Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Riskware.BitcoinMiner


  • This topic is locked This topic is locked
80 replies to this topic

#1 martymar25

martymar25

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 18 April 2018 - 08:27 AM

Good Day Community Can someone assist me with the removal of a coin miner the scan results are below.I tried to copy and paste but it didn't work. The scans are attached below. Thanks in advance

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Administrator (administrator) on NASHIPOSFB1 (18-04-2018 09:06:33)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() E:\MICROS\myMicros\aggAdjService\wrapper\wrapper.exe
() E:\MICROS\myMicros\AlertEngine\wrapper.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jdk1.6.0_24\bin\java.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jdk1.6.0_24\bin\java.exe
(Shift4 Corporation) C:\Shift4\UTG2\UTG2Svc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(MICROS Systems, Inc.) E:\MICROS\Simphony2\DirectPostingService\DirectPostingService.exe
(MICROS Systems, Inc.) E:\MICROS\Simphony2\SequencerService\SequencerService.exe
(Microsoft Corporation) D:\MSSQL\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() E:\MICROS\myMicros\myPortal\bin\Wrapper.exe
() C:\Program Files (x86)\RDX\Service\RDXmon.exe
() E:\MICROS\myMicros\SimphonyMobileAggregation\wrapper.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jdk1.6.0_24\bin\java.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) D:\MSSQL\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jdk1.6.0_24\bin\java.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [1397728 2017-03-14] (GlavSoft LLC.)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-1092429605-344133657-2961457036-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-1092429605-344133657-2961457036-500\...\MountPoints2: {7d948f44-be83-11e6-984c-806e6f6e6963} - F:\RDXInstallationWizard.exe
HKU\S-1-5-21-1092429605-344133657-2961457036-500\...\MountPoints2: {e0b83c15-be58-11e6-8147-1402ec06f947} - H:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli rassfm

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{065f0c42-703a-11de-9954-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{166CA62B-F7BE-4465-A648-636A9825E464}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{166CA62B-F7BE-4465-A648-636A9825E464}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{3BFA2695-8529-4BE4-B4F6-8E77A9BD8BD1}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3BFA2695-8529-4BE4-B4F6-8E77A9BD8BD1}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{DF26501F-A677-4B50-A9C5-181C4E586BD5}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F7DE86D6-CD73-4073-B2EF-634E7B793098}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1092429605-344133657-2961457036-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1092429605-344133657-2961457036-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope value is missing
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP6-10050/support/ieatgpc1.cab

