Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Applications seem not to be connected to the Internet


  • This topic is locked This topic is locked
15 replies to this topic

#1 Haredasri

Haredasri

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 18 February 2018 - 03:38 PM

Hi! I've been dealing this issue since 15th February 2018, where I noticed that my connection to the Internet via Edge browser could not execute well, but other installed browsers; Chrome and Internet Explorer could browse smoothly (up until 16th February which happened whenever I left my computer idle, the browsers would produced different problem relating to DNS. Thankfully I could fully browse the internet after each restarts)[/size]

This issue happened when I noticed I downloaded a virus file, which installed Mail.ru. I believe this is virus so I intended to uninstall the downloaded program and clean my registry via CCleaner. I thought I have cleaned it, but chrome still got traced of it staying in my computer. So I decided to install Kaspersky Total Security running the trial version to track down those viruses. It did tracked and deleted those files, but the problem remains unsolved. I, then, installed Malwarebytes, still to no avail. Then I install ADWcleaner and found some more traces. Tried to clean it, but the problem remains. I then downloaded RogueKiller, which by far, tracked most of those hidden malware, but the result is still the same. No positive result. Moving on, I installed Zemana Anit Malware, but the result is constant. I'm confused up until I saw my Windows Defender threat history. Apparently, it constantly updated me with a virus called Skeeyah.A!rfn, Tiggre!rfn, and DetraHere.B!rfn. It cleans the viruses, but the malware keeps on staying. I believe it has integrated itself into the windows process and would keep producing if deleted whenever I am connected to the internet.[/size]

As of 18th February, I tried to install Rkill > Malwarebytes scan > ADWCleaner > Hitman Pro. Restarted and problem remains.[/size]

I have also produced two support tickets at Microsoft.com and Tomshardware (attached links)[/size]
 
https://answers.microsoft.com/en-us/edge/forum/edge_other-edge_win10/edge-and-all-other-microsoft-apps-couldnt-connect/d429ebf3-482b-4eba-b7cc-6581d37bbf05[/size]
 
http://www.tomshardware.com/forum/id-3644632/microsoft-applications-connect-internet.html[/size]
 
*When I have a looked at the FRST.txt, I was shocked beacause I didn't use TOSHIBA (I use Lenovo) and I never installed Firefox Browser.[/size]
I hope this information helps. Thanks in advance![/size]
 
---[/size]

Pasted the FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by Lenovo (administrator) on DESKTOP-VHN7DKA (18-02-2018 15:22:13)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic (Available Profiles: Lenovo & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\vssbgprsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Privax Limited) C:\Program Files (x86)\HMA! Pro VPN\VpnSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hi-Rez Studios) D:\SteamLibrary\steamapps\common\smite\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Users\Lenovo\AppData\Local\sndhkal\sndhkal.exe
() C:\Users\Lenovo\AppData\Local\iadhkbv\vsmopdk.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Lenovo\AppData\Local\sndhkal\wemxzld.exe
() C:\Users\Lenovo\AppData\Local\sndhkal\wemxzld.exe
() C:\Users\Lenovo\AppData\Local\sndhkal\wemxzld.exe
() C:\Users\Lenovo\AppData\Local\sndhkal\wemxzld.exe
() C:\Users\Lenovo\AppData\Local\sndhkal\wemxzld.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [S6000Mnt] => C:\WINDOWS\WebCam\S6000\S6000Mnt.exe [516608 2017-07-11] (Alcor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [354160 2010-08-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-392848940-2216501111-4133791728-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4019312 2017-06-28] (Tonec Inc.)
HKU\S-1-5-21-392848940-2216501111-4133791728-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-392848940-2216501111-4133791728-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-16] (Valve Corporation)
HKU\S-1-5-21-392848940-2216501111-4133791728-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-08] (Piriform Ltd)
HKU\S-1-5-21-392848940-2216501111-4133791728-1001\...\Policies\Explorer: []
HKU\S-1-5-21-392848940-2216501111-4133791728-1001\...\MountPoints2: {2800a757-ff58-11e7-9bf2-28d24492784c} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-82-271721585-897601226-2024613209-625570482-296978595\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA! Pro VPN.lnk [2018-02-12]
ShortcutTarget: HMA! Pro VPN.lnk -> C:\Program Files (x86)\HMA! Pro VPN\Vpn.exe (Privax Limited)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{356ed6f3-3a6c-44db-9aed-d86cd8f3117f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3ab99922-4e71-4fae-b267-fb7d48d63693}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9ac281e0-f256-4023-ab79-8dbec12edda3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a2177ed0-9947-4f5e-943a-458a53c5816c}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{a80fd359-f517-472e-ae6a-1363a12c047c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b8640f68-6b65-4da3-94de-f83f7fdc79ab}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-392848940-2216501111-4133791728-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-392848940-2216501111-4133791728-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-392848940-2216501111-4133791728-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-06-23] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-05-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-06-23] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-08-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-15] (Oracle Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-02-15] ()
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-15] (Oracle Corporation)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-02-15] ()
DPF: HKLM-x32 {1FAF427B-1EE5-43D3-A023-3009142AFCDA} hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csoex_mbs.cab
DPF: HKLM-x32 {B9B2EE1A-E314-4338-A305-BE845EACB124} hxxps://ost.maybank2u.com.my/MBBWecos/Cab/cswbt_bts2.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)

