Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TAP Provider V9 install


  • This topic is locked This topic is locked
3 replies to this topic

#1 frignuts

frignuts

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 07 April 2018 - 08:20 PM

A window appears multiple times per day asking to install TAP Provider V9 for Private Tunnel Networks. if you click it closed, it tends to come back pretty quickly. malwarebytes did not remove it. 

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018

Ran by Dan (administrator) on J0Y8CS1 (07-04-2018 12:39:37)

Running from C:\Users\Dan\Downloads

Loaded Profiles: Dan (Available Profiles: Dan)

Platform: Windows 10 Enterprise Version 1709 16299.309 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAutoS\bin\KMSSS.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe

(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\sqlservr.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Spotify Ltd) C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)

HKLM\...\Run: [Veeam.EndPoint.Tray.exe] => C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe [946440 2017-04-23] (Veeam Software AG)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3237808 2018-01-09] (Dominik Reichl)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2760669090-3123172955-3873111411-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)

HKU\S-1-5-21-2760669090-3123172955-3873111411-1001\...\Run: [Spotify Web Helper] => C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-04-06] (Spotify Ltd)

HKU\S-1-5-21-2760669090-3123172955-3873111411-1001\...\Run: [Spotify] => C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe [22454160 2018-04-06] (Spotify Ltd)

AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvdmi.inf_amd64_323791d5eb27505c\nvinitx.dll => C:\WINDOWS\system32\DriverStore\FileRepository\nvdmi.inf_amd64_323791d5eb27505c\nvinitx.dll [196152 2017-03-31] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\WINDOWS\system32\DriverStore\FileRepository\nvdmi.inf_amd64_323791d5eb27505c\nvinit.dll => C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_323791d5eb27505c\nvinit.dll [168640 2017-03-31] (NVIDIA Corporation)

Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-03-15]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicy: Restriction <==== ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{4c8e8634-c926-425e-8571-399457c5dda6}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{fdb7625d-16cc-45f6-9e40-3df5a84e8e2b}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-03] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-03] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-03] (Microsoft Corporation)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-03] (Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)

 

FireFox:

========

FF DefaultProfile: r840klzc.default

FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r840klzc.default [2018-04-06]

FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r840klzc.default\features\{5ce69717-71d8-49db-8254-11f28fc71bdf}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-03] [Legacy]

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2018-04-07]

CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]

CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]

CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-11]

CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-11]

CHR Extension: (Honey) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-03-07]

CHR Extension: (uBlock Origin) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-20]

CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]

CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-11]

CHR Extension: (InvisibleHand) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2018-03-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]

CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-11]

CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)

R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-06-29] (Foxit Software Inc.)

R2 KMSEmulator; C:\ProgramData\KMSAutoS\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]

R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-10] (Microsoft Corporation)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-07-11] (Synaptics Incorporated)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)

R2 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [114952 2017-04-23] (Veeam Software AG)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-03] (Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-03] (Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-07] (Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-07] (Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-07] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-07] (Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-07] (Malwarebytes)

R1 MpKsl5c492eab; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98CEA6F4-08F7-4A92-A7C3-C65023074089}\MpKsl5c492eab.sys [58120 2018-04-06] (Microsoft Corporation)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_323791d5eb27505c\nvlddmkm.sys [14841784 2017-04-03] (NVIDIA Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [73368 2012-07-13] (STMicroelectronics)

R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2017-07-11] (Texas Instruments, Inc.)

R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2017-07-11] (Texas Instruments, Inc.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-03] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-03] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-03] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-04-07 12:39 - 2018-04-07 12:39 - 000016892 _____ C:\Users\Dan\Downloads\FRST.txt

2018-04-07 12:39 - 2018-04-07 12:39 - 000000000 ____D C:\FRST

2018-04-07 12:38 - 2018-04-07 12:38 - 000001458 _____ C:\Users\Dan\Desktop\FRST64.exe - Shortcut.lnk

2018-04-07 12:37 - 2018-04-07 12:37 - 002403328 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe

2018-04-07 12:14 - 2018-04-07 12:14 - 001168896 _____ C:\Users\Dan\Downloads\zoek.exe

2018-04-07 11:16 - 2018-04-07 11:18 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2018-04-07 11:16 - 2018-04-07 11:16 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2018-04-07 11:16 - 2018-04-07 11:16 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2018-04-07 11:16 - 2018-04-07 11:16 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2018-04-07 11:16 - 2018-04-07 11:16 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2018-04-07 11:16 - 2018-04-07 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2018-04-06 20:13 - 2018-04-06 20:13 - 000001840 _____ C:\Users\Dan\Desktop\Spotify.lnk

