 000000000 ____D C:\Users\DAD\Desktop\DOWNLOAD
2017-11-19 00:49 - 2013-06-27 20:24 - 000000769 _____ C:\Windows\wininit.ini
2017-11-18 23:46 - 2017-09-04 18:53 - 000000000 ____D C:\Users\Public\Documents\Keepvid
2017-11-17 01:59 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-11-16 17:28 - 2016-02-17 23:04 - 000001042 _____ C:\Users\DAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-16 17:28 - 2013-04-30 07:15 - 000001042 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-16 16:38 - 2014-05-28 21:43 - 000000000 ____D C:\Users\DAD\Desktop\BOOGIE BUSINESS
2017-11-15 20:19 - 2009-07-13 23:45 - 005057112 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 19:39 - 2013-08-15 20:03 - 000000000 ____D C:\Windows\system32\MRT
2017-11-15 18:52 - 2009-12-25 12:00 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-14 23:48 - 2014-12-25 23:07 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 23:46 - 2015-11-10 12:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-09 23:00 - 2011-01-26 10:06 - 000868768 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-09 15:38 - 2014-12-13 00:45 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-08 18:03 - 2015-10-04 15:59 - 000000000 ____D C:\Users\DAD\AppData\Roaming\vlc
2017-11-08 13:32 - 2010-09-28 17:57 - 000000000 ____D C:\Temp
2017-11-05 13:55 - 2017-09-03 08:47 - 000000000 ____D C:\Users\Samantha\Desktop\Sam PreK
2017-10-30 14:40 - 2011-05-09 16:25 - 000000000 ____D C:\Users\DAD\Documents\CUBASE
2017-10-30 10:48 - 2017-06-06 13:02 - 000000000 ____D C:\Users\DAD\Desktop\New
2017-10-27 13:22 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\Downloaded Program Files
 
==================== Files in the root of some directories =======
 
2014-06-15 07:50 - 2014-06-15 07:50 - 000111688 _____ (Duckware) C:\Users\Chris\x.exe
2015-10-05 18:25 - 2016-04-19 15:11 - 000000231 _____ () C:\Users\DAD\AppData\Roaming\default.rss
2015-09-24 07:21 - 2017-10-20 15:39 - 000003570 _____ () C:\Users\DAD\AppData\Roaming\wklnhst.dat
2017-10-30 20:07 - 2017-10-30 20:07 - 000000218 _____ () C:\Users\DAD\AppData\Local\recently-used.xbel
2017-02-02 19:47 - 2017-02-02 19:47 - 000000017 _____ () C:\Users\DAD\AppData\Local\resmon.resmoncfg
ZeroAccess:
C:\Users\Chris\AppData\Local\Google\Desktop\Install
 
Some files in TEMP:
====================
2015-09-20 13:36 - 2015-09-22 05:02 - 000585824 _____ (Oracle Corporation) C:\Users\Chris\AppData\Local\Temp\jre-8u60-windows-au.exe
2013-08-17 13:30 - 2008-03-12 18:38 - 000026176 ____R () C:\Users\Samantha\AppData\Local\Temp\VP6Install.exe
2013-08-17 13:30 - 2008-03-12 18:38 - 000445504 ____R (On2.com) C:\Users\Samantha\AppData\Local\Temp\VP6VFW.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\uprxaehk.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2017-01-13 00:30
 
==================== End of FRST.txt ============================

Attached Files


Edited by Seavote, 23 November 2017 - 12:09 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:31 AM

Posted 23 November 2017 - 04:08 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 

Chances are you have been infected with the Smart Service Rootkit. Lets give it a try.

  • Highlight the entire content of the quote box below.