Edge:
======
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.4.0_neutral__f8jsg5mm64m62 [2018-02-07]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-01-13] [Legacy]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-02-15]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-392848940-2216501111-4133791728-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Lenovo\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Lenovo\AppData\Roaming\IDM\idmmzcc5 [2017-07-11] [Legacy] [not signed]
FF HKU\S-1-5-21-392848940-2216501111-4133791728-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office16\NPSPWRAP.DLL [2015-08-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office16\NPSPWRAP.DLL [2015-08-01] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2018-02-18]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-11]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-11]
CHR Extension: (Foxit PDF Creator) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2018-01-30]
CHR Extension: (uBlock Origin) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-13]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-12]
CHR Extension: (Violentmonkey) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2018-02-13]
CHR Extension: (Kaspersky Protection) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-02-15]
CHR Extension: (IDM Integration Module) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-16]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-15]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-01-13]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-28]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-01-13]
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\nzxgui <==== ATTENTION (Rootkit!)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-25] (AO Kaspersky Lab)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-07-07] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-10-06] (EasyAntiCheat Ltd)
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2017-02-24] (Foxit Software Inc.)
U2 HiPatchService; D:\SteamLibrary\steamapps\common\smite\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2018-02-18] (SurfRight B.V.)
R2 HmaProVpn; C:\Program Files (x86)\HMA! Pro VPN\VpnSvc.exe [5266016 2017-12-12] (Privax Limited)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356904 2017-12-24] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-02-15] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-25] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [281568 2018-02-16] (Realtek Semiconductor Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-24] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [282200 2017-12-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-27] (AO Kaspersky Lab)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-18] ()
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2017-12-05] (The OpenVPN Project)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-09-09] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [117984 2017-12-25] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2018-02-15] (AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [594144 2018-02-15] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [190832 2018-02-17] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055424 2018-02-15] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-10-13] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
R3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-21] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [230280 2018-02-15] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-02-15] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [253192 2018-02-15] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107680 2018-02-15] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173664 2018-02-15] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93920 2016-12-21] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [135904 2017-12-25] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-16] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-16] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-17] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-16] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_706cb08068861f25\nvlddmkm.sys [17493824 2018-02-16] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024848 2018-02-16] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [757216 2018-02-16] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-12-24] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7895400 2017-12-24] (Realtek Semiconductor Corporation )
R3 S6000KNT; C:\WINDOWS\System32\Drivers\S6000KNT.sys [732672 2017-07-11] (Alcor Micro, Corp.)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2017-07-12] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-02-17] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-02-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-16] (Zemana Ltd.)
S3 cpuz140; \??\C:\Users\Lenovo\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 dgjmqt; system32\drivers\jmqtwz.sys [X]
R3 hknrux; system32\drivers\nquxad.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-18 15:02 - 2018-02-18 15:02 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-02-18 15:02 - 2018-02-18 15:02 - 000000226 _____ C:\WINDOWS\system32\bootdelete.lst
2018-02-18 14:40 - 2018-02-18 14:40 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-02-18 14:34 - 2018-02-18 14:34 - 000142672 ____N C:\WINDOWS\system32\Drivers\rtegjnqt.sys
2018-02-18 14:33 - 2018-02-18 15:03 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-18 14:33 - 2018-02-18 14:33 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-02-18 14:33 - 2018-02-18 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-02-18 14:33 - 2018-02-18 14:33 - 000000000 ____D C:\Program Files\HitmanPro