2018-04-06 20:13 - 2018-04-06 20:13 - 000001826 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2018-04-06 20:13 - 2018-04-06 20:13 - 000000000 ____D C:\Users\Dan\AppData\Local\Spotify

2018-04-06 20:12 - 2018-04-06 20:15 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Spotify

2018-04-06 20:12 - 2018-04-06 20:12 - 000727536 _____ (Spotify Ltd) C:\Users\Dan\Downloads\SpotifySetup(1).exe

2018-04-04 18:42 - 2018-04-04 18:51 - 000000000 ____D C:\Users\Dan\Documents\Nuclear

2018-03-21 07:36 - 2018-03-21 07:37 - 006602910 _____ C:\Users\Dan\Downloads\drive-download-20180321T113600Z-001.zip

2018-03-19 20:37 - 2018-03-19 20:37 - 000371585 _____ C:\Users\Dan\Downloads\34.pdf

2018-03-19 20:29 - 2018-03-19 20:29 - 000371585 _____ C:\Users\Dan\Desktop\34.pdf

2018-03-18 13:00 - 2018-03-18 15:23 - 000000000 ____D C:\ESD

2018-03-18 12:57 - 2018-03-18 12:57 - 000000000 ___HD C:\$Windows.~WS

2018-03-18 12:57 - 2018-03-18 12:57 - 000000000 ____D C:\$WINDOWS.~BT

2018-03-18 12:56 - 2018-03-18 12:56 - 018617536 _____ (Microsoft Corporation) C:\Users\Dan\Downloads\MediaCreationTool.exe

2018-03-17 19:56 - 2018-03-17 20:11 - 000000000 ____D C:\Users\Dan\Desktop\Flash

2018-03-15 21:19 - 2018-03-15 21:19 - 000000000 ____D C:\Users\Dan\Documents\OneNote Notebooks

2018-03-13 18:38 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll

2018-03-13 18:38 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll

2018-03-13 18:38 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll

2018-03-13 18:38 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll

2018-03-13 18:38 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll

2018-03-13 18:38 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll

2018-03-13 18:38 - 2018-03-01 22:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe

2018-03-13 18:38 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll

2018-03-13 18:38 - 2018-03-01 03:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2018-03-13 18:38 - 2018-03-01 03:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2018-03-13 18:38 - 2018-03-01 03:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2018-03-13 18:38 - 2018-03-01 03:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2018-03-13 18:38 - 2018-03-01 03:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2018-03-13 18:38 - 2018-03-01 03:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2018-03-13 18:38 - 2018-03-01 03:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2018-03-13 18:38 - 2018-03-01 03:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2018-03-13 18:38 - 2018-03-01 03:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2018-03-13 18:38 - 2018-03-01 03:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll

2018-03-13 18:38 - 2018-03-01 03:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2018-03-13 18:38 - 2018-03-01 03:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2018-03-13 18:38 - 2018-03-01 03:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2018-03-13 18:38 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2018-03-13 18:38 - 2018-03-01 03:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2018-03-13 18:38 - 2018-03-01 03:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2018-03-13 18:38 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe

2018-03-13 18:38 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys

2018-03-13 18:38 - 2018-03-01 03:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

2018-03-13 18:38 - 2018-03-01 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2018-03-13 18:38 - 2018-03-01 03:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys

2018-03-13 18:38 - 2018-03-01 03:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2018-03-13 18:38 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2018-03-13 18:38 - 2018-03-01 03:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2018-03-13 18:38 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe

2018-03-13 18:38 - 2018-03-01 03:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2018-03-13 18:38 - 2018-03-01 03:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2018-03-13 18:38 - 2018-03-01 03:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2018-03-13 18:38 - 2018-03-01 03:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2018-03-13 18:38 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll

2018-03-13 18:38 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2018-03-13 18:38 - 2018-03-01 03:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2018-03-13 18:38 - 2018-03-01 03:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys

2018-03-13 18:38 - 2018-03-01 03:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll

2018-03-13 18:38 - 2018-03-01 03:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2018-03-13 18:38 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll

2018-03-13 18:38 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll

2018-03-13 18:38 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2018-03-13 18:38 - 2018-03-01 03:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2018-03-13 18:38 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll

2018-03-13 18:38 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys

2018-03-13 18:38 - 2018-03-01 03:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2018-03-13 18:38 - 2018-03-01 02:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

2018-03-13 18:38 - 2018-03-01 02:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2018-03-13 18:38 - 2018-03-01 02:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2018-03-13 18:38 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2018-03-13 18:38 - 2018-03-01 02:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2018-03-13 18:38 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll

2018-03-13 18:38 - 2018-03-01 02:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2018-03-13 18:38 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2018-03-13 18:38 - 2018-03-01 02:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll

2018-03-13 18:38 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2018-03-13 18:38 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll

2018-03-13 18:38 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2018-03-13 18:38 - 2018-03-01 02:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2018-03-13 18:38 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll

2018-03-13 18:38 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2018-03-13 18:38 - 2018-03-01 02:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2018-03-13 18:38 - 2018-03-01 02:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2018-03-13 18:38 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll

2018-03-13 18:38 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll

2018-03-13 18:38 - 2018-03-01 02:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll

2018-03-13 18:38 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll

2018-03-13 18:38 - 2018-03-01 02:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2018-03-13 18:38 - 2018-03-01 02:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2018-03-13 18:38 - 2018-03-01 02:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll

2018-03-13 18:38 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll

2018-03-13 18:38 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll

2018-03-13 18:38 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll

2018-03-13 18:38 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2018-03-13 18:38 - 2018-03-01 01:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll

2018-03-13 18:38 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll

2018-03-13 18:38 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2018-03-13 18:38 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2018-03-13 18:38 - 2018-03-01 01:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2018-03-13 18:38 - 2018-03-01 01:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2018-03-13 18:38 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll

2018-03-13 18:38 - 2018-03-01 01:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2018-03-13 18:38 - 2018-03-01 01:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2018-03-13 18:38 - 2018-03-01 01:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2018-03-13 18:38 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2018-03-13 18:38 - 2018-03-01 01:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2018-03-13 18:38 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2018-03-13 18:38 - 2018-03-01 01:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2018-03-13 18:38 - 2018-03-01 01:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll

2018-03-13 18:38 - 2018-03-01 01:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2018-03-13 18:38 - 2018-03-01 01:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2018-03-13 18:38 - 2018-03-01 01:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll

2018-03-13 18:38 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2018-03-13 18:38 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll

2018-03-13 18:38 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll

2018-03-13 18:38 - 2018-03-01 01:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll

2018-03-13 18:38 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe

2018-03-13 18:38 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2018-03-13 18:38 - 2018-03-01 01:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2018-03-13 18:38 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll

2018-03-13 18:38 - 2018-03-01 01:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll

2018-03-13 18:38 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2018-03-13 18:38 - 2018-03-01 01:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll

2018-03-13 18:38 - 2018-03-01 01:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2018-03-13 18:38 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2018-03-13 18:38 - 2018-03-01 01:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2018-03-13 18:38 - 2018-03-01 01:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll

2018-03-13 18:38 - 2018-03-01 01:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys

2018-03-13 18:38 - 2018-03-01 01:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll

2018-03-13 18:38 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2018-03-13 18:38 - 2018-03-01 01:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll

2018-03-13 18:38 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2018-03-13 18:38 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll

2018-03-13 18:38 - 2018-03-01 01:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

2018-03-13 18:38 - 2018-03-01 01:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2018-03-13 18:38 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll

2018-03-13 18:38 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll

2018-03-13 18:38 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2018-03-13 18:38 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2018-03-13 18:38 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll

2018-03-13 18:38 - 2018-03-01 01:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2018-03-13 18:38 - 2018-03-01 01:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2018-03-13 18:38 - 2018-03-01 01:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll

2018-03-13 18:38 - 2018-03-01 01:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2018-03-13 18:38 - 2018-03-01 01:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2018-03-13 18:38 - 2018-03-01 01:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2018-03-13 18:38 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll

2018-03-13 18:38 - 2018-03-01 01:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2018-03-13 18:38 - 2018-03-01 01:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2018-03-13 18:38 - 2018-03-01 01:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2018-03-13 18:38 - 2018-03-01 01:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2018-03-13 18:38 - 2018-03-01 01:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2018-03-13 18:38 - 2018-03-01 01:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2018-03-13 18:38 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2018-03-13 18:38 - 2018-03-01 01:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2018-03-13 18:38 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2018-03-13 18:38 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2018-03-13 18:38 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll

2018-03-13 18:38 - 2018-03-01 01:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2018-03-13 18:38 - 2018-03-01 01:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2018-03-13 18:38 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2018-03-13 18:38 - 2018-03-01 01:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll

2018-03-13 18:38 - 2018-03-01 01:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe

2018-03-13 18:38 - 2018-03-01 01:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll

2018-03-13 18:38 - 2018-03-01 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe

2018-03-13 18:38 - 2018-02-21 22:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2018-03-13 18:38 - 2018-02-21 22:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2018-03-13 18:38 - 2018-02-21 22:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys

2018-03-13 18:38 - 2018-02-21 22:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll

2018-03-13 18:38 - 2018-02-21 22:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys

2018-03-13 18:38 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2018-03-13 18:38 - 2018-02-21 22:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2018-03-13 18:38 - 2018-02-21 22:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2018-03-13 18:38 - 2018-02-21 22:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2018-03-13 18:38 - 2018-02-21 22:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2018-03-13 18:38 - 2018-02-21 22:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2018-03-13 18:38 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys

2018-03-13 18:38 - 2018-02-21 22:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

2018-03-13 18:38 - 2018-02-21 22:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys

2018-03-13 18:38 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys

2018-03-13 18:38 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2018-03-13 18:38 - 2018-02-21 21:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2018-03-13 18:38 - 2018-02-21 21:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2018-03-13 18:38 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys

2018-03-13 18:38 - 2018-02-21 21:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2018-03-13 18:38 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys

2018-03-13 18:38 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys

2018-03-13 18:38 - 2018-02-21 21:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2018-03-13 18:38 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys

2018-03-13 18:38 - 2018-02-21 20:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2018-03-13 18:38 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys

2018-03-13 18:38 - 2018-02-21 20:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys

2018-03-13 18:38 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys

2018-03-13 18:38 - 2018-02-21 20:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys

2018-03-13 18:38 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll

2018-03-13 18:38 - 2018-02-21 20:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

2018-03-13 18:38 - 2018-02-21 20:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys

2018-03-13 18:38 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

2018-03-13 18:38 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll

2018-03-13 18:38 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll

2018-03-10 15:32 - 2018-03-10 15:32 - 000000093 _____ C:\Users\Dan\Desktop\connections money stuff.txt

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-04-07 12:39 - 2017-07-14 18:27 - 000000000 ____D C:\Users\Dan\AppData\Roaming\KeePass

2018-04-07 12:28 - 2017-07-14 18:31 - 000027470 _____ C:\Users\Dan\Documents\4-13-16_database[1].kdbx

2018-04-07 12:15 - 2017-07-11 20:49 - 000000000 ____D C:\ProgramData\KMSAutoS

2018-04-07 12:04 - 2017-12-10 12:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2018-04-07 11:16 - 2017-07-11 19:02 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2018-04-07 11:15 - 2017-07-11 18:51 - 000035888 __RSH C:\ProgramData\3002.abs

2018-04-07 11:15 - 2017-07-11 18:51 - 000000103 __RSH C:\ProgramData\3002.xml

2018-04-07 11:14 - 2017-07-13 21:25 - 000017920 _____ C:\WINDOWS\system32\rpcnetp.exe

2018-04-06 20:21 - 2017-07-21 18:55 - 000000000 ____D C:\Users\Dan\AppData\LocalLow\Mozilla

2018-04-06 19:39 - 2017-07-21 18:54 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

2018-04-06 19:39 - 2017-07-21 18:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

2018-04-06 19:13 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization

2018-04-06 19:03 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps

2018-04-06 19:03 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness

2018-04-06 19:00 - 2017-12-10 12:30 - 000003656 _____ C:\WINDOWS\System32\Tasks\AutoKMS

2018-04-05 21:42 - 2017-07-13 21:26 - 000000000 ____D C:\ProgramData\NVIDIA

2018-04-05 18:20 - 2017-12-10 12:32 - 000994814 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2018-04-05 18:17 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF

2018-04-03 18:05 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2018-04-03 18:04 - 2017-07-11 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools

2018-04-03 18:04 - 2017-07-11 19:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2018-04-02 12:19 - 2017-12-10 12:26 - 000000000 ____D C:\Users\Dan\AppData\Local\Packages

2018-03-24 09:41 - 2017-07-21 18:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2018-03-23 19:13 - 2017-07-11 19:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer

2018-03-21 21:17 - 2017-07-11 19:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-03-19 12:57 - 2017-07-11 19:02 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2018-03-18 15:23 - 2017-12-08 18:47 - 000000000 ___DC C:\WINDOWS\Panther

2018-03-15 21:13 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache

2018-03-15 20:44 - 2017-12-10 12:59 - 000000000 ___RD C:\Users\Dan\3D Objects

2018-03-15 20:44 - 2017-07-13 20:30 - 000000000 ____D C:\ProgramData\Veeam

2018-03-15 20:44 - 2017-07-11 18:49 - 000000000 __RHD C:\Users\Public\AccountPictures