Start::
HKLM-x32\...\Run: [iTunesHelper] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S1 MpKsl13c709da; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3AAD8BE-C6AB-4AF6-B43C-F960C3C19120}\MpKsl13c709da.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R3 udiskMgr; system32\drivers\ycfilp.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
FirewallRules: [{D5EAF6F9-2C09-4D9D-8E0B-24E4D0887E8C}] => (Allow) LPort=50000
FirewallRules: [{DEA7928F-BCA9-4D6C-82DD-2DD2B3D9F4A8}] => (Allow) LPort=50001
FirewallRules: [{432558C3-9189-40B9-ADC5-344A905767DA}] => (Allow) LPort=2869
FirewallRules: [{9437DFCB-E93C-4AEB-8F96-B9AEF1C571DD}] => (Allow) LPort=1900
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
C:\Windows\system32\drivers\uprxaehk.sys
C:\Users\DAD\AppData\Local\Temp\cpuz134
Task: {013FDA0A-65A1-43B0-BB69-2DFDA10A6B2D} - \{F156546F-0961-4B8B-A383-4B7B863B5C69} -> No File <==== ATTENTION
Task: {03EB2DBB-C736-4501-B25B-DB53F5874833} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {043F6CBD-03D3-4C4D-A1E8-5809D524C692} - \{782744F7-5F77-498C-876B-EFBDE2E8A4EE} -> No File <==== ATTENTION
Task: {10CF2193-C046-4569-92FA-0F95884FDE2D} - \{F306DCAD-75AB-4F90-9DD3-91929B00020E} -> No File <==== ATTENTION
Task: {1B814BB5-C144-4CC9-9EF1-92AD34856745} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {25FD2FE3-9FD3-457C-BAE4-53A3E65D9E6C} - \{26E99803-AE75-40A7-B5BF-5C883056D5A5} -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4442E8B7-7384-46D2-B23F-649763EFD57E} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {4546B80D-9852-4B7E-9C4C-2202779E79BF} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {49D5913C-C195-4568-9EAE-C93780CD90BD} - \{48A527A6-3461-4301-9ABC-742D49D9F437} -> No File <==== ATTENTION
Task: {4A4E4E2B-5C97-46AE-B351-81D902413AAE} - \{60C25DA8-55A7-4930-A9E5-B8385C6E8E93} -> No File <==== ATTENTION
Task: {6943A3D5-464B-4D81-A153-30EA70E981CA} - \{7CED0BF4-02AC-422A-AB9D-26F90481CC4C} -> No File <==== ATTENTION
Task: {6F32C578-DA86-4124-9557-8165564D311B} - \{E380625C-7FAA-40C8-914D-F5C1A844080F} -> No File <==== ATTENTION
Task: {6F689841-D968-4F8D-913A-4C73EE18047C} - \RealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {79DB0741-4884-4632-9723-05AA799FEA5B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {7ECE3E1A-8316-4964-ABFE-323AA7F822F1} - \{E94889B8-9A68-4221-835A-D803985B3740} -> No File <==== ATTENTION
Task: {8B7C74EF-5F9A-4224-AA55-8A4638AF7C92} - \{867CC5D5-1B3B-4301-BE12-E9CD7A3692FF} -> No File <==== ATTENTION
Task: {AB132D2C-A13D-41E6-9788-F4D867DCCE8F} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B3F30CC9-CC64-431A-90CF-80B46A482D30} - \{D1385CDA-ABF1-4C7B-B48C-8BEE53ABD877} -> No File <==== ATTENTION
Task: {B6AE0D4E-01C1-4D8C-BEF8-29AF2727181D} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {C2683C38-7040-4715-B190-9EE9CEDDCC84} - \RealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {CBB0FE66-8508-40DF-A094-652896060C38} - \{22B1D3BA-1047-4E52-95CA-B16929BA099A} -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D60BEC7E-3E7D-41D4-9F05-825297184CFD} - \{4FDF6127-ADB9-4B05-BFE5-D98B69DF6386} -> No File <==== ATTENTION
Task: {EC55187F-BBC6-46C6-961A-B8927A937440} - \{F0DD4DA7-67F7-47C5-AA26-6B01973E3834} -> No File <==== ATTENTION
Task: {F095540B-3DE8-4497-9CC0-E8F89B3D3690} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {F524DB98-7E26-42A1-8532-E046020121FE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FBBEB0A9-72AC-4908-82A3-B91E75D60455} - \{DE414A4E-D0DA-4E3F-B1DF-D525E21D61D7} -> No File <==== ATTENTION
BHO: JavaT Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
Task: {013FDA0A-65A1-43B0-BB69-2DFDA10A6B2D} - \{F156546F-0961-4B8B-A383-4B7B863B5C69} -> No File <==== ATTENTION
Task: {03EB2DBB-C736-4501-B25B-DB53F5874833} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {043F6CBD-03D3-4C4D-A1E8-5809D524C692} - \{782744F7-5F77-498C-876B-EFBDE2E8A4EE} -> No File <==== ATTENTION
Task: {10CF2193-C046-4569-92FA-0F95884FDE2D} - \{F306DCAD-75AB-4F90-9DD3-91929B00020E} -> No File <==== ATTENTION