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-24] (Oracle Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AggregationAdjustmentService; E:\MICROS\myMicros\aggAdjService\wrapper\wrapper.exe [225280 2014-08-26] () [File not signed]
R2 AlertService; E:\MICROS\myMicros\AlertEngine\wrapper.exe [225280 2014-08-26] () [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-13] (Microsoft Corporation)
R2 frmUtg2Service; C:\Shift4\UTG2\UTG2Svc.exe [9312248 2016-10-19] (Shift4 Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2018-04-05] (SurfRight B.V.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S3 InfoDeliveryServiceWrapper; E:\MICROS\myMicros\infoDelivery\Wrapper.exe [195584 2014-08-26] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MICROS Direct Posting Service; E:\MICROS\Simphony2\DirectPostingService\DirectPostingService.exe [866816 2015-05-29] (MICROS Systems, Inc.) [File not signed]
R2 MICROS Sequencer Service; E:\MICROS\Simphony2\SequencerService\SequencerService.exe [37376 2015-05-05] (MICROS Systems, Inc.) [File not signed]
R2 MSSQLSERVER; D:\MSSQL\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R2 PortalServiceWrapper; E:\MICROS\myMicros\myPortal\bin\Wrapper.exe [195584 2014-08-26] () [File not signed]
R2 RDXmon; C:\Program Files (x86)\RDX\Service\RDXmon.exe [82432 2012-05-30] () [File not signed]
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-13] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-13] (Microsoft Corporation)
R2 SimMobileAggService; E:\MICROS\myMicros\SimphonyMobileAggregation\wrapper.exe [225280 2014-08-26] () [File not signed]
R2 SQLSERVERAGENT; D:\MSSQL\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [1397728 2017-03-14] (GlavSoft LLC.)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S2 WSHIPS; C:\Windows\system32\WSHIPS.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 epp; C:\EEK\bin64\epp.sys [142448 2018-04-10] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-05] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-05] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-18] (Malwarebytes)
R3 q57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [467224 2015-07-28] (Broadcom Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-13] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-03-14] ()
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-04-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-04-05] (Zemana Ltd.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFSafeBox.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-18 09:06 - 2018-04-18 09:06 - 000012200 _____ C:\Users\Administrator\Downloads\FRST.txt
2018-04-18 09:06 - 2018-04-18 09:06 - 000000000 ____D C:\FRST
2018-04-18 09:05 - 2018-04-18 09:06 - 002403328 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2018-04-18 06:38 - 2018-04-18 09:06 - 000162759 _____ C:\Windows\ZAM.krnl.trace
2018-04-15 22:51 - 2018-04-15 22:51 - 000001362 _____ C:\Users\Administrator\Desktop\Malwarebytes.txt
2018-04-12 10:13 - 2018-04-12 10:13 - 000031832 _____ C:\Users\Administrator\AppData\Local\Temp\microssupport.bmp
2018-04-12 10:13 - 2018-04-12 10:13 - 000031832 _____ C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2018-04-12 10:12 - 2018-04-12 10:12 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\TightVNC
2018-04-12 06:01 - 2018-04-12 09:05 - 000000000 ____D C:\Windows\system32\MpEngineStore
2018-04-11 08:37 - 2018-04-11 08:37 - 000000000 ____D C:\ProgramData\TightVNC
2018-04-11 08:37 - 2018-04-11 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2018-04-11 08:37 - 2018-04-11 08:37 - 000000000 ____D C:\Program Files (x86)\TightVNC
2018-04-11 08:26 - 2018-03-30 22:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-11 08:26 - 2018-03-30 22:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-11 08:26 - 2018-03-30 22:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-11 08:26 - 2018-03-30 22:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-11 08:26 - 2018-03-30 22:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-11 08:26 - 2018-03-30 21:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-11 08:26 - 2018-03-30 21:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-11 08:26 - 2018-03-30 21:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-11 08:26 - 2018-03-30 21:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 21:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-11 08:26 - 2018-03-30 21:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-11 08:26 - 2018-03-30 21:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-11 08:26 - 2018-03-30 21:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-11 08:26 - 2018-03-30 21:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-11 08:26 - 2018-03-30 21:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-11 08:26 - 2018-03-30 20:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-11 08:26 - 2018-03-30 20:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-11 08:26 - 2018-03-30 20:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-11 08:26 - 2018-03-30 20:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-11 08:26 - 2018-03-30 20:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-11 08:26 - 2018-03-30 20:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-11 08:26 - 2018-03-30 20:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-11 08:26 - 2018-03-30 20:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-11 08:26 - 2018-03-30 20:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-11 08:26 - 2018-03-30 20:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-11 08:26 - 2018-03-30 20:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 20:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 20:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 20:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-11 08:26 - 2018-03-30 20:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-11 08:26 - 2018-03-28 03:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-11 08:26 - 2018-03-10 13:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-11 08:26 - 2018-03-09 14:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-11 08:26 - 2018-03-09 14:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-11 08:26 - 2018-03-09 14:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-11 08:26 - 2018-03-09 14:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-11 08:26 - 2018-03-09 14:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-11 08:26 - 2018-03-09 14:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-11 08:26 - 2018-03-09 14:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-11 08:26 - 2018-03-09 14:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-11 08:26 - 2018-03-09 14:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-11 08:26 - 2018-03-09 14:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-11 08:26 - 2018-03-09 14:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-11 08:26 - 2018-03-09 13:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-11 08:26 - 2018-03-06 14:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-11 08:26 - 2018-03-06 14:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-11 08:26 - 2018-03-06 14:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-11 08:26 - 2018-03-06 14:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-11 08:26 - 2018-03-06 14:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-11 08:26 - 2018-03-06 14:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-11 08:26 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-11 08:25 - 2018-03-30 21:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-11 08:25 - 2018-03-30 21:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-11 08:25 - 2018-03-30 21:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-11 08:25 - 2018-03-30 21:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-11 08:25 - 2018-03-30 21:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-11 08:25 - 2018-03-30 21:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-11 08:25 - 2018-03-23 14:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-11 08:25 - 2018-03-23 13:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-11 08:25 - 2018-03-22 19:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-11 08:25 - 2018-03-22 17:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-11 08:25 - 2018-03-22 17:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-11 08:25 - 2018-03-22 17:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-11 08:25 - 2018-03-22 17:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-11 08:25 - 2018-03-22 17:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-11 08:25 - 2018-03-22 17:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-11 08:25 - 2018-03-22 17:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-11 08:25 - 2018-03-22 17:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-11 08:25 - 2018-03-22 17:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-11 