2018-03-15 20:43 - 2017-12-10 12:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2018-03-15 20:43 - 2017-12-10 12:24 - 000390464 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2018-03-15 20:43 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2018-03-15 20:43 - 2017-07-11 18:49 - 000078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll

2018-03-15 20:42 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput

2018-03-15 20:42 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser

2018-03-15 20:42 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences

2018-03-15 20:42 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2018-03-13 18:56 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp

2018-03-13 18:55 - 2017-07-11 22:30 - 000000000 ____D C:\WINDOWS\system32\MRT

2018-03-13 18:42 - 2017-10-11 20:53 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2018-03-13 18:42 - 2017-07-11 22:30 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2018-03-13 18:39 - 2017-09-29 09:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2018-03-13 18:39 - 2017-09-29 09:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2018-03-08 20:01 - 2017-07-11 19:00 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk

 

Some files in TEMP:

====================

2018-04-06 19:53 - 2017-09-19 17:55 - 020644976 _____ (Spotify Ltd) C:\Users\Dan\AppData\Local\Temp\SpotifyUninstall.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2018-03-30 11:31

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018

Ran by Dan (07-04-2018 12:40:21)

Running from C:\Users\Dan\Downloads

Windows 10 Enterprise Version 1709 16299.309 (X64) (2017-12-10 16:31:18)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2760669090-3123172955-3873111411-500 - Administrator - Disabled)

Dan (S-1-5-21-2760669090-3123172955-3873111411-1001 - Administrator - Enabled) => C:\Users\Dan

DefaultAccount (S-1-5-21-2760669090-3123172955-3873111411-503 - Limited - Disabled)

Guest (S-1-5-21-2760669090-3123172955-3873111411-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-2760669090-3123172955-3873111411-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden

calibre 64bit (HKLM\...\{3E7334AB-3B64-4CD0-8DAC-817FF56AED7E}) (Version: 3.12.0 - Kovid Goyal)

CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)

CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)

Google Chrome (HKLM\...\{715E251E-9134-3D1D-BE19-1C6EE18F8D24}) (Version: 65.0.3325.181 - Google, Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

KeePass Password Safe 2.38 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.38 - Dominik Reichl)

Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)

Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{C3682243-2218-4F80-A94A-EB0D7B7AF739}) (Version: 11.3.6020.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)

NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden

Spotify (HKU\S-1-5-21-2760669090-3123172955-3873111411-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)

ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)

Veeam Agent for Microsoft Windows (HKLM\...\{39C68361-38C1-4528-8064-AA5A182DBE0B}) (Version: 2.0.0.700 - Veeam Software AG)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)

Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2760669090-3123172955-3873111411-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6917.0607_1\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-2760669090-3123172955-3873111411-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6917.0607_1\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-2760669090-3123172955-3873111411-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6917.0607_1\amd64\FileSyncShell64.dll => No File

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-07-11] (Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-03-31] (NVIDIA Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0F3BF459-015F-4453-82B7-E8334DA1289B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-03] (Microsoft Corporation)

Task: {219F7212-FA3C-4F38-BD32-F75E5446FA49} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)

Task: {37F844F9-9866-4983-B849-CFA9EF4E21D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-04-03] (Microsoft Corporation)

Task: {4411A563-A72B-4B61-8345-8088983B51A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-11] (Google Inc.)

Task: {44B670C2-FC23-4CBC-92F8-56E6197CA908} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-31] (NVIDIA Corporation)

Task: {596E0223-44DC-427E-B5A1-60AF5C8FB0C0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-31] (NVIDIA Corporation)

Task: {768F840C-FA8E-45FC-92CC-768D22FA9778} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-03] (Microsoft Corporation)

Task: {7AD0F877-DC66-455A-8E6E-79E2B4498F0D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-03] (Microsoft Corporation)

Task: {9D552EFC-B468-4321-A974-1B671BF0C626} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)

Task: {BED481A6-4199-48AD-919F-F0B6887AC92A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-03] (Microsoft Corporation)

Task: {C0A53B34-1725-4F9B-A7C4-BBE024BB9F4C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-03] (Microsoft Corporation)

Task: {C1D43EE2-1E45-4491-BEB5-F76DF58606ED} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-31] (NVIDIA Corporation)

Task: {D34A356C-DA05-47DF-B4EF-ADC4C7F5E30D} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)

Task: {DCAA141E-544F-4D2D-AFD5-8F50FCCBB2FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-11] (Google Inc.)