2018-02-18 00:25 - 2018-02-18 00:31 - 011605440 _____ (SurfRight B.V.) C:\Users\Lenovo\Downloads\hitmanpro_x64.exe
2018-02-17 23:50 - 2018-02-17 23:50 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Lenovo\Downloads\iExplore.exe
2018-02-17 23:49 - 2018-02-17 23:49 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Lenovo\Downloads\rkill.com
2018-02-17 23:43 - 2018-02-17 23:43 - 000983168 _____ C:\Users\Lenovo\Downloads\rkill64-3592.exe
2018-02-17 23:42 - 2018-02-18 00:16 - 000002140 _____ C:\Users\Lenovo\Desktop\Rkill.txt
2018-02-17 23:42 - 2018-02-17 23:42 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Lenovo\Downloads\rkill.exe
2018-02-17 23:42 - 2018-02-17 23:42 - 000983168 _____ C:\Users\Lenovo\Downloads\rkill64.exe
2018-02-17 23:34 - 2018-02-17 23:35 - 000000000 ____D C:\Users\Lenovo\AppData\Local\iadhkbv
2018-02-17 23:31 - 2018-02-17 23:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-17 22:21 - 2018-02-17 22:21 - 000000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2018-02-17 21:28 - 2018-02-18 15:06 - 000045403 _____ C:\Users\Lenovo\Downloads\Addition.txt
2018-02-17 21:27 - 2018-02-18 15:22 - 000030219 _____ C:\Users\Lenovo\Downloads\FRST.txt
2018-02-17 21:27 - 2018-02-18 15:22 - 000000000 ____D C:\FRST
2018-02-17 21:27 - 2018-02-18 15:06 - 000063903 _____ C:\Users\Lenovo\Desktop\FRST.txt
2018-02-17 21:26 - 2018-02-17 21:26 - 002403840 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2018-02-17 20:02 - 2018-02-17 20:02 - 000000000 ____D C:\ProgramData\dbg
2018-02-17 06:31 - 2018-02-17 20:06 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-17 03:09 - 2018-02-18 00:49 - 000000000 ____D C:\AdwCleaner
2018-02-17 03:08 - 2018-02-17 03:08 - 008222496 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\adwcleaner_7.0.8.0.exe
2018-02-17 03:07 - 2018-02-17 03:07 - 000000528 _____ C:\DelFix.txt
2018-02-17 02:38 - 2018-02-17 20:07 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-02-16 23:50 - 2018-02-16 23:50 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-16 23:50 - 2018-02-16 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-02-16 23:50 - 2018-02-16 23:50 - 000000000 ____D C:\Program Files\RogueKiller
2018-02-16 23:47 - 2018-02-16 23:49 - 036393136 _____ (Adlice Software ) C:\Users\Lenovo\Downloads\setup.exe
2018-02-16 23:32 - 2018-02-18 15:22 - 000125136 _____ C:\WINDOWS\ZAM.krnl.trace
2018-02-16 23:32 - 2018-02-18 15:22 - 000090188 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-02-16 23:32 - 2018-02-16 23:33 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-02-16 23:32 - 2018-02-16 23:32 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-02-16 23:32 - 2018-02-16 23:32 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-02-16 23:32 - 2018-02-16 23:32 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-16 23:32 - 2018-02-16 23:32 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Zemana
2018-02-16 23:32 - 2018-02-16 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-16 17:49 - 2018-02-16 17:49 - 000281568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtkBtManServ.exe
2018-02-16 17:49 - 2018-02-16 17:49 - 000074188 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192ee_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000064412 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000054440 _____ C:\WINDOWS\rtl8723d_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000051432 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8812ae_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000051168 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8814ae_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000051060 _____ C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000051004 _____ C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new_s1.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000047408 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192eu_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000047080 _____ C:\WINDOWS\rtl8822b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000042068 _____ C:\WINDOWS\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000038120 _____ C:\WINDOWS\rtl8821a_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000037100 _____ C:\WINDOWS\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000002720 _____ C:\WINDOWS\PidVid_List.dll
2018-02-16 17:49 - 2018-02-16 17:49 - 000000000 ____D C:\ProgramData\Realtek
2018-02-16 17:45 - 2018-02-16 17:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-02-16 17:33 - 2018-02-16 17:33 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7173163F.sys
2018-02-16 17:32 - 2018-02-16 23:52 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-16 17:29 - 2018-02-16 17:31 - 014161479 _____ C:\Users\Lenovo\Downloads\mbar-1.10.3.1001-nr.exe
2018-02-16 17:24 - 2018-02-16 17:26 - 013444552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-02-16 17:22 - 2018-02-16 17:24 - 011026080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-02-16 17:21 - 2018-02-16 17:22 - 019796336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-02-16 17:19 - 2018-02-16 17:21 - 016449872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-02-16 16:37 - 2018-02-17 20:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-02-16 16:35 - 2018-02-17 20:03 - 000000000 ____D C:\WINDOWS\pss
2018-02-16 16:29 - 2018-02-16 16:29 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-02-16 16:21 - 2018-02-16 16:21 - 001134768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-02-16 16:21 - 2018-02-16 16:21 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-02-16 16:20 - 2018-02-16 16:21 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-02-16 16:20 - 2018-02-16 16:20 - 001673616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439077.dll