Task: {1B814BB5-C144-4CC9-9EF1-92AD34856745} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {25FD2FE3-9FD3-457C-BAE4-53A3E65D9E6C} - \{26E99803-AE75-40A7-B5BF-5C883056D5A5} -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4442E8B7-7384-46D2-B23F-649763EFD57E} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {4546B80D-9852-4B7E-9C4C-2202779E79BF} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {49D5913C-C195-4568-9EAE-C93780CD90BD} - \{48A527A6-3461-4301-9ABC-742D49D9F437} -> No File <==== ATTENTION
Task: {4A4E4E2B-5C97-46AE-B351-81D902413AAE} - \{60C25DA8-55A7-4930-A9E5-B8385C6E8E93} -> No File <==== ATTENTION
Task: {6943A3D5-464B-4D81-A153-30EA70E981CA} - \{7CED0BF4-02AC-422A-AB9D-26F90481CC4C} -> No File <==== ATTENTION
Task: {6F32C578-DA86-4124-9557-8165564D311B} - \{E380625C-7FAA-40C8-914D-F5C1A844080F} -> No File <==== ATTENTION
Task: {6F689841-D968-4F8D-913A-4C73EE18047C} - \RealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {79DB0741-4884-4632-9723-05AA799FEA5B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {7ECE3E1A-8316-4964-ABFE-323AA7F822F1} - \{E94889B8-9A68-4221-835A-D803985B3740} -> No File <==== ATTENTION
Task: {8B7C74EF-5F9A-4224-AA55-8A4638AF7C92} - \{867CC5D5-1B3B-4301-BE12-E9CD7A3692FF} -> No File <==== ATTENTION
Task: {AB132D2C-A13D-41E6-9788-F4D867DCCE8F} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B3F30CC9-CC64-431A-90CF-80B46A482D30} - \{D1385CDA-ABF1-4C7B-B48C-8BEE53ABD877} -> No File <==== ATTENTION
Task: {B6AE0D4E-01C1-4D8C-BEF8-29AF2727181D} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {C2683C38-7040-4715-B190-9EE9CEDDCC84} - \RealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {CBB0FE66-8508-40DF-A094-652896060C38} - \{22B1D3BA-1047-4E52-95CA-B16929BA099A} -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D60BEC7E-3E7D-41D4-9F05-825297184CFD} - \{4FDF6127-ADB9-4B05-BFE5-D98B69DF6386} -> No File <==== ATTENTION
Task: {EC55187F-BBC6-46C6-961A-B8927A937440} - \{F0DD4DA7-67F7-47C5-AA26-6B01973E3834} -> No File <==== ATTENTION
Task: {F095540B-3DE8-4497-9CC0-E8F89B3D3690} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {F524DB98-7E26-42A1-8532-E046020121FE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FBBEB0A9-72AC-4908-82A3-B91E75D60455} - \{DE414A4E-D0DA-4E3F-B1DF-D525E21D61D7} -> No File <==== ATTENTION
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
2017-11-08 13:32 - 2010-09-28 17:57 - 000000000 ____D C:\Temp
2015-09-20 13:36 - 2015-09-22 05:02 - 000585824 _____ (Oracle Corporation) C:\Users\Chris\AppData\Local\Temp\jre-8u60-windows-au.exe
2013-08-17 13:30 - 2008-03-12 18:38 - 000026176 ____R () C:\Users\Samantha\AppData\Local\Temp\VP6Install.exe
2013-08-17 13:30 - 2008-03-12 18:38 - 000445504 ____R (On2.com) C:\Users\Samantha\AppData\Local\Temp\VP6VFW.dll
Task: {F7894CC4-9F1D-406B-9DF0-0644E806BF49} - System32\Tasks\{DC5AACDB-D783-48DF-9D49-C7F54D74C2B6} => C:\Windows\system32\pcalua.exe -a "C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ065DL6\JavaSetup8u60.exe" -d C:\Users\Chris\Desktop
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [302]
AlternateDataStreams: C:\Users\Chris\AppData\Local\Temp:P5S0FeIs24BwpE5phJI [2210]
AlternateDataStreams: C:\Users\Chris\AppData\Local\Temporary Internet Files:cviyIUAIx9slB8wJC4q [2438]
AlternateDataStreams: C:\Users\Chris\AppData\Local\Temporary Internet Files:kMRNIZGIbmQMCfks7Nx [2402]
AlternateDataStreams: C:\Users\Chris\AppData\Local\Temporary Internet Files:rJhwFBBgKEVRLtW7gScplhg [2144]
AlternateDataStreams: C:\Users\DAD\AppData\Local\Temporary Internet Files:ih5BRqZCC7EZzXIBsjjdeUEnW41up [2524]
AlternateDataStreams: C:\Users\Samantha\AppData\Local\Temporary Internet Files:cviyIUAIx9slB8wJC4q [2332]
MSCONFIG\startupreg: EPSON Stylus CX7000F Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBKA.EXE /FU "C:\Windows\TEMP\E_S2E65.tmp" /EF "HKCU"
Task: {0CAD3523-2B7E-45E5-8101-758BEF1E3822} - no filepath
Task: {79241E7B-F32C-41B7-9534-E7486534A14F} - no filepath
2017-11-23 07:59 - 2017-11-23 07:59 - 000140112 ____N C:\Windows\system32\Drivers\uprxaehk.sys
C:\Windows\System32\nvboehzsvc.exe
Folder: C\Windows\System32\Drivers
EMPTYTEMP:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


