Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win8.1: zombie? anomalus,PUPs, PUMs proxy, IAT:Addr hook, multiple infections?


  • This topic is locked This topic is locked
13 replies to this topic

#1 Merlinva

Merlinva

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:22 PM

Posted 29 April 2018 - 08:27 PM

Hello,

 

Thank you for running these forums.

 

My computer, Mouse Computer, LB-I5450G84

Windows 8.1,

Windows Defender has been disabled, not by me.

There is a new partition in my HD, which I did not make it.

Rans out of resources very quickly, 100% CPU and memory.

Fan very noisy and non-stop when connecting to the internet.

Takes minutes to open a file or load any Office application.

Sometimes it is impossible to shut down, and does not stop working hard with non-stop and the noisy fan but getting overheated. Sometimes the network icon disappears from the taskbar too.

 

RKill found several PUP.Gen1, PUM proxy, and many IAT:Addr hook. today

Yesterday, Malware Bytes quarantined:

"Machine Learning/anomalous.94%"

PUP.Optional.FFHijacker and

PUP.Optional.Startpage24

Plus getting even worse as it is not letting me to do a back up! I get the error from DriveImage :
"Could not flush write buffer for F:backup...drive_C.dat. the device is not ready!

Could you please help me?
Thank you.
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/26/18
Scan Time: 4:41 AM
Log File: ad1696b0-4903-11e8-b72d-00ffeae04b5a.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4876
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: MEME\MLI

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 432906
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 2 hr, 25 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.StartPage24, C:\USERS\MERCEDES LOPEZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D31ZLUX6.DEFAULT-1500576038687\EXTENSIONS\FFEXT_BASICVIDEOEXT@STARTPAGE24.XPI, Quarantined, [4770], [186354],1.0.4876
PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\55923859.js, Quarantined, [5484], [484674],1.0.4876
PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\55923859.CFG, Quarantined, [5484], [330649],1.0.4876

Physical Sector: 0
(No malicious items detected)


(end)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/27/18
Scan Time: 1:39 AM
Log File: 659e30a8-49b3-11e8-9620-00ffeae04b5a.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4886
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: MEME\MLI

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 433427
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 2 hr, 24 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
MachineLearning/Anomalous.94%, C:\USERS\MERCEDES LOPEZ\DOWNLOADS\_2.EXE.DAP, Quarantined, [0], [392687],1.0.4886
MachineLearning/Anomalous.94%, C:\USERS\MERCEDES LOPEZ\DOWNLOADS\_3.EXE.DAP, Quarantined, [0], [392687],1.0.4886

Physical Sector: 0
(No malicious items detected)


(end)



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 30 April 2018 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.