2018-02-16 16:19 - 2018-02-16 16:20 - 001976120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439077.dll
2018-02-16 16:09 - 2018-02-16 16:09 - 004308976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-02-16 16:08 - 2018-02-16 16:09 - 003709424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-02-16 16:07 - 2018-02-16 16:08 - 012843496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-02-16 16:06 - 2018-02-16 16:07 - 010900248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-02-16 16:00 - 2018-02-16 16:06 - 040269808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-02-16 15:54 - 2018-02-16 16:00 - 035180016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-02-16 15:53 - 2018-02-16 15:54 - 003894304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-02-16 15:53 - 2018-02-16 15:53 - 000795928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-02-16 15:53 - 2018-02-16 15:53 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-02-16 15:52 - 2018-02-16 15:53 - 001325384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-02-16 15:52 - 2018-02-16 15:52 - 001043128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-02-16 15:51 - 2018-02-16 15:52 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-02-16 15:51 - 2018-02-16 15:51 - 001126888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-02-16 15:51 - 2018-02-16 15:51 - 001054704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-02-16 15:51 - 2018-02-16 15:51 - 000988464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-02-16 15:51 - 2018-02-16 15:51 - 000939832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-02-16 15:51 - 2018-02-16 15:51 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-02-16 15:06 - 2018-02-16 15:06 - 000000000 ____D C:\Users\Lenovo\Documents\FeedbackHub
2018-02-16 13:38 - 2018-02-16 13:48 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-02-16 13:38 - 2018-02-16 13:38 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-16 13:38 - 2018-02-16 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-16 13:37 - 2018-02-16 17:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-16 13:37 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-16 07:31 - 2018-02-16 07:31 - 000183220 _____ C:\Users\Lenovo\Downloads\Appsdiagnostic10.diagcab
2018-02-16 07:24 - 2018-02-16 07:25 - 547859904 _____ C:\Users\Lenovo\Desktop\BackupFri02162018 724.reg
2018-02-16 06:05 - 2018-02-16 06:05 - 000000000 ____D C:\WINDOWS\SoftwareDistribution.bak
2018-02-15 23:29 - 2018-02-15 23:29 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-02-15 23:29 - 2018-02-15 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-02-15 23:28 - 2018-02-15 23:28 - 000000000 ____D C:\Program Files (x86)\Java
2018-02-15 23:09 - 2018-02-15 23:09 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-02-15 23:09 - 2018-02-15 23:09 - 000000000 ____D C:\Users\DefaultAppPool
2018-02-15 21:48 - 2018-02-15 21:48 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-15 21:05 - 2018-02-15 21:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-392848940-2216501111-4133791728-1001
2018-02-15 17:40 - 2018-02-15 17:40 - 000000020 ___SH C:\Users\.NET v4.5\ntuser.ini
2018-02-15 17:40 - 2018-02-15 17:40 - 000000020 ___SH C:\Users\.NET v4.5 Classic\ntuser.ini
2018-02-15 17:40 - 2018-02-15 17:40 - 000000000 ____D C:\Users\.NET v4.5 Classic
2018-02-15 17:40 - 2018-02-15 17:40 - 000000000 ____D C:\Users\.NET v4.5
2018-02-15 17:39 - 2018-02-15 17:39 - 001382196 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-02-15 17:38 - 2018-02-15 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2018-02-15 17:38 - 2018-02-15 17:38 - 000000000 ____D C:\WINDOWS\system32\msmq
2018-02-15 17:38 - 2018-02-15 17:38 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-02-15 17:38 - 2018-02-15 17:38 - 000000000 ____D C:\inetpub
2018-02-15 16:47 - 2018-02-15 17:15 - 719972812 _____ C:\Users\Lenovo\Downloads\windows10.0-kb4074588-x64_baac70613d5503dcd3e652ac24b7f432f3579eef.msu
2018-02-15 13:32 - 2018-02-15 13:32 - 000253192 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-02-15 13:27 - 2018-02-15 13:27 - 000230280 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-02-15 13:27 - 2018-02-15 13:27 - 000107680 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-02-15 13:26 - 2018-02-15 13:26 - 000173664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-02-15 13:26 - 2018-02-15 13:26 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-02-15 13:26 - 2018-02-15 13:26 - 000001309 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-02-15 13:26 - 2018-02-15 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-02-15 13:25 - 2018-02-18 14:52 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-02-15 13:25 - 2018-02-16 07:53 - 000000000 ____D C:\Program Files\Common Files\AV
2018-02-15 13:25 - 2018-02-15 13:26 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-02-15 13:25 - 2018-02-15 13:25 - 000002208 _____ C:\Users\Public\Desktop\Safe Money.lnk
2018-02-15 13:25 - 2018-02-15 13:25 - 000002184 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2018-02-15 13:25 - 2018-02-15 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2018-02-15 13:25 - 2013-05-06 20:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2018-02-15 13:24 - 2018-02-15 13:24 - 001055424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-02-15 13:24 - 2018-02-15 13:24 - 000594144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2018-02-15 13:24 - 2018-02-15 13:24 - 000207576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2018-02-15 13:24 - 2018-02-15 13:24 - 000149304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2018-02-15 13:10 - 2018-02-15 13:11 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-02-15 10:08 - 2016-06-17 19:15 - 000000000 ____D C:\Users\Lenovo\Downloads\OnePlus 3 USB drivers - Technobuzznet