08:25 - 2018-03-22 17:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-11 08:25 - 2018-03-22 17:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-11 08:25 - 2018-03-22 17:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-11 08:25 - 2018-03-22 17:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-11 08:25 - 2018-03-22 17:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-11 08:25 - 2018-03-22 17:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-11 08:25 - 2018-03-22 17:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-11 08:25 - 2018-03-22 17:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-11 08:25 - 2018-03-22 17:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-11 08:25 - 2018-03-22 16:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-11 08:25 - 2018-03-22 16:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-11 08:25 - 2018-03-22 16:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-11 08:25 - 2018-03-22 16:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-11 08:25 - 2018-03-22 16:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-11 08:25 - 2018-03-22 16:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-11 08:25 - 2018-03-22 16:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-11 08:25 - 2018-03-22 16:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-11 08:25 - 2018-03-22 16:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-11 08:25 - 2018-03-22 16:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-11 08:25 - 2018-03-22 16:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-11 08:25 - 2018-03-22 16:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-11 08:25 - 2018-03-22 16:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-11 08:25 - 2018-03-22 16:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-11 08:25 - 2018-03-22 16:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-11 08:25 - 2018-03-22 16:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-11 08:25 - 2018-03-22 16:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-11 08:25 - 2018-03-22 16:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-11 08:25 - 2018-03-22 16:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-11 08:25 - 2018-03-22 16:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-11 08:25 - 2018-03-22 16:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-11 08:25 - 2018-03-22 16:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-11 08:25 - 2018-03-22 16:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-11 08:25 - 2018-03-22 16:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-11 08:25 - 2018-03-22 16:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-11 08:25 - 2018-03-22 16:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-11 08:25 - 2018-03-22 16:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-11 08:25 - 2018-03-22 16:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-11 08:25 - 2018-03-22 16:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-11 08:25 - 2018-03-22 16:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-11 08:25 - 2018-03-22 16:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-11 08:25 - 2018-03-22 16:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-11 08:25 - 2018-03-22 16:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-11 08:25 - 2018-03-22 16:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-11 08:25 - 2018-03-22 16:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-11 08:25 - 2018-03-22 16:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-11 08:25 - 2018-03-22 16:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-11 08:25 - 2018-03-22 16:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-11 08:25 - 2018-03-22 16:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-11 08:25 - 2018-03-22 16:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-11 08:25 - 2018-03-22 16:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-11 08:25 - 2018-03-22 16:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-11 08:25 - 2018-03-22 16:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-11 08:25 - 2018-03-22 15:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-11 08:25 - 2018-03-22 15:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-11 08:25 - 2018-03-22 15:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-11 08:25 - 2018-03-22 15:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-10 10:20 - 2018-04-10 10:20 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4132F4FD.sys
2018-04-10 10:07 - 2018-04-10 10:07 - 000001494 _____ C:\Users\Administrator\Desktop\Malwarebytesscan.txt
2018-04-10 10:07 - 2018-04-10 10:07 - 000000000 _____ C:\Users\Administrator\Desktop\Malwarebytesscan.lnk
2018-04-10 09:40 - 2018-04-10 09:40 - 000019772 _____ C:\Users\Administrator\Desktop\cc_20180410_094041.reg
2018-04-09 08:30 - 2018-04-09 08:30 - 000000644 _____ C:\Users\Administrator\Desktop\esetscan.txt
2018-04-08 21:15 - 2018-04-08 21:15 - 000135760 _____ (ESET) C:\Users\Administrator\AppData\Local\Temp\ehdrv.sys
2018-04-08 21:07 - 2018-04-08 21:07 - 000001230 _____ C:\Users\Administrator\Desktop\AdwCleaner[S3].txt
2018-04-08 20:50 - 2018-04-08 20:50 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\1563231F.sys
2018-04-08 20:49 - 2018-04-10 10:30 - 000000000 ____D C:\Users\Administrator\Desktop\mbar
2018-04-08 20:49 - 2018-04-10 10:30 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-08 20:49 - 2018-04-08 20:49 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.10.3.1001.exe
2018-04-08 20:41 - 2018-04-18 07:48 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-08 20:41 - 2018-04-08 20:41 - 000002812 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-08 20:41 - 2018-04-08 20:41 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-08 20:41 - 2018-04-08 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-08 20:41 - 2018-04-08 20:41 - 000000000 ____D C:\Program Files\CCleaner
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record3.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record2.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record1.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record0.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000000512 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record.mbr
2018-04-05 13:19 - 2018-04-05 13:24 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-05 13:19 - 2018-04-05 13:19 - 011605440 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64 (1).exe
2018-04-05 13:19 - 2018-04-05 13:19 - 000001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-04-05 13:19 - 2018-04-05 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-04-05 13:19 - 2018-04-05 13:19 - 000000000 ____D C:\Program Files\HitmanPro
2018-04-05 12:49 - 2018-04-18 09:06 - 000031524 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-04-05 12:49 - 2018-04-05 13:45 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-04-05 12:49 - 2018-04-05 12:49 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-04-05 12:49 - 2018-04-05 12:49 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-04-05 12:49 - 2018-04-05 12:49 - 000001078 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-04-05 12:49 - 2018-04-05 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-04-05 12:20 - 2018-04-05 12:21 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2018-04-05 10:33 - 2018-04-18 06:38 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-05 10:33 - 2018-04-18 06:38 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-05 10:33 - 2018-04-18 06:38 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-05 10:33 - 2018-04-05 10:33 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-05 10:33 - 2018-04-05 10:33 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-05 10:32 - 2018-04-05 10:32 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-05 10:32 - 2018-04-05 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-05 10:32 - 2018-04-05 10:32 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-05 10:32 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-03 18:16 - 2018-04-03 18:17 - 000133439 _____ C:\Users\Administrator\AppData\Local\Temp\Uninstall Log 2018-04-03 #001.txt
2018-04-03 18:13 - 2018-04-05 10:27 - 000005187 _____ C:\Users\Administrator\AppData\Local\Temp\Setup Log 2018-04-03 #001.txt
2018-03-26 21:55 - 2018-03-26 21:55 - 000001096 _____ C:\Users\Administrator\Desktop\AdwCleaner[S1].txt
2018-03-26 21:45 - 2018-03-26 21:45 - 000050705 _____ C:\Users\Administrator\Desktop\MTB.txt
2018-03-26 21:39 - 2018-03-26 22:34 - 040510072 _____ (Microsoft Corporation) C:\Windows-KB890830-x64-V5.58.exe
2018-03-26 21:29 - 2018-03-26 21:29 - 000000000 _____ C:\prefs.js
2018-03-26 21:28 - 2018-03-26 21:36 - 000050705 _____ C:\MTB.txt
2018-03-26 21:19 - 2018-04-05 11:09 - 000001512 _____ C:\Users\Administrator\Desktop\scanresults.txt
2018-03-19 18:10 - 2018-03-19 18:10 - 000000000 ____D C:\ProgramData\bdch