Task: {E39C106B-E032-45BD-9615-D0406055B5C0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)

Task: {E590DCB6-13E1-42DC-AF39-97C11A468D45} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-31] (NVIDIA Corporation)

Task: {E7B83806-E2E2-4B41-BCBD-52C40DB23C51} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-31] (NVIDIA Corporation)

Task: {EB7B5643-6707-4764-80D0-BFD9F2609B5B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-04-03] (Microsoft Corporation)

Task: {F43A5C4C-D2A2-4B96-9D27-274794283E4D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-03] (Microsoft Corporation)

Task: {FC49AD01-3CE1-4280-A474-AC852CED22C3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-07-11] ()

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-02-15 21:01 - 2016-02-15 21:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2017-07-13 21:26 - 2017-03-31 22:10 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2017-08-23 17:33 - 2018-04-03 18:04 - 008936112 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2018-03-13 18:38 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2018-03-13 18:38 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2018-03-23 17:31 - 2018-03-23 17:32 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2018-03-23 17:31 - 2018-03-23 17:32 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2018-03-23 17:31 - 2018-03-23 17:32 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2018-03-23 17:31 - 2018-03-23 17:32 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll

2017-07-11 18:52 - 2017-07-11 18:52 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll

2018-02-23 18:11 - 2018-02-23 18:11 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe

2018-02-23 18:11 - 2018-02-23 18:11 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\SharedUI.dll

2018-02-23 18:11 - 2018-02-23 18:11 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\EntCommon.dll

2017-09-28 18:37 - 2017-09-28 18:39 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-07-11 19:02 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

2017-07-11 19:02 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

2018-03-23 17:31 - 2018-03-23 17:31 - 004330496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe

2018-03-13 18:27 - 2018-03-13 18:27 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll

2018-03-21 21:17 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll

2018-03-21 21:17 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2015-07-10 07:04 - 2015-07-10 07:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2760669090-3123172955-3873111411-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{bc516d21-3566-4030-ab1c-dea3bb78348d}.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"

HKLM\...\StartupApproved\Run: => "NvBackend"

HKU\S-1-5-21-2760669090-3123172955-3873111411-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-2760669090-3123172955-3873111411-1001\...\StartupApproved\Run: => "CCleaner"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{D8569F41-442E-48EA-ABF1-DEC904704B8C}] => (Allow) LPort=1688

FirewallRules: [UDP Query User{9D830357-E932-4749-94E7-DB973A78A808}C:\users\dan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dan\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{CEEA9ACC-C259-4F02-9CA1-BB07466AAD1A}C:\users\dan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dan\appdata\roaming\spotify\spotify.exe

FirewallRules: [{A5E4A5CD-90B5-40D7-A793-E24B17F01159}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{98EA77CF-7F94-4B46-960D-960E7D2CCD24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{5B298818-CE0D-4AC2-B0A5-38DF6EB574CE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{416773A1-6736-41C9-8E26-543E9B1EE7D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{EDD54B74-E34B-4FD4-85BF-D5FAF13D68E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{BA338C47-2A21-4AFA-A216-7EEFC0CFAE64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{41F8A7A4-06D8-4D2F-A735-DA2BC395E800}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{D4DD7AB1-401E-421A-AF02-B4FF40B4610E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{F23CA168-632D-40EF-B5B4-A7E99996CC0F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{9A21D584-B16C-4844-9261-ADDD58EC839E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{BD9662AD-31CE-4467-865A-70DD0D60EE24}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe

FirewallRules: [{BA649A4D-EFDD-47C1-A926-B134856A03C6}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe

FirewallRules: [{2394B98D-ECA9-45C7-AD85-3D84C12ADA34}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe

FirewallRules: [{E19638C4-2911-4921-80EE-8833751024CF}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe

FirewallRules: [{30CB8EF3-C6AA-4DC8-8BF7-CD84C80B1262}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe

FirewallRules: [{B589CC62-7752-463B-B962-870CE6D2CA29}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe

FirewallRules: [{A9F148EA-B1D7-4690-BAB1-4E300C2796AC}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe

FirewallRules: [{A5BE308C-E622-46EC-B702-70A1191AB74C}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe

FirewallRules: [{477DE601-42C1-4D3F-AE30-5089D6436C9D}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Recovery.exe

FirewallRules: [{322310AC-49F2-41D9-9051-3A75CC9B7416}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{A027EF2F-D3D9-4508-A76A-2F473B1F0662}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{7CD6C90C-377A-41F0-9379-D796A1D6BFDD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{A01BE08A-0B77-4A38-B739-B1A1D4FFB7D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{091E0CE4-7466-438E-B506-50BCEF36F1F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{1418FFA6-2643-49DA-B623-F833DEB2E44F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