2018-02-15 10:04 - 2018-02-15 10:08 - 000000000 ____D C:\Program Files (x86)\OnePlus USB Drivers
2018-02-15 10:04 - 2018-02-15 10:08 - 000000000 ____D C:\Android
2018-02-15 09:49 - 2018-02-15 09:49 - 000000000 ____D C:\Users\Lenovo\AppData\Local\__SHARED
2018-02-15 01:04 - 2018-02-14 23:56 - 000807464 _____ C:\Users\Lenovo\Desktop\EasyAntiCheat.sys
2018-02-14 23:55 - 2010-02-04 22:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-02-14 23:55 - 2010-02-04 22:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-02-14 23:55 - 2007-04-05 06:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2018-02-14 23:55 - 2007-04-05 06:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2018-02-14 22:57 - 2018-02-14 22:58 - 000000000 ____D C:\Users\Lenovo\Downloads\TalismanMakerV192
2018-02-14 22:55 - 2018-02-14 22:56 - 003187715 _____ C:\Users\Lenovo\Downloads\TalismanMakerV192.exe
2018-02-14 16:32 - 2018-02-14 16:32 - 001247250 _____ C:\Users\Lenovo\Downloads\RATIB-HADAD-SARKUB.pdf
2018-02-14 00:18 - 2018-02-14 00:18 - 000064591 _____ C:\Users\Lenovo\Downloads\WhatsApp Image 2018-02-11 at 11.47.57 PM.jpeg
2018-02-13 23:38 - 2018-02-16 06:05 - 000000276 _____ C:\WINDOWS\WindowsUpdate.log.bak
2018-02-13 23:22 - 2018-02-16 00:31 - 000000000 ____D C:\Users\Lenovo\AppData\Local\vdnpuiz
2018-02-13 23:15 - 2018-02-13 23:15 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-02-13 23:15 - 2018-02-13 23:15 - 000000000 ____D C:\Program Files\MSBuild
2018-02-13 23:15 - 2018-02-13 23:15 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-02-13 23:15 - 2018-02-13 23:15 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-02-13 23:13 - 2017-09-29 03:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-02-13 23:13 - 2017-09-29 03:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-02-13 23:13 - 2017-09-29 03:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-02-13 23:13 - 2017-09-23 06:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-02-13 23:13 - 2017-09-23 06:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-02-13 23:13 - 2017-09-23 06:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-02-13 23:04 - 2018-02-13 23:04 - 000002872 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-02-13 23:04 - 2018-02-13 23:04 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-13 23:04 - 2018-02-13 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-13 23:04 - 2018-02-13 23:04 - 000000000 ____D C:\Program Files\CCleaner
2018-02-13 22:59 - 2018-02-18 15:21 - 000000000 ____D C:\Users\Lenovo\AppData\Local\sndhkal
2018-02-13 22:58 - 2018-02-13 22:58 - 000000258 __RSH C:\Users\Lenovo\ntuser.pol
2018-02-13 22:54 - 2018-02-18 14:36 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\vssbgprsvc.exe
2018-02-13 22:52 - 2018-02-13 23:01 - 000000000 ____D C:\Users\Lenovo\AppData\Local\rbgxcv
2018-02-13 22:52 - 2018-02-13 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\csdznoi
2018-02-13 22:52 - 2018-02-13 22:52 - 000000000 ____D C:\WINDOWS\system32\csdznoi
2018-02-13 22:52 - 2018-02-13 22:52 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\et
2018-02-12 19:30 - 2018-02-18 13:37 - 000004250 _____ C:\WINDOWS\System32\Tasks\HMA! Pro VPN Update
2018-02-12 19:29 - 2018-02-15 01:23 - 000000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2018-02-12 19:29 - 2018-02-12 19:29 - 000001073 _____ C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2018-02-12 19:29 - 2018-02-12 19:29 - 000000000 ____D C:\ProgramData\Privax
2018-02-12 19:29 - 2018-02-12 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privax
2018-02-12 19:29 - 2017-12-05 15:38 - 000036456 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\hmatap.sys
2018-02-12 19:00 - 2018-02-13 22:51 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-02-12 18:48 - 2018-02-12 18:48 - 000000017 _____ C:\Users\Lenovo\AppData\Local\resmon.resmoncfg
2018-02-03 23:33 - 2018-02-03 23:33 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\YCanPDF
2018-02-03 23:31 - 2018-02-03 23:31 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\SolidDocuments
2018-02-03 23:31 - 2018-02-03 23:31 - 000000000 ____D C:\ProgramData\SolidDocuments
2018-02-03 23:02 - 2018-02-03 23:02 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Grammarly
2018-02-01 14:14 - 2018-02-01 14:14 - 000003592 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-VHN7DKA-Lenovo
2018-02-01 14:06 - 2018-02-01 15:49 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-30 19:17 - 2018-01-30 19:18 - 000000000 ____D C:\Users\Lenovo\Desktop\esoteric
2018-01-30 17:31 - 2018-01-30 17:31 - 000000000 ____D C:\Foxit Software
2018-01-30 17:31 - 2017-04-16 19:14 - 038238910 _____ C:\Users\Lenovo\Desktop\Berhatiah.pdf
2018-01-30 16:32 - 2018-02-16 07:53 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Foxit Software
2018-01-30 16:32 - 2018-01-30 16:32 - 000000000 ____D C:\ProgramData\Foxit Software
2018-01-30 16:31 - 2018-01-30 16:31 - 000001162 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2018-01-30 16:31 - 2018-01-30 16:31 - 000000000 ____D C:\Users\Public\Foxit Software
2018-01-30 16:31 - 2018-01-30 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2018-01-30 16:30 - 2018-01-30 16:30 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2018-01-30 15:47 - 2013-08-26 05:00 - 000391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMC6.DLL
2018-01-28 01:36 - 2018-01-28 01:36 - 000000000 ____D C:\Users\Lenovo\Documents\Adobe
2018-01-28 01:30 - 2018-01-28 01:30 - 000001106 _____ C:\Users\Lenovo\Desktop\Adobe Lightroom Classic CC.lnk
2018-01-28 01:30 - 2018-01-28 01:30 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic CC.lnk
2018-01-28 01:23 - 2018-01-28 01:30 - 000000000 ___HD C:\adobeTemp
2018-01-28 01:23 - 2018-01-28 01:30 - 000000000 ____D C:\Program Files\Adobe