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-18 09:06 - 2018-01-29 11:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2018-04-18 08:28 - 2009-07-14 00:49 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-18 08:28 - 2009-07-14 00:49 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-18 08:20 - 2016-12-27 17:10 - 000000000 ____D C:\Shift4
2018-04-18 07:02 - 2018-01-20 06:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-18 06:48 - 2011-07-28 04:03 - 000876356 _____ C:\Windows\system32\perfh00A.dat
2018-04-18 06:48 - 2011-07-28 04:03 - 000209050 _____ C:\Windows\system32\perfc00A.dat
2018-04-18 06:48 - 2011-07-28 03:50 - 000830648 _____ C:\Windows\system32\perfh007.dat
2018-04-18 06:48 - 2011-07-28 03:50 - 000195144 _____ C:\Windows\system32\perfc007.dat
2018-04-18 06:48 - 2011-07-28 03:33 - 000868756 _____ C:\Windows\system32\perfh010.dat
2018-04-18 06:48 - 2011-07-28 03:33 - 000194706 _____ C:\Windows\system32\perfc010.dat
2018-04-18 06:48 - 2011-07-28 03:20 - 000877154 _____ C:\Windows\system32\perfh00C.dat
2018-04-18 06:48 - 2011-07-28 03:20 - 000197866 _____ C:\Windows\system32\perfc00C.dat
2018-04-18 06:48 - 2009-07-14 01:10 - 005180064 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-18 06:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-04-18 06:40 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\inetsrv
2018-04-18 06:38 - 2016-12-10 12:30 - 000003337 _____ C:\Windows\system32\SecData.bin
2018-04-18 06:38 - 2009-07-14 01:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-14 08:36 - 2018-01-20 06:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2018-04-12 22:09 - 2016-12-09 23:00 - 000000000 ____D C:\Users\Administrator
2018-04-12 09:34 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-04-12 09:08 - 2009-07-14 00:49 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-12 05:15 - 2016-12-09 17:16 - 000000000 ____D C:\Windows\system32\MRT
2018-04-12 05:06 - 2017-10-11 03:03 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-12 04:50 - 2016-12-09 17:16 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-10 11:20 - 2018-03-12 20:51 - 000000000 ____D C:\EEK
2018-04-10 10:38 - 2018-03-12 21:39 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\EEK
2018-04-10 10:32 - 2017-11-25 18:39 - 000001932 _____ C:\Users\Administrator\Desktop\Rkill.txt
2018-04-08 21:06 - 2018-03-14 17:14 - 000000000 ____D C:\AdwCleaner
2018-04-08 20:50 - 2018-03-14 11:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-08 20:43 - 2016-12-09 22:47 - 000000000 ____D C:\Windows\Panther
2018-04-07 03:29 - 2018-01-20 06:40 - 000000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-07 03:29 - 2018-01-20 06:40 - 000000961 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-29 16:34 - 2016-12-29 20:24 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\WebEx
2018-03-29 16:34 - 2016-12-29 20:24 - 000000000 ____D C:\ProgramData\WebEx
2018-03-29 16:34 - 2009-07-14 01:37 - 000000000 ____D C:\Windows\Downloaded Program Files