Edited by JSntgRvr, 23 November 2017 - 04:09 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Seavote

Seavote
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 23 November 2017 - 09:32 PM

JSntgRvr 

            copied highlighted.opened FRST as administrator. hit fix button.here is the resulting log. dont think your gonna like it:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2017
Ran by DAD (23-11-2017 21:15:13) Run:2
Running from C:\Users\DAD\Downloads
Loaded Profiles: DAD (Available Profiles: Samantha & DAD & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
*****************
 
 
==== End of Fixlog 21:15:14 ====


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:31 AM

Posted 24 November 2017 - 12:43 PM

We will need to run the fix in the Recovery Environment.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Seavote

Seavote
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 24 November 2017 - 09:08 PM

hello again. followed instructions and get the following message when i press enter to open frst64.

 

X:\windows\system32>g:frst64

The subsystem needed to support the image type not present

 

???



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:31 AM

Posted 24 November 2017 - 11:00 PM

Please try again. This time use the back slash. G:\frst64.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Seavote

Seavote
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 07:51 PM

hi im pretty sure i did when i tried instructions. just didnt copy over correctly what was on the screen to my post. anyway i tried again a few times oddly i got different messages on different attemps. i included to phot0s of the screen so you can see if i entered the info into command promt correctly,as well as see the 2 messages i recieved.

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:31 AM

Posted 25 November 2017 - 08:04 PM

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan. If you cannot launch it, rename the file to anything and retry.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds]Upon completion of the scan or after the reboot, two files named  mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop.
Please attach both files in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Seavote

Seavote
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 25 November 2017 - 10:30 PM

Downloaded mbar from link.was able to run without changing file name. no malware was found. i restarted and copy and pasted logs found in MBar folder

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.11.25.05
  rootkit: v2017.10.14.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18837
DAD :: SAMANTHA-PC [administrator]
 
11/25/2017 8:13:31 PM
mbar-log-2017-11-25 (20-13-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 498154
Time elapsed: 1 hour(s), 53 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
AND THE OTHER FILE CREATED BY THE SCAN
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4193177600, free: 1268719616
 
Downloaded database version: v2017.11.20.10
Downloaded database version: v2017.10.14.01
Downloaded database version: v2017.09.01.01
Initializing...
======================
------------ Kernel report ------------
     11/20/2017 19:09:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\uprvzcfi.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\xbehko.sys
\SystemRoot\system32\drivers\ycfilp.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED935E5D-2C30-4D33-A9B3-CA5122F5AC45}\MpKslca2e8c03.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\psi_mf_amd64.sys
\Windows\System32\ntdll.dll
\Windows\System32\drivers\zamguard64.sys
\Windows\System32\drivers\zam64.sys
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\drivers\igdkmd64.sys
----------- End -----------
Done!
Module: \??\C:\Windows\system32\drivers\uprvzcfi.sys could not be loaded
Scan started
Database versions:
  main:    v2017.11.20.10
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80064ea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80064eaab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80064ea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005fb81a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005fca680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\uprvzcfi.sys (0x00000005)
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\uprvzcfi.sys
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E7E8E0A0
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 599224320
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 599633920  Numsec = 25505792
    Partition is bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.83" is compressed (flags = 1)
Infected: C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{c9e709ff-f391-860c-25d7-5ea7dc9c281b} --> [Trojan.0Access]
Infected: C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\L --> [Trojan.0Access]
Infected: C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}\U --> [Trojan.0Access]
Infected: C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-599633920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4193177600, free: 2412118016
 
No address found
Downloaded database version: v2017.11.21.05
Downloaded database version: v2017.10.14.01
Downloaded database version: v2017.09.01.01
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4193177600, free: 2699411456
 
Downloaded database version: v2017.11.21.06
Downloaded database version: v2017.10.14.01
Downloaded database version: v2017.09.01.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
     11/21/2017 09:36:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\uprbfilo.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\jmqtwz.sys
\SystemRoot\system32\drivers\knquxa.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED935E5D-2C30-4D33-A9B3-CA5122F5AC45}\MpKsl7972308b.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\drivers\zamguard64.sys
\Windows\System32\drivers\zam64.sys
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\drivers\igdkmd64.sys
----------- End -----------
Done!
Module: \??\C:\Windows\system32\drivers\uprbfilo.sys could not be loaded
Scan started
Database versions:
  main:    v2017.11.21.06
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80064e3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80064e3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80064e3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005f5dc40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005fbb680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\uprbfilo.sys (0x00000005)
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\uprbfilo.sys
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E7E8E0A0
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 599224320
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 599633920  Numsec = 25505792
    Partition is bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-57598AED6C92D3AB2D92ADC29726CE02BA4724C0.bin.83" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-599633920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4193177600, free: 1825288192
 