2018-01-28 01:20 - 2018-01-28 01:20 - 000001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-01-28 01:20 - 2018-01-28 01:20 - 000001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-01-27 23:15 - 2018-01-27 23:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2018-01-27 23:15 - 2018-01-27 23:15 - 000000000 ____D C:\Program Files (x86)\WinCDEmu
2018-01-23 20:10 - 2017-09-28 19:05 - 016735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0001.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-18 14:38 - 2017-07-10 04:22 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2018-02-18 14:37 - 2017-07-13 19:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-18 14:36 - 2017-12-23 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-18 14:36 - 2017-07-13 19:10 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-18 14:34 - 2017-09-29 16:45 - 026738688 _____ C:\WINDOWS\system32\config\HARDWARE
2018-02-18 14:34 - 2017-09-29 16:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-02-18 14:34 - 2017-07-11 11:58 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\DMCache
2018-02-18 14:31 - 2017-12-23 09:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-18 13:30 - 2017-12-23 09:45 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A7E0D2DB-E24D-4B0D-81AF-D535C85968E4}
2018-02-18 00:49 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-18 00:29 - 2018-01-04 23:50 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-18 00:05 - 2017-08-01 13:35 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2018-02-18 00:04 - 2017-12-23 09:27 - 000000000 ____D C:\Users\Lenovo
2018-02-18 00:04 - 2017-07-11 13:11 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Nox
2018-02-18 00:04 - 2017-07-11 13:11 - 000000000 ____D C:\Program Files (x86)\Nox
2018-02-18 00:02 - 2017-07-11 13:43 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Bluestacks
2018-02-17 22:36 - 2017-07-19 12:07 - 000000000 ____D C:\ProgramData\TEMP
2018-02-17 22:20 - 2017-09-29 16:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-02-17 20:30 - 2017-10-07 04:48 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\vlc
2018-02-17 20:07 - 2017-12-24 13:35 - 000000000 ____D C:\Users\Lenovo\AppData\Local\ElevatedDiagnostics
2018-02-17 20:00 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-17 07:34 - 2017-12-24 02:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2018-02-17 04:46 - 2017-09-29 21:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-16 17:51 - 2017-07-10 04:15 - 001024848 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-02-16 17:49 - 2017-07-10 04:15 - 000757216 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtkBtfilter.sys
2018-02-16 17:03 - 2017-12-24 03:50 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-16 17:03 - 2017-12-23 09:28 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2018-02-16 17:03 - 2017-09-29 21:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-16 16:59 - 2018-01-05 23:58 - 000000000 ____D C:\Program Files (x86)\Steam
2018-02-16 16:48 - 2017-12-15 20:33 - 000000000 ___DC C:\WINDOWS\Panther
2018-02-16 15:54 - 2017-01-17 20:50 - 004580832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-02-16 15:25 - 2017-12-23 09:44 - 001464700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-16 15:21 - 2017-07-10 04:15 - 000206488 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2018-02-16 13:48 - 2017-12-30 14:58 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-02-16 13:38 - 2017-12-30 14:58 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-02-16 06:36 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-02-16 06:06 - 2017-07-11 11:58 - 000000000 ____D C:\Users\Lenovo\Downloads\Compressed
2018-02-15 21:48 - 2017-07-10 04:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-02-15 19:33 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-15 18:51 - 2017-12-23 09:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-392848940-2216501111-4133791728-1001
2018-02-15 18:51 - 2017-07-10 04:05 - 000002366 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-15 18:51 - 2017-07-10 04:05 - 000000000 ___RD C:\Users\Lenovo\OneDrive
2018-02-15 17:38 - 2018-01-05 00:04 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2018-02-15 17:38 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-02-15 17:38 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-02-15 17:38 - 2017-09-29 21:43 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2018-02-15 17:38 - 2017-09-29 21:43 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2018-02-15 17:38 - 2017-09-29 21:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2018-02-15 17:38 - 2017-09-29 21:43 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2018-02-15 17:38 - 2017-09-29 21:43 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2018-02-15 17:38 - 2017-09-29 21:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2018-02-15 17:38 - 2017-09-29 21:43 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2018-02-15 17:38 - 2017-09-29 21:43 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2018-02-15 17:38 - 2017-09-29 21:43 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2018-02-15 17:38 - 2017-09-29 21:43 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2018-02-15 17:38 - 2017-09-29 21:43 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2018-02-15 17:38 - 2017-09-29 21:43 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2018-02-15 17:38 - 2017-09-29 21:42 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2018-02-15 17:38 - 2017-09-29 21:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2018-02-15 17:38 - 2017-09-29 21:42 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2018-02-15 17:38 - 2017-09-29 21:42 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2018-02-15 17:38 - 2017-09-29 