==================== Files in the root of some directories =======

2016-12-10 12:27 - 2016-12-10 12:27 - 000407940 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI3A22.txt
2016-12-10 12:27 - 2016-12-10 12:27 - 000012794 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI3A22.txt
2018-02-01 12:43 - 2018-02-01 12:43 - 000140800 _____ () C:\Users\Administrator\AppData\Local\installer.dat
2016-12-15 18:12 - 2018-02-27 02:48 - 000007607 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2018-02-01 15:10 - 2018-02-01 15:10 - 000000000 _____ () C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-18 06:55

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Administrator (18-04-2018 09:07:09)
Running from C:\Users\Administrator\Downloads
Windows Server 2008 R2 Standard Service Pack 1 (X64) (2016-12-10 02:59:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1092429605-344133657-2961457036-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1092429605-344133657-2961457036-501 - Limited - Disabled)
microssupport (S-1-5-21-1092429605-344133657-2961457036-1005 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
HP RDX Tools 1.50 (HKLM-x32\...\{B917B014-00BA-4732-8A1A-9FD367109FD7}) (Version: 1.50 - Tandberg Data)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java™ SE Development Kit 6 Update 24 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Command Line Utilities (HKLM\...\{F26F4BDE-E383-4390-86A9-11D3D050CF9A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Books Online (HKLM-x32\...\{74F7B314-0507-4F91-9A4E-B6C9B027E410}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 (x64) (HKLM\...\{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}) (Version: 2.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Shift4 Universal Transaction Gateway (HKLM-x32\...\{9ABBC900-E038-4BBF-95CE-48E7697F841F}) (Version: 4.7.0.2286 - Shift4 Corporation) Hidden
SQL Server 2008 R2 Client Tools (HKLM\...\{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Client Tools (HKLM\...\{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (HKLM\...\{51E5BC99-A087-4CFF-8D93-462903EA7E12}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (HKLM\...\{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
TightVNC (HKLM-x32\...\{C148910C-51F8-4D36-BFBD-87A64B139006}) (Version: 2.8.8.0 - GlavSoft LLC.)
Universal Transaction Gateway® (HKLM-x32\...\Universal Transaction Gateway®) (Version: 4.7.0.2286 - Shift4 Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-04-05] ()
ContextMenuHandlers1: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2016-03-02] (Bitdefender)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [RdxShlExt] -> {9E6C9AB4-B9BD-481D-8D8B-70D739B71312} => C:\Program Files (x86)\RDX\ShlExt\x64\RdxExt.dll [2012-05-30] (ProStor Systems, Inc.)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-04-05] ()
ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2016-03-02] (Bitdefender)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3FDAFD4D-B54A-4F5E-B46E-691DA38780A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-13] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)
Task: {C7B7906E-CC7D-4285-B258-F4CBB902166C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-01 13:39 - 2013-03-19 12:07 - 000712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2018-02-01 13:39 - 2013-09-03 14:29 - 000111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2016-12-16 19:03 - 2014-08-26 21:15 - 000225280 _____ () E:\MICROS\myMicros\aggAdjService\wrapper\wrapper.exe
2016-12-16 19:03 - 2014-08-26 20:07 - 000225280 _____ () E:\MICROS\myMicros\AlertEngine\wrapper.exe
2016-12-16 19:03 - 2014-08-26 20:07 - 000084992 _____ () E:\MICROS\myMicros\AlertEngine\wrapper-windows-x86-64.dll
2016-12-16 19:03 - 2014-08-26 21:15 - 000084992 _____ () E:\MICROS\myMicros\aggAdjService\wrapper\wrapper-windows-x86-64.dll
2016-12-16 19:02 - 2014-08-26 20:47 - 000195584 _____ () E:\MICROS\myMicros\myPortal\bin\Wrapper.exe
2012-05-30 11:51 - 2012-05-30 11:51 - 000082432 _____ () C:\Program Files (x86)\RDX\Service\RDXmon.exe
2016-12-16 19:03 - 2014-08-26 21:15 - 000225280 _____ () E:\MICROS\myMicros\SimphonyMobileAggregation\wrapper.exe
2016-12-16 19:02 - 2014-08-26 20:47 - 000084992 _____ () E:\MICROS\myMicros\myPortal\lib\wrapper-windows-x86-64.dll
2016-12-16 19:03 - 2014-08-26 21:15 - 000084992 _____ () E:\MICROS\myMicros\SimphonyMobileAggregation\wrapper-windows-x86-64.dll
2018-04-05 10:32 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-05 10:32 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-05 12:49 - 2018-04-05 12:49 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-09-13 03:11 - 2017-09-13 03:11 - 000004096 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\egateway\66abf3a3\2b373862\App_global.asax._npbt9a6.dll
2017-09-13 03:11 - 2017-09-13 03:11 - 000278528 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\egateway\66abf3a3\2b373862\assembly\dl3\f2a6d2a5\deec1840_9687d001\MICROS.myLabor.WebService.XmlSerializers.DLL
2017-09-13 03:11 - 2017-09-13 03:11 - 000233472 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\egateway\66abf3a3\2b373862\assembly\dl3\76599e05\fe9ba93f_9687d001\MICROS.Scheduling.WebService.XmlSerializers.DLL
2017-09-13 03:11 - 2017-09-13 03:11 - 000141824 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\egateway\66abf3a3\2b373862\assembly\dl3\786f4b5f\02485444_9687d001\MyMicrosClient.DLL
2017-09-13 03:11 - 2017-09-13 03:11 - 000221184 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\egateway\66abf3a3\2b373862\assembly\dl3\255d0f23\0a9aa444_9687d001\MyMicrosClient.XmlSerializers.DLL
2017-09-13 03:11 - 2017-09-13 03:11 - 000024064 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\egateway\66abf3a3\2b373862\assembly\dl3\54f28d84\6e7f658a_9687d001\MyPos.CommandModule.Offline.DLL
2017-09-13 03:11 - 2017-09-13 03:11 - 000010752 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\egateway\66abf3a3\2b373862\assembly\dl3\8c5f8161\52987866_9687d001\MyPos.Payment.Offline.DLL
2016-12-16 19:04 - 2015-05-05 20:48 - 000010752 _____ () E:\MICROS\Simphony2\EgatewayService\Handlers\MyPos.Payment.Offline.dll
2016-12-16 19:04 - 2015-05-05 20:49 - 000024064 _____ () E:\MICROS\Simphony2\EgatewayService\Handlers\MyPos.CommandModule.Offline.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AeroadminService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-04-05 13:40 - 000000797 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1092429605-344133657-2961457036-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [{0DF290A0-23AC-4717-BEC1-89E8FE38D541}] => (Allow) LPort=3389
FirewallRules: [{3F1F4BCD-D48F-4ECD-B989-B94A7D7776B1}] => (Allow) LPort=3389
FirewallRules: [{075307DC-3334-438B-BD1C-136735C7C92C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4E8B231D-9A6A-4C43-B857-DC0EB47F7532}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68A19AFD-F785-4907-ABAC-903FE27E1BE3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6EC94CB0-64F6-4BC2-8A91-41CCEF39B2D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DA9BECD1-2706-4060-9F44-13B3975BA6D9}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Ethernet 1Gb 4-port 331i Adapter #4
Description: HP Ethernet 1Gb 4-port 331i Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard Company
Service: q57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: System Interrupt Controller
Description: System Interrupt Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: bdfwfpf
Description: bdfwfpf
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bdfwfpf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2018 08:30:18 AM) (Source: .NET Runtime) (EventID: 0) (User: )
Description: .NET Runtime version : 2.0.50727.8762 - Application ErrorApplication has generated an exception that could not be handled.