Downloaded database version: v2017.11.22.01
Downloaded database version: v2017.10.14.01
Downloaded database version: v2017.09.01.01
Initializing...
======================
------------ Kernel report ------------
     11/21/2017 23:32:43
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\uprfilos.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\txadhk.sys
\SystemRoot\system32\drivers\xadhkn.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3AAD8BE-C6AB-4AF6-B43C-F960C3C19120}\MpKsl13c709da.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\Windows\System32\ntdll.dll
\Windows\System32\drivers\zamguard64.sys
\Windows\System32\drivers\zam64.sys
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\drivers\igdkmd64.sys
\Windows\System32\autochk.exe
----------- End -----------
Done!
Module: \??\C:\Windows\system32\drivers\uprfilos.sys could not be loaded
Scan started
Database versions:
  main:    v2017.11.22.01
  rootkit: v2017.10.14.01
 
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\uprfilos.sys (0x00000005)
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\uprfilos.sys
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E7E8E0A0
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 599224320
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 599633920  Numsec = 25505792
    Partition is bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-4C08035A353DA6A7DBC57A72024BEE419A89FE89.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-4C08035A353DA6A7DBC57A72024BEE419A89FE89.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-4C08035A353DA6A7DBC57A72024BEE419A89FE89.bin.83" is compressed (flags = 1)
Scan finished
File "C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-4C08035A353DA6A7DBC57A72024BEE419A89FE89.BIN.7C" is compressed (flags = 1)
File "C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-4C08035A353DA6A7DBC57A72024BEE419A89FE89.BIN.83" is compressed (flags = 1)
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-599633920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4193177600, free: 3127123968
 
=======================================
------------ Kernel report ------------
     11/22/2017 10:04:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\uprzcgjm.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
Module: \??\C:\Windows\system32\drivers\uprzcgjm.sys could not be loaded
Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80064b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80064b7a60, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80064b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80062e23d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80062f4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\uprzcgjm.sys (0x00000005)
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\uprzcgjm.sys
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E7E8E0A0
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 599224320
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 599633920  Numsec = 25505792
    Partition is bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Scan Interrupted
Scan was aborted.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-599633920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4193177600, free: 3082555392
 
Downloaded database version: v2017.11.23.05
Canceled update
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4193177600, free: 2623623168
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18837
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4193177600, free: 1322627072
 
Downloaded database version: v2017.11.25.05
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/25/2017 20:12:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\uprilosv.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\knruxb.sys
\SystemRoot\system32\drivers\uybeil.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9444E15B-07D8-4C91-9862-0EEB2D0F190B}\MpKslab187278.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\3211F579.sys
\Windows\System32\ntdll.dll
\Windows\System32\drivers\zamguard64.sys
\Windows\System32\drivers\zam64.sys
\Windows\System32\drivers\igdkmd64.sys
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
Module: \??\C:\Windows\system32\drivers\uprilosv.sys could not be loaded
Scan started
Database versions:
  main:    v2017.11.25.05
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80064f5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80064f6040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80064f5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005fde090, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005fd4680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\uprilosv.sys (0x00000005)
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\uprilosv.sys
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E7E8E0A0
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 599224320
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 599633920  Numsec = 25505792
    Partition is bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-9FEC313A1FF164C5494FA44A2F7AD64705827204.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-9FEC313A1FF164C5494FA44A2F7AD64705827204.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-9FEC313A1FF164C5494FA44A2F7AD64705827204.bin.83" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-599633920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:31 AM

Posted 26 November 2017 - 12:00 AM

There is an infection of Trojan.0access. Will review it tomorrow.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:31 AM

Posted 26 November 2017 - 12:08 PM


Zero Access was detected. Lets give this another try.
  • Highlight the entire content of the quote box below.