13-03-2018 18:37:47 Windows Update

23-03-2018 18:09:42 Scheduled Checkpoint

03-04-2018 18:21:34 Scheduled Checkpoint

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/05/2018 05:25:23 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (03/30/2018 01:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: dwm.exe, version: 10.0.16299.15, time stamp: 0x7f22d77c

Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126

Exception code: 0xc0000409

Fault offset: 0x0000000000090d9f

Faulting process id: 0x1250

Faulting application start time: 0x01d3c700567ad8c5

Faulting application path: C:\WINDOWS\System32\dwm.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: f75d01fe-dc9b-4ac3-ad49-1af6293ba5cc

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (03/28/2018 09:39:21 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (03/21/2018 09:15:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Video.UI.exe, version: 10.17122.1621.0, time stamp: 0x5a7c3066

Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126

Exception code: 0xc0000409

Fault offset: 0x0000000000090d9f

Faulting process id: 0x2c08

Faulting application start time: 0x01d3c1515afd07e3

Faulting application path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: 205f6cff-3078-429b-87bc-21b424f63c2c

Faulting package full name: Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.ZuneVideo

 

Error: (03/20/2018 08:49:43 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (03/18/2018 11:39:04 AM) (Source: Software Protection Platform Service) (EventID: 8228) (User: )

Description: The rules engine failed to evaluate the rules.

Reason:0x80070057

Stage:BUILD_FULL_MACHINE_STATE

Additional Data:

<none>

 

Error: (03/13/2018 06:30:18 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (03/04/2018 09:56:21 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

 

System errors:

=============

Error: (04/07/2018 12:06:26 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)

Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:

"2"

Happened while starting this command:

C:\WINDOWS\system32\SppExtComObj.exe -Embedding

 

Error: (04/07/2018 12:06:26 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)

Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:

"2"

Happened while starting this command:

C:\WINDOWS\system32\SppExtComObj.exe -Embedding

 

Error: (04/07/2018 12:04:44 PM) (Source: DCOM) (EventID: 10016) (User: J0Y8CS1)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user J0Y8CS1\Dan SID (S-1-5-21-2760669090-3123172955-3873111411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (04/07/2018 11:14:41 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)

Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:

"2"

Happened while starting this command:

C:\WINDOWS\system32\SppExtComObj.exe -Embedding

 

Error: (04/07/2018 11:14:40 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)

Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:

"2"

Happened while starting this command:

C:\WINDOWS\system32\SppExtComObj.exe -Embedding

 

Error: (04/07/2018 11:14:36 AM) (Source: DCOM) (EventID: 10016) (User: J0Y8CS1)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user J0Y8CS1\Dan SID (S-1-5-21-2760669090-3123172955-3873111411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (04/06/2018 08:13:40 PM) (Source: DCOM) (EventID: 10016) (User: J0Y8CS1)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user J0Y8CS1\Dan SID (S-1-5-21-2760669090-3123172955-3873111411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (04/06/2018 07:00:14 PM) (Source: DCOM) (EventID: 10016) (User: J0Y8CS1)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user J0Y8CS1\Dan SID (S-1-5-21-2760669090-3123172955-3873111411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

 

Windows Defender:

===================================

Date: 2018-04-07 12:06:22.069

Description: 

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patch&threatid=2147649714&enterprise=0

Name: HackTool:Win32/Patch

ID: 2147649714

Severity: High

Category: Tool

Path: file:_C:\Users\Dan\AppData\Local\Temp\KMSAuto\SppExtComObjPatcher.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: Real-Time Protection

Process Name: C:\Users\Dan\AppData\Local\Temp\SppPatcher_x64.dat

Signature Version: AV: 1.265.172.0, AS: 1.265.172.0, NIS: 119.0.0.0

Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

 

Date: 2018-04-07 11:14:34.788

Description: 

Windows Defender Antivirus has detected a suspicious behavior.