Process ID=0x144c (5196), Thread ID=0x1010 (4112).

Click OK to terminate the application.
Click CANCEL to debug the application.

Error: (04/18/2018 06:38:33 AM) (Source: MSSQLSERVER) (EventID: 17187) (User: )
Description: SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again. [CLIENT: 127.0.0.1]

Error: (04/18/2018 06:38:33 AM) (Source: MSSQLSERVER) (EventID: 17187) (User: )
Description: SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again. [CLIENT: 127.0.0.1]


System errors:
=============
Error: (04/18/2018 06:38:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bdfwfpf
trufos

Error: (04/18/2018 06:38:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Secure High Protection Service service terminated with the following error:
The specified module could not be found.

Error: (04/18/2018 06:38:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:32:25 AM on ‎4/‎18/‎2018 was unexpected.

Error: (04/18/2018 04:00:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{46063B1E-BE4A-4014-8755-5B377CD462FC}
and APPID
{FAAFC69C-F4ED-4CCA-8849-7B882279EDBE}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/18/2018 04:00:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{46063B1E-BE4A-4014-8755-5B377CD462FC}
and APPID
{FAAFC69C-F4ED-4CCA-8849-7B882279EDBE}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/18/2018 03:00:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{46063B1E-BE4A-4014-8755-5B377CD462FC}
and APPID
{FAAFC69C-F4ED-4CCA-8849-7B882279EDBE}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/18/2018 03:00:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{46063B1E-BE4A-4014-8755-5B377CD462FC}
and APPID
{FAAFC69C-F4ED-4CCA-8849-7B882279EDBE}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/18/2018 12:47:05 AM) (Source: DCOM) (EventID: 10009) (User: )
Description: DCOM was unable to communicate with the computer 195.22.127.93 using any of the configured protocols.