Start::
C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}
HKLM-x32\...\Run: [iTunesHelper] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S1 MpKsl13c709da; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3AAD8BE-C6AB-4AF6-B43C-F960C3C19120}\MpKsl13c709da.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R3 udiskMgr; system32\drivers\ycfilp.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
FirewallRules: [{D5EAF6F9-2C09-4D9D-8E0B-24E4D0887E8C}] => (Allow) LPort=50000
FirewallRules: [{DEA7928F-BCA9-4D6C-82DD-2DD2B3D9F4A8}] => (Allow) LPort=50001
FirewallRules: [{432558C3-9189-40B9-ADC5-344A905767DA}] => (Allow) LPort=2869
FirewallRules: [{9437DFCB-E93C-4AEB-8F96-B9AEF1C571DD}] => (Allow) LPort=1900
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
C:\Windows\system32\drivers\uprxaehk.sys
C:\Users\DAD\AppData\Local\Temp\cpuz134
Task: {013FDA0A-65A1-43B0-BB69-2DFDA10A6B2D} - \{F156546F-0961-4B8B-A383-4B7B863B5C69} -> No File <==== ATTENTION
Task: {03EB2DBB-C736-4501-B25B-DB53F5874833} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {043F6CBD-03D3-4C4D-A1E8-5809D524C692} - \{782744F7-5F77-498C-876B-EFBDE2E8A4EE} -> No File <==== ATTENTION
Task: {10CF2193-C046-4569-92FA-0F95884FDE2D} - \{F306DCAD-75AB-4F90-9DD3-91929B00020E} -> No File <==== ATTENTION
Task: {1B814BB5-C144-4CC9-9EF1-92AD34856745} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {25FD2FE3-9FD3-457C-BAE4-53A3E65D9E6C} - \{26E99803-AE75-40A7-B5BF-5C883056D5A5} -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4442E8B7-7384-46D2-B23F-649763EFD57E} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {4546B80D-9852-4B7E-9C4C-2202779E79BF} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {49D5913C-C195-4568-9EAE-C93780CD90BD} - \{48A527A6-3461-4301-9ABC-742D49D9F437} -> No File <==== ATTENTION
Task: {4A4E4E2B-5C97-46AE-B351-81D902413AAE} - \{60C25DA8-55A7-4930-A9E5-B8385C6E8E93} -> No File <==== ATTENTION
Task: {6943A3D5-464B-4D81-A153-30EA70E981CA} - \{7CED0BF4-02AC-422A-AB9D-26F90481CC4C} -> No File <==== ATTENTION
Task: {6F32C578-DA86-4124-9557-8165564D311B} - \{E380625C-7FAA-40C8-914D-F5C1A844080F} -> No File <==== ATTENTION
Task: {6F689841-D968-4F8D-913A-4C73EE18047C} - \RealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {79DB0741-4884-4632-9723-05AA799FEA5B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {7ECE3E1A-8316-4964-ABFE-323AA7F822F1} - \{E94889B8-9A68-4221-835A-D803985B3740} -> No File <==== ATTENTION
Task: {8B7C74EF-5F9A-4224-AA55-8A4638AF7C92} - \{867CC5D5-1B3B-4301-BE12-E9CD7A3692FF} -> No File <==== ATTENTION
Task: {AB132D2C-A13D-41E6-9788-F4D867DCCE8F} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B3F30CC9-CC64-431A-90CF-80B46A482D30} - \{D1385CDA-ABF1-4C7B-B48C-8BEE53ABD877} -> No File <==== ATTENTION
Task: {B6AE0D4E-01C1-4D8C-BEF8-29AF2727181D} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {C2683C38-7040-4715-B190-9EE9CEDDCC84} - \RealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {CBB0FE66-8508-40DF-A094-652896060C38} - \{22B1D3BA-1047-4E52-95CA-B16929BA099A} -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D60BEC7E-3E7D-41D4-9F05-825297184CFD} - \{4FDF6127-ADB9-4B05-BFE5-D98B69DF6386} -> No File <==== ATTENTION
Task: {EC55187F-BBC6-46C6-961A-B8927A937440} - \{F0DD4DA7-67F7-47C5-AA26-6B01973E3834} -> No File <==== ATTENTION
Task: {F095540B-3DE8-4497-9CC0-E8F89B3D3690} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {F524DB98-7E26-42A1-8532-E046020121FE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FBBEB0A9-72AC-4908-82A3-B91E75D60455} - \{DE414A4E-D0DA-4E3F-B1DF-D525E21D61D7} -> No File <==== ATTENTION
BHO: JavaT Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => -> No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
Task: {013FDA0A-65A1-43B0-BB69-2DFDA10A6B2D} - \{F156546F-0961-4B8B-A383-4B7B863B5C69} -> No File <==== ATTENTION
Task: {03EB2DBB-C736-4501-B25B-DB53F5874833} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {043F6CBD-03D3-4C4D-A1E8-5809D524C692} - \{782744F7-5F77-498C-876B-EFBDE2E8A4EE} -> No File <==== ATTENTION
Task: {10CF2193-C046-4569-92FA-0F95884FDE2D} - \{F306DCAD-75AB-4F90-9DD3-91929B00020E} -> No File <==== ATTENTION