Name: Behavior:Win32/DroppedKnownMalware

ID: 3946225808

Severity: Low

Category: Suspicious Behavior

Path Found: file:_C:\Users\Dan\AppData\Local\Temp\SppPatcher_x64.dat;process:_9232

Detection Origin: Local machine

Detection Type: Suspicious

Detection Source: Real-Time Protection

Status: Executing

Process Name: C:\Users\Dan\AppData\Local\Temp\SppPatcher_x64.dat

Signature ID: 41453017067075

Signature Version: AV: 1.265.172.0, AS: 1.265.172.0

Engine Version: 1.1.14700.5

Fidelity Label:  Low

Target File Name:  C:\Users\Dan\AppData\Local\Temp\KMSAuto\SppExtComObjPatcher.exe

 

Date: 2018-04-07 11:14:32.931

Description: 

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patch&threatid=2147649714&enterprise=0

Name: HackTool:Win32/Patch

ID: 2147649714

Severity: High

Category: Tool

Path: file:_C:\Users\Dan\AppData\Local\Temp\KMSAuto\SppExtComObjPatcher.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: Real-Time Protection

Process Name: C:\Users\Dan\AppData\Local\Temp\SppPatcher_x64.dat

Signature Version: AV: 1.265.172.0, AS: 1.265.172.0, NIS: 119.0.0.0

Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

 

Date: 2018-04-03 18:11:20.935

Description: 

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {4C841CFD-8887-40F9-B6CE-30894EA4E1B9}

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2018-03-28 21:40:32.127

Description: 

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patch&threatid=2147649714&enterprise=0

Name: HackTool:Win32/Patch

ID: 2147649714

Severity: Medium

Category: Tool

Path: file:_C:\Users\Dan\AppData\Local\Temp\KMSAuto\SppExtComObjPatcher.exe;file:_C:\WINDOWS\system32\SppExtComObjPatcher.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:\Windows\System32\svchost.exe

Signature Version: AV: 1.263.1607.0, AS: 1.263.1607.0, NIS: 119.0.0.0

Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

 

Date: 2018-01-31 19:17:10.580

Description: 

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version: 

Previous Signature Version: 1.261.585.0

Update Source: Microsoft Malware Protection Center

Signature Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.14500.5

Error code: 0x80072ee2

Error description: The operation timed out 

 

Date: 2018-01-31 19:17:10.580

Description: 

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version: 

Previous Signature Version: 1.261.585.0

Update Source: Microsoft Malware Protection Center

Signature Type: AntiSpyware

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.14500.5

Error code: 0x80072ee2

Error description: The operation timed out 

 

Date: 2018-01-31 19:17:10.579

Description: 

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version: 

Previous Signature Version: 1.261.585.0

Update Source: Microsoft Malware Protection Center

Signature Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.14500.5

Error code: 0x80072ee2

Error description: The operation timed out 

 

Date: 2018-01-21 16:07:30.148

Description: 

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version: 

Previous Signature Version: 1.261.77.0

Update Source: Microsoft Malware Protection Center

Signature Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.14500.5

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

 

Date: 2018-01-21 16:07:30.148

Description: 

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version: 

Previous Signature Version: 118.2.0.0

Update Source: Microsoft Malware Protection Center

Signature Type: Network Inspection System

Update Type: Full

Current Engine Version: 

Previous Engine Version: 2.1.14202.0

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

 

CodeIntegrity:

===================================

 

Date: 2018-04-07 11:16:40.770

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

 

Date: 2017-12-15 19:58:04.727

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\identprv.dll that did not meet the Unchecked signing level requirements.

 

Date: 2017-12-15 19:57:53.893

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\wceprv.dll that did not meet the Unchecked signing level requirements.

 

Date: 2017-12-13 18:20:09.180

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\identprv.dll that did not meet the Unchecked signing level requirements.

 

Date: 2017-12-13 18:19:34.672

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\wceprv.dll that did not meet the Unchecked signing level requirements.

 

Date: 2017-12-11 21:38:20.170

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\identprv.dll that did not meet the Unchecked signing level requirements.

 

Date: 2017-12-11 21:38:08.817

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\wceprv.dll that did not meet the Unchecked signing level requirements.

 

Date: 2017-12-10 20:44:10.075

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\identprv.dll that did not meet the Unchecked signing level requirements.

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz

Percentage of memory in use: 48%

Total physical RAM: 8139.84 MB

Available physical RAM: 4188.57 MB

Total Virtual: 9419.84 MB

Available Virtual: 4828.79 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:222.29 GB) (Free:173.76 GB) NTFS

 

\\?\Volume{ceb16e9a-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS

\\?\Volume{ceb16e9a-0000-0000-0000-d0b137000000}\ () (Fixed) (Total:0.79 GB) (Free:0.33 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: CEB16E9A)

Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=222.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=809 MB) - (Type=27)

 

==================== End of Addition.txt ============================

 

"For the past couple months, I've been randomly getting a Windows Security message (pic attached).  It pops up a couple times per day.  It's asking to install "TAP Provider V9 for Private Tunnel Networks..."  I always press "Don't Install."



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 08 April 2018 - 07:19 PM

Greetings frignuts and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2016 and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 11 April 2018 - 09:57 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 13 April 2018 - 09:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users