CodeIntegrity:
===================================

Date: 2018-03-02 17:10:16.272
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF_AV.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-02 17:10:15.766
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-01 08:45:40.221
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF_AV.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-01 08:45:39.801
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF_AV.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-01 08:45:39.166
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-01 08:45:38.581
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-01 06:31:29.972
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF_AV.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-01 06:31:29.442
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF_AV.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Xeon® CPU E5-2620 v3 @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 24450.32 MB
Available physical RAM: 17758.59 MB
Total Virtual: 48898.81 MB
Available Virtual: 40569.57 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:139.57 GB) (Free:35.45 GB) NTFS
Drive d: (DATA) (Fixed) (Total:558.73 GB) (Free:501.47 GB) NTFS
Drive e: (MICROS) (Fixed) (Total:139.45 GB) (Free:81.19 GB) NTFS

\\?\Volume{7d948f3e-be83-11e6-984c-806e6f6e6963}\ () (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 279.4 GB) (Disk ID: DDF521A6)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 558.7 GB) (Disk ID: E01899D1)
Partition 1: (Not Active) - (Size=558.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 18 April 2018 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 18 April 2018 - 08:31 PM

Greetings martymar25 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

We do not normally work on Servers so I am reluctant to be too aggressive in making changes to your computer. It is necessary for you to review all the steps I propose since you are more familiar with the Operating System than am I. Though I would never intentionally do anything to make things worse rather than better, I am at a bit of a disadvantage and can't guarantee an outcome.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CloseProcesses:
S2 WSHIPS; C:\Windows\system32\WSHIPS.dll
HKU\S-1-5-21-1092429605-344133657-2961457036-500\...\MountPoints2: {e0b83c15-be58-11e6-8147-1402ec06f947} - H:\Setup.exe
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFSafeBox.sys [X]
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record3.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record2.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record1.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record0.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000000512 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record.mbr
2018-04-18 09:06 - 2018-01-29 11:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2018-02-01 15:10 - 2018-02-01 15:10 - 000000000 _____ () C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar
cmd: type "C:\prefs.js"
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Test your computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 martymar25

martymar25
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 19 April 2018 - 09:55 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Administrator (19-04-2018 10:07:39) Run:1
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Classic .NET AppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
S2 WSHIPS; C:\Windows\system32\WSHIPS.dll
HKU\S-1-5-21-1092429605-344133657-2961457036-500\...\MountPoints2: {e0b83c15-be58-11e6-8147-1402ec06f947} - H:\Setup.exe
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFSafeBox.sys [X]
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record3.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record2.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record1.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000007168 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record0.vbr
2018-04-06 11:28 - 2018-04-08 20:44 - 000000512 _____ C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record.mbr
2018-04-18 09:06 - 2018-01-29 11:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2018-02-01 15:10 - 2018-02-01 15:10 - 000000000 _____ () C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar
cmd: type "C:\prefs.js"
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:

*****************

Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\WSHIPS" => removed successfully
WSHIPS => service removed successfully
"HKU\S-1-5-21-1092429605-344133657-2961457036-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0b83c15-be58-11e6-8147-1402ec06f947}" => removed successfully
HKLM\Software\Classes\CLSID\{e0b83c15-be58-11e6-8147-1402ec06f947} => not found
"HKLM\System\CurrentControlSet\Services\esgiguard" => removed successfully
esgiguard => service removed successfully
"HKLM\System\CurrentControlSet\Services\EsgScanner" => removed successfully
EsgScanner => service removed successfully
"HKLM\System\CurrentControlSet\Services\IMFMBRProtect" => removed successfully
IMFMBRProtect => service removed successfully
"HKLM\System\CurrentControlSet\Services\IMFSafeBox" => removed successfully
IMFSafeBox => service removed successfully
C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record3.vbr => moved successfully
C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record2.vbr => moved successfully
C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record1.vbr => moved successfully
C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record0.vbr => moved successfully
C:\Users\Administrator\AppData\Local\Temp\zam-shadow-copy-record.mbr => moved successfully
C:\Users\Administrator\AppData\Local\Temp\1 => moved successfully
Could not move "C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar" => Scheduled to move on reboot.