Task: {1B814BB5-C144-4CC9-9EF1-92AD34856745} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {25FD2FE3-9FD3-457C-BAE4-53A3E65D9E6C} - \{26E99803-AE75-40A7-B5BF-5C883056D5A5} -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4442E8B7-7384-46D2-B23F-649763EFD57E} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {4546B80D-9852-4B7E-9C4C-2202779E79BF} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {49D5913C-C195-4568-9EAE-C93780CD90BD} - \{48A527A6-3461-4301-9ABC-742D49D9F437} -> No File <==== ATTENTION
Task: {4A4E4E2B-5C97-46AE-B351-81D902413AAE} - \{60C25DA8-55A7-4930-A9E5-B8385C6E8E93} -> No File <==== ATTENTION
Task: {6943A3D5-464B-4D81-A153-30EA70E981CA} - \{7CED0BF4-02AC-422A-AB9D-26F90481CC4C} -> No File <==== ATTENTION
Task: {6F32C578-DA86-4124-9557-8165564D311B} - \{E380625C-7FAA-40C8-914D-F5C1A844080F} -> No File <==== ATTENTION
Task: {6F689841-D968-4F8D-913A-4C73EE18047C} - \RealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {79DB0741-4884-4632-9723-05AA799FEA5B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {7ECE3E1A-8316-4964-ABFE-323AA7F822F1} - \{E94889B8-9A68-4221-835A-D803985B3740} -> No File <==== ATTENTION
Task: {8B7C74EF-5F9A-4224-AA55-8A4638AF7C92} - \{867CC5D5-1B3B-4301-BE12-E9CD7A3692FF} -> No File <==== ATTENTION
Task: {AB132D2C-A13D-41E6-9788-F4D867DCCE8F} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B3F30CC9-CC64-431A-90CF-80B46A482D30} - \{D1385CDA-ABF1-4C7B-B48C-8BEE53ABD877} -> No File <==== ATTENTION
Task: {B6AE0D4E-01C1-4D8C-BEF8-29AF2727181D} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1001 -> No File <==== ATTENTION
Task: {C2683C38-7040-4715-B190-9EE9CEDDCC84} - \RealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {CBB0FE66-8508-40DF-A094-652896060C38} - \{22B1D3BA-1047-4E52-95CA-B16929BA099A} -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D60BEC7E-3E7D-41D4-9F05-825297184CFD} - \{4FDF6127-ADB9-4B05-BFE5-D98B69DF6386} -> No File <==== ATTENTION
Task: {EC55187F-BBC6-46C6-961A-B8927A937440} - \{F0DD4DA7-67F7-47C5-AA26-6B01973E3834} -> No File <==== ATTENTION
Task: {F095540B-3DE8-4497-9CC0-E8F89B3D3690} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3103468112-1094105050-4144447559-1003 -> No File <==== ATTENTION
Task: {F524DB98-7E26-42A1-8532-E046020121FE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FBBEB0A9-72AC-4908-82A3-B91E75D60455} - \{DE414A4E-D0DA-4E3F-B1DF-D525E21D61D7} -> No File <==== ATTENTION
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
2017-11-08 13:32 - 2010-09-28 17:57 - 000000000 ____D C:\Temp
2015-09-20 13:36 - 2015-09-22 05:02 - 000585824 _____ (Oracle Corporation) C:\Users\Chris\AppData\Local\Temp\jre-8u60-windows-au.exe
2013-08-17 13:30 - 2008-03-12 18:38 - 000026176 ____R () C:\Users\Samantha\AppData\Local\Temp\VP6Install.exe
2013-08-17 13:30 - 2008-03-12 18:38 - 000445504 ____R (On2.com) C:\Users\Samantha\AppData\Local\Temp\VP6VFW.dll
Task: {F7894CC4-9F1D-406B-9DF0-0644E806BF49} - System32\Tasks\{DC5AACDB-D783-48DF-9D49-C7F54D74C2B6} => C:\Windows\system32\pcalua.exe -a "C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ065DL6\JavaSetup8u60.exe" -d C:\Users\Chris\Desktop
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [302]
AlternateDataStreams: C:\Users\Chris\AppData\Local\Temp:P5S0FeIs24BwpE5phJI [2210]
AlternateDataStreams: C:\Users\Chris\AppData\Local\Temporary Internet Files:cviyIUAIx9slB8wJC4q [2438]
AlternateDataStreams: C:\Users\Chris\AppData\Local\Temporary Internet Files:kMRNIZGIbmQMCfks7Nx [2402]
AlternateDataStreams: C:\Users\Chris\AppData\Local\Temporary Internet Files:rJhwFBBgKEVRLtW7gScplhg [2144]
AlternateDataStreams: C:\Users\DAD\AppData\Local\Temporary Internet Files:ih5BRqZCC7EZzXIBsjjdeUEnW41up [2524]
AlternateDataStreams: C:\Users\Samantha\AppData\Local\Temporary Internet Files:cviyIUAIx9slB8wJC4q [2332]
MSCONFIG\startupreg: EPSON Stylus CX7000F Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBKA.EXE /FU "C:\Windows\TEMP\E_S2E65.tmp" /EF "HKCU"
Task: {0CAD3523-2B7E-45E5-8101-758BEF1E3822} - no filepath
Task: {79241E7B-F32C-41B7-9534-E7486534A14F} - no filepath
2017-11-23 07:59 - 2017-11-23 07:59 - 000140112 ____N C:\Windows\system32\Drivers\uprxaehk.sys
C:\Windows\System32\nvboehzsvc.exe
Folder: C\Windows\System32\Drivers
EMPTYTEMP:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Seavote