21:41 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2018-02-15 17:38 - 2017-09-29 21:41 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2018-02-15 17:37 - 2018-01-05 00:04 - 001381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2018-02-15 17:37 - 2017-09-29 21:43 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2018-02-15 17:37 - 2017-09-29 21:43 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2018-02-15 17:37 - 2017-09-29 21:43 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2018-02-15 17:37 - 2017-09-29 21:43 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2018-02-15 17:37 - 2017-09-29 21:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2018-02-15 17:37 - 2017-09-29 21:43 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2018-02-15 17:37 - 2017-09-29 21:43 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2018-02-15 17:37 - 2017-09-29 21:43 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2018-02-15 17:37 - 2017-09-29 21:41 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2018-02-15 17:37 - 2017-09-29 21:41 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2018-02-15 17:37 - 2017-09-29 21:41 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2018-02-15 17:37 - 2017-09-29 21:41 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2018-02-15 17:37 - 2017-09-29 21:41 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2018-02-15 17:37 - 2017-09-29 21:41 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2018-02-15 17:37 - 2017-09-29 21:41 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2018-02-15 17:37 - 2017-09-29 21:41 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2018-02-15 17:37 - 2017-09-29 21:41 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2018-02-15 17:37 - 2017-09-29 21:41 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2018-02-15 17:37 - 2017-09-29 21:41 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2018-02-15 13:25 - 2017-09-29 21:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-02-15 13:03 - 2017-07-11 11:58 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\IDM
2018-02-15 12:33 - 2017-10-15 22:37 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-15 12:33 - 2017-07-12 14:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-15 12:32 - 2017-07-12 14:36 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-15 10:22 - 2017-07-11 11:58 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-02-15 01:41 - 2017-12-23 10:32 - 000000000 ____D C:\Users\Lenovo\AppData\Local\PlaceholderTileLogoFolder
2018-02-15 01:32 - 2017-12-21 20:56 - 000001018 _____ C:\Users\Lenovo\Desktop\PotPlayer 64 bit.lnk
2018-02-15 01:23 - 2017-12-23 09:22 - 000491088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-14 23:21 - 2017-12-07 23:51 - 000005720 __RSH C:\ProgramData\ntuser.pol
2018-02-14 22:58 - 2017-07-10 04:02 - 000000000 ____D C:\Users\Lenovo\AppData\Local\VirtualStore
2018-02-14 08:40 - 2017-07-11 10:08 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-14 08:40 - 2017-07-11 10:08 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-13 23:12 - 2017-07-19 16:12 - 000000000 ____D C:\Program Files (x86)\R-Studio
2018-02-13 23:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-02-13 23:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-06 10:49 - 2017-09-29 21:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-06 10:49 - 2017-09-29 21:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-05 03:25 - 2017-07-11 11:58 - 000000000 ____D C:\Users\Lenovo\Downloads\Video
2018-02-04 23:28 - 2017-07-10 04:02 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Adobe
2018-02-03 23:04 - 2018-01-02 04:55 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Package Cache
2018-02-01 17:42 - 2017-07-11 13:43 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-01-30 16:31 - 2017-07-11 19:32 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-30 15:05 - 2017-07-10 04:06 - 000000000 ____D C:\ProgramData\Adobe
2018-01-30 15:04 - 2017-07-10 04:06 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2018-01-28 01:24 - 2017-07-10 04:06 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-01-27 21:36 - 2017-08-05 10:01 - 000000000 ___RD C:\Users\Lenovo\Documents\Scanned Documents
2018-01-25 20:48 - 2017-07-11 09:58 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-24 07:11 - 2017-07-12 15:50 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-01-24 06:57 - 2017-07-13 19:10 - 005950024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-01-24 06:57 - 2017-07-13 19:10 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-01-24 06:57 - 2017-07-13 19:10 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-01-24 06:57 - 2017-07-13 19:10 - 000633328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-01-24 06:57 - 2017-07-13 19:10 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-01-24 06:57 - 2017-07-13 19:10 - 000147768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2018-01-24 06:57 - 2017-07-13 19:10 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-01-24 06:57 - 2017-07-13 19:10 - 000082744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-01-23 20:11 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\OCR
2018-01-22 13:46 - 2017-07-13 19:10 - 007947791 _____ C:\WINDOWS\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2018-02-12 18:48 - 2018-02-12 18:48 - 000000017 _____ () C:\Users\Lenovo\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-02-18 00:02 - 2017-07-07 20:12 - 000819256 _____ (BlueStack Systems, Inc.) C:\Users\Lenovo\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2018-02-17 20:07 - 2018-01-01 20:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Lenovo\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\rtegjnqt.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-02-15 02:27