========= type "C:\prefs.js" =========

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= Bitsadmin /Reset /Allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{C5B0AD51-9CF5-4875-B67C-72F372CE317C} canceled.
{98F64CB1-E17C-4A61-82CF-8D53E135AF83} canceled.
{BE010E58-119D-4A8E-A96A-778A94E8D6D0} canceled.
{06B662AE-EECC-4143-8F9B-28A578ADFC13} canceled.
{BDE2D76B-1694-4999-B973-31908D3B7FE0} canceled.
5 out of 5 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1092429605-344133657-2961457036-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1092429605-344133657-2961457036-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2593161 B
Java, Flash, Steam htmlcache => 405 B
Windows/system/drivers => 541072854 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 33253 B
LocalService => 0 B
NetworkService => 0 B
Administrator => 36685024 B
Classic .NET AppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 561.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-04-2018 10:14:08)

C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar => Could not move

==== End of Fixlog 10:14:08 ====

 

 

It typically takes a few hours for the infection to reappear so I will monitor it for the next 6 hours or so. Thanks a million Gary



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 19 April 2018 - 10:00 AM

You are quite welcome.

Can you manually look to see if this file exists and if so zip and attach it?

C:\prefs.js


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 martymar25

martymar25
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 19 April 2018 - 01:07 PM

Here it is..

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 19 April 2018 - 02:57 PM

Thank you.

You can delete that file.

Whenever convenient let me know how things are going.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 martymar25

martymar25
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 20 April 2018 - 01:55 PM

Hi Gary its doing what its always done, somehow coming back . Here are my malwarebyte results:

 

CPU: x64
File System: NTFS
User: NASHIPOSFB1\Administrator

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 255388
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP\YAM1.EXE.411711.GZQUAR, No Action By User, [912], [507500],1.0.4816

Physical Sector: 0
(No malicious items detected)

(end)



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 20 April 2018 - 04:25 PM

Greetings,

The GZQUAR file extension is supposed to be related to a Bitdefender quarantined file. However, typically they are not found in the locations indicated in your reports. Can you check your Bitdefender logs to see if there is any information related to these entries?

Scotrantam.exe
SVCHXOT.EXE
YAM1.EXE


Please do this in Safe Mode with Networking.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CloseProcesses:
C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP\SVCHXOT.EXE.437096.GZQUAR
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP\YAM1.EXE.411711.GZQUAR
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller Anti-Malware

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then continually click Next until you click Install
  • Click Finish
  • Click Accept
  • Under # Software Version if it does not indicate up to date click Check for updates >>
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Bitdefender information
  • Fixlist
  • RogueKiller log
  • Computer behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 23 April 2018 - 11:07 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 martymar25

martymar25
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 23 April 2018 - 11:26 AM

Hi Gary sorry for the delay, I just got back to the office this morning, Im walking through your last post as we speak. I will follow up shortly, Thanks



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 23 April 2018 - 11:28 AM

Great, thanks. Don't mean to pester you but some people just leave and never say goodbye!
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 martymar25

martymar25
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 23 April 2018 - 03:35 PM

Gary I tried running the recovery scan but I guess it had already removed them because it couldnt locate them.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 23 April 2018 - 05:22 PM

Do you have the Fixlog and Roguekiller reports?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 martymar25

martymar25
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 25 April 2018 - 09:10 AM

Good Morning Gary here is the fix log from Monday, I think bitdefender had already moved the files:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by Administrator (23-04-2018 12:27:08) Run:2
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Classic .NET AppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP\SVCHXOT.EXE.437096.GZQUAR
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP\YAM1.EXE.411711.GZQUAR
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP

*****************

Processes closed successfully.
Could not move "C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar" => Scheduled to move on reboot.
"C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP\SVCHXOT.EXE.437096.GZQUAR" => not found
"C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP\YAM1.EXE.411711.GZQUAR" => not found
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-04-2018 12:31:46)

C:\Users\Administrator\AppData\Local\Scotrantam.exe.436828.gzquar => Could not move

==== End of Fixlog 12:31:46 ====

 

 

Here is the Rogue Killer Scan from yesterday:

 

RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Server 2008 R2 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/24/2018 17:36:35 (Duration : 00:15:11)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Description -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] ecee1a1c9761979227e51297d7f8a815
[BSP] 6b5eb976e9dbbaa98bac79f9f5f842d2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 142920 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 293419008 | Size: 142798 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] c1bdcfbfec4eaec05a900043d4c1fda0
[BSP] 75e3c07c2a485fd78bf181f2fafb3a23 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572138 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: HP RDX USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

Here are the results from Todays Malwarebytes Scan I am asked to restart to removed the detected file (yam1.exe) :

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/25/18
Scan Time: 9:55 AM
Log File: 4d1c3cce-4890-11e8-a817-1402ec06f946.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4872
License: Free

-System Information-
OS: Windows Server 2008 R2 Service Pack 1
CPU: x64
File System: NTFS
User: NASHIPOSFB1\Administrator

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 254228
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 29 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\TEMP\YAM1.EXE.444607.GZQUAR, No Action By User, [914], [507500],1.0.4872

Physical Sector: 0
(No malicious items detected)

(end)

 

Here is



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 25 April 2018 - 09:36 AM

Thank you for the information. Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search: box
SearchAll: *Scotrantam*;*YAM1*
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users