Seavote
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 26 November 2017 - 02:57 PM

ran FRST64. here is the log.  hope its good news.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-11-2017
Ran by DAD (26-11-2017 14:05:34) Run:4
Running from C:\Users\DAD\Desktop\fic pc stuff
Loaded Profiles: DAD (Available Profiles: Samantha & DAD & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
*****************
 
 
==== End of Fixlog 14:05:35 ====


#13 Seavote

Seavote
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 26 November 2017 - 03:30 PM

opps .  didnt follow all instructions.   hitman pro was loading and running un seen on my PC. it found some suspicious files. i deleted all the ones listed as temp then remembered i was not supposed to do anything like that. looked for a way to stop hitman from running when i start windows but didnt see obvious way so i deleted hitman pro from my PC. then realized i su

houldnt have done that either. hope this doesnt screw the process up. but thought i should tell you. sorry. wont happen again



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:31 AM

Posted 26 November 2017 - 04:14 PM

I have reduced the number of orphaned items:
  • Highlight the entire content of the quote box below.

Start::
C:\Users\Chris\AppData\Local\Google\Desktop\Install\{c9e709ff-f391-860c-25d7-5ea7dc9c281b}
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S1 MpKsl13c709da; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3AAD8BE-C6AB-4AF6-B43C-F960C3C19120}\MpKsl13c709da.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R3 udiskMgr; system32\drivers\ycfilp.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
FirewallRules: [{D5EAF6F9-2C09-4D9D-8E0B-24E4D0887E8C}] => (Allow) LPort=50000
FirewallRules: [{DEA7928F-BCA9-4D6C-82DD-2DD2B3D9F4A8}] => (Allow) LPort=50001
FirewallRules: [{432558C3-9189-40B9-ADC5-344A905767DA}] => (Allow) LPort=2869
FirewallRules: [{9437DFCB-E93C-4AEB-8F96-B9AEF1C571DD}] => (Allow) LPort=1900
S3 cpuz134; \??\C:\Users\DAD\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
C:\Windows\system32\drivers\uprxaehk.sys
C:\Users\DAD\AppData\Local\Temp\cpuz134
BHO: JavaT Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3103468112-1094105050-4144447559-1013_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncApi64.dll => No File
ContextMenuHandlers1-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-3103468112-1094105050-4144447559-1013: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\DAD\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll -> No File
2015-09-20 13:36 - 2015-09-22 05:02 - 000585824 _____ (Oracle Corporation) C:\Users\Chris\AppData\Local\Temp\jre-8u60-windows-au.exe
2013-08-17 13:30 - 2008-03-12 18:38 - 000026176 ____R () C:\Users\Samantha\AppData\Local\Temp\VP6Install.exe
2013-08-17 13:30 - 2008-03-12 18:38 - 000445504 ____R (On2.com) C:\Users\Samantha\AppData\Local\Temp\VP6VFW.dll
2017-11-23 07:59 - 2017-11-23 07:59 - 000140112 ____N C:\Windows\system32\Drivers\uprxaehk.sys
C:\Windows\System32\nvboehzsvc.exe
Folder: C\Windows\System32\Drivers
EMPTYTEMP:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Seavote

Seavote
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 26 November 2017 - 04:39 PM

heres the new log that was generated

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-11-2017
Ran by DAD (26-11-2017 16:34:58) Run:5
Running from C:\Users\DAD\Desktop\fic pc stuff
Loaded Profiles: DAD (Available Profiles: Samantha & DAD & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         
*****************
 
 
 
 = = = =   E n d   o f   F i x l o g   1 6 : 3 4 : 5 8   = = = = 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users