==================== End of FRST.txt ============================

Attached Files


Edited by nasdaq, 20 February 2018 - 09:58 AM.
pasted the FRST.txt log


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 PM

Posted 19 February 2018 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I have identified a bad SmartService infection.
We have some work to do.

Launch FRST and copy/paste the following inside the text area. Once done, click on the Fix button. Afterwards, a file called fixlog.txt should appear on your desktop. Attach it in your nexy reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::


Wait for further instructions.

#3 Haredasri

Haredasri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 19 February 2018 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I have identified a bad SmartService infection.
We have some work to do.

Launch FRST and copy/paste the following inside the text area. Once done, click on the Fix button. Afterwards, a file called fixlog.txt should appear on your desktop. Attach it in your nexy reply.
 

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::


Wait for further instructions.

 

Hi Nasdaq!

I've performed the fix and here is the log

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 PM

Posted 19 February 2018 - 01:36 PM

Hi,

For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system from a clean computer:
  • FRST 32-bit
  • FRST 64-bit
  • Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment


To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next
Click on Command Prompt to open the command prompt
Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.

To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the Windows RE, plug the USB Flash Drive in the computer

Once in the command prompt
In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Scan button and wait for the scan to complete
A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

#5 Haredasri

Haredasri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 19 February 2018 - 09:18 PM

Hi Nasdaq,

Here's the file during the Recovery Environment scan

Attached Files

  • Attached File  FRST.txt   73.04KB   6 downloads

Edited by Haredasri, 20 February 2018 - 01:41 AM.


#6 Haredasri

Haredasri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 20 February 2018 - 01:39 AM

A rather new scan after rebooting from recovery environment. 

 

*First post with attached files were ran while the Farbar showing errors. This scan I provided is a fresh after update with no errors

Attached Files


Edited by Haredasri, 20 February 2018 - 01:40 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 PM

Posted 20 February 2018 - 10:21 AM



Hi,

I do not think that it went as good as I had expedted.

This is from your first FRST log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by Lenovo (administrator) on DESKTOP-VHN7DKA (18-02-2018 15:22:13)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic (Available Profiles: Lenovo & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\vssbgprsvc.exe
===============

You have repeated the Farbar scan on the 19 and still showing the infection.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2018
Ran by Lenovo (administrator) on DESKTOP-VHN7DKA (20-02-2018 11:59:29)
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo (Available Profiles: Lenovo & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\vssbgprsvc.exe


This is the top part of the log in the Recovery console.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2018
Ran by SYSTEM on MININT-JLF1QGC (20-02-2018 10:10:31)
Running from H:\
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



The first 2 logs above were executed an Ran by Lenovo and Administrator.

The last one was executed an Ran by SYSTEM on MININT-JLF1QGC on an other computer.

I'm I wrong?

Can you excute my instructions on pont No 4, on the DESKTOP-VHN7DKA computer?

#8 Haredasri

Haredasri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 20 February 2018 - 11:33 AM

Hi,

The MININT-JLF1QGC is the clean computer which I used to upload the file here. The FRST log provided during the Recovery Environment was done in LENOVO.

 

Hi Nasdaq,

Here's the file during the Recovery Environment scan


To make it clear;

Clean laptop = MININT-JLF1QGC

Infected Laptop = LENOVO


Edited by Haredasri, 20 February 2018 - 11:34 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 PM

Posted 20 February 2018 - 01:22 PM

Hi,

Got it.
Please do not post any other logs from this computer.
Clean laptop = MININT-JLF1QGC

If ever you have trouble with it start a new topic for that computer.

===

Need to see if something has changed from the last time.
Run this on the compromised computer.

Launch FRST and copy/paste the following inside the text area. Once done, click on the Fix button. Afterwards, a file called fixlog.txt should appear on your desktop. Attach it in your nexy reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::


Wait for further instructions.

#10 Haredasri

Haredasri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 20 February 2018 - 01:34 PM

Alright, got it.

Ran the fix, here's the log

 

 

Attached Files



#11 Haredasri

Haredasri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 20 February 2018 - 01:39 PM

I just checked the supposed clean computer, but the system name was different from what I've stated before. I had just been informed therefore I apologize for the misinformation



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 PM

Posted 21 February 2018 - 10:20 AM

Hi,

My previous suggested fix in post no. 4 should have worked.

If one step is missed or in the wrong order fix will fail.

Please review the instructions carefully.

Most impotant is that you Download the FRST64.exe A good computer to the USB drive.
If by any change the USB was mounted prior to entering the Recovery Environment the first time you executed the instructions I suggest you delete it from the Flash drive.
Download the file to the USE with the clean computer.

Now you know the drill.

Enter the Recovery Environment

Select the Command Prompt

Once in the command prompt in Windows RE, plug the USB Flash Drive in the computer

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Scan button and wait for the scan to complete
A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply.

Do not restart the computer just yet. I want to see the log first.
Copy the FRST.txt log to the good computer and post it.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 PM

Posted 27 February 2018 - 07:57 AM

Are you still with me?

#14 Haredasri

Haredasri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 28 February 2018 - 06:26 PM

Hi, yes. I'm sorry for the late reply. My system now does not detect any malware and WIndows could update itself back. One thing though, most of Microsoft own applications still could not connect to the Internet. Could it be possibly because of the malware? But my Windows Update could go through the barrier this time. (ref: https://answers.microsoft.com/en-us/edge/forum/edge_other-edge_win10/edge-and-all-other-microsoft-apps-couldnt-connect/d429ebf3-482b-4eba-b7cc-6581d37bbf05 )



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 PM

Posted 01 March 2018 - 08:06 AM


Hi,
Download a fresh Copy of the Farbar program.

Run it and post the FRST log for my review.

Update Malwarebytes and run it
Remove everything that will be identified.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users