#3 Merlinva

Merlinva
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:22 PM

Posted 02 May 2018 - 08:34 PM

Thank you very much!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2018
Ran by Mercedes Lopez (administrator) on MEME (03-05-2018 02:16:20)
Running from C:\Users\Mercedes Lopez\Desktop\FRST64
Loaded Profiles: Mercedes Lopez (Available Profiles: Mercedes Lopez & S&NL-S & MLI)
Platform: Windows 8.1 (Update) (X64) Language: Japanese (Japan)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AnVir Software) C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-29] (AVAST Software)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareTray.exe [4745688 2018-02-24] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-04-17] (Intel)
HKU\S-1-5-21-4184657218-562847275-3791502786-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-4184657218-562847275-3791502786-1001\...\MountPoints2: {362033a3-81bf-11e7-8368-80fa5b06e6b0} - "F:\MediaJet.exe"
HKU\S-1-5-21-4184657218-562847275-3791502786-1001\...\MountPoints2: {dec044d5-9b1b-11e6-82bf-80fa5b06e6b0} - "F:\MediaJet.exe"
HKU\S-1-5-21-4184657218-562847275-3791502786-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\S&NL-S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-01-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{712706BF-0D62-489E-9BEE-7F64032C96A8}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9A354757-C6FF-403D-A85B-F48D012E1A73}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4184657218-562847275-3791502786-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4184657218-562847275-3791502786-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem.msn.com/?pc=NMJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4184657218-562847275-3791502786-1001 -> DefaultScope {4C402C02-B04C-4E96-A17D-91928E6EE6A5} URL =
SearchScopes: HKU\S-1-5-21-4184657218-562847275-3791502786-1001 -> {4C402C02-B04C-4E96-A17D-91928E6EE6A5} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-04-29] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-27] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-29] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-24] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: uy3rgwkv.default
FF DefaultProfile: d31zlux6.default-1500576038687
FF ProfilePath: C:\Users\Mercedes Lopez\AppData\Roaming\Zotero\Zotero\Profiles\uy3rgwkv.default [2018-05-03]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroOpenOfficeIntegration@zotero.org [2018-04-11] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroWinWordIntegration@zotero.org [2018-04-11] [Legacy] [not signed]
FF ProfilePath: C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687 [2018-05-03]
FF Homepage: Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687 -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687 -> type", 0
FF Extension: (Disconnect) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\2.0@disconnect.me.xpi [2017-12-25]
FF Extension: (Translate Now) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\@translatenow.xpi [2018-04-13]
FF Extension: (ADB Helper) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\adbhelper@mozilla.org.xpi [2018-02-27] [Legacy]
FF Extension: (All Tabs Helper) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\alltabshelper@alltabshelper.org.xpi [2018-01-10]
FF Extension: (Bookmarks Organizer) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\bookmarksorganizer@agenedia.com.xpi [2018-04-13]
FF Extension: (FoxyTab) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\foxytab@eros.man.xpi [2018-04-12]
FF Extension: (Valence) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\fxdevtools-adapters@mozilla.org [2017-09-26] [Legacy]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2017-07-25]
FF Extension: (Magic Actions for YouTube™) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2017-08-16]
FF Extension: (Word Count Tool) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\jid0-YHLk2psjhEWXNJqMKTU7dDcMJcN@jetpack.xpi [2018-02-10]
FF Extension: (Zip WebApp (Beta)) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\jid1-AqQG4Beii8FfZQ@jetpack.xpi [2018-01-09]
FF Extension: (Decentraleyes) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2018-02-22]
FF Extension: (download-helper) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\jid1-i6dUGvCrz2WZu8@jetpack.xpi [2018-04-18]
FF Extension: (Privacy Badger) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2018-04-25]
FF Extension: (Mute all inactive tabs) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\mute-all-inactive-tabs@evilpie.tomschuster.name.xpi [2018-01-10]
FF Extension: (Nimbus Screen Capture: Screenshot, Annotate) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2018-04-12]
FF Extension: (Print Edit WE) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\printedit-we@DW-dev.xpi [2018-04-12]
FF Extension: (Download Manager (S3)) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\s3download@statusbar.xpi [2018-04-25]
FF Extension: (S3.Translator) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\s3google@translator.xpi [2018-04-04]
FF Extension: (Avast SafePrice) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\sp@avast.com.xpi [2018-04-29]
FF Extension: (Text MultiCopy) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\textmulticopy@eros.man.xpi [2017-08-16]
FF Extension: (Tree Style Tab) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2018-03-23]
FF Extension: (uBlock Origin) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\uBlock0@raymondhill.net.xpi [2018-04-26]
FF Extension: (Avast Online Security) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\wrc@avast.com.xpi [2018-04-29]
FF Extension: (Zotero Connector) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\zotero@chnm.gmu.edu.xpi [2018-03-06]
FF Extension: (Screengrab!) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-04-25]
FF Extension: (Download with JDownloader) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{03e07985-30b0-4ae0-8b3e-0c7519b9bdf6}.xpi [2018-02-06]
FF Extension: (Download with Free Download Manager (FDM)) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{1fb1ffdc-b95d-451e-be52-7303adf9a0d3}.xpi [2018-02-06]
FF Extension: (Reader) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2018-02-27]
FF Extension: (EPUBReader) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-09-26]
FF Extension: (Merge Windows) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{6d0b1446-4a7c-40e9-9bcf-568a8e26d00b}.xpi [2018-04-11]
FF Extension: (Bulk Media Downloader) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2017-12-25]
FF Extension: (URLs List) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{88664789-f91e-40e1-adb9-e4e9a8c48867}.xpi [2018-01-10]
FF Extension: (WX Download Status Bar) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{a1c84bb7-d5fc-4906-90b4-965e520b29bf}.xpi [2018-02-27]
FF Extension: (Download Streamable Video) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{b4629e37-bbce-479a-8805-8235727e5abc}.xpi [2017-11-17]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-04-03]
FF Extension: (Video DownloadHelper) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Extension: (1-Click Downloader (Video or Photo)) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{bdfd9428-8d65-4ff5-bc97-4a883c2aba9c}.xpi [2017-08-16]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-10-08]
FF Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{f73df109-8fb4-453e-8373-f59e61ca4da3}.xpi [2018-02-16]
FF Extension: (KeepVid Pro) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{fbed2750-9a3e-44c5-832b-eb274b5e23cb}.xpi [2018-02-11]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker => not found
FF HKU\S-1-5-21-4184657218-562847275-3791502786-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)

Opera:
=======
OPR Extension: (Video Downloader Multiformat) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\beemgnphifpbdehfmohojkhlklfaddih [2017-07-17]
OPR Extension: (download-videos) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-05-01]
OPR Extension: (Bookmarks) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\fnlanmpednndkaaaleibncenahckbmhc [2017-06-05]
OPR Extension: (HD Video Downloader) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\gacckcgfmoapndlfjdjiffiblljijhep [2017-07-17]
OPR Extension: (Video Downloader GetThemAll) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipjignndhlpeimkmgpfnappdcohjealh [2017-07-17]
OPR Extension: (Download with JDownloader) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjbbcngfknmgdlekfofhaagmogeifbpc [2017-12-04]
OPR Extension: (Force Download) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2018-01-23]
OPR Extension: (Video Downloader 2015) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpnpijldpdipnfbjpfjgopcdnjejgbda [2017-07-17]
OPR Extension: (Flash Video Downloader (FVD)) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2017-08-15]
OPR Extension: (Mailto:) - C:\Users\Mercedes Lopez\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgjoobbdmnhgaajdkppafadldfedplpj [2017-02-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareService.exe [587832 2018-02-24] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-29] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-29] (AVAST Software)
S4 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94208 2014-05-06] () [File not signed]
S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566440 2018-04-23] (Microsoft Corporation)
S4 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-01] (Dropbox, Inc.)
S3 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-04-09] (Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-04-17] (Intel)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
S3 HPSmartDeviceAgentBase; c:\Program Files (x86)\HP\HPSmartDeviceAgentBase\Service\HPSmartDeviceAgentBase.exe [74024 2017-03-24] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [346152 2018-01-12] (Intel Corporation)
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [34816 2016-08-30] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-21] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48128 2016-04-01] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [949480 2016-08-29] ()
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-05-27] (CLEVO CO.) [File not signed]
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2016-04-01] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2016-04-01] (Microsoft Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-23] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-26] (Insyde Corporation)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-29] (AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-29] (AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-04-29] (AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-04-29] (AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-04-29] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-29] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-29] (AVAST Software)
R3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-29] (AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-29] (AVAST Software)
R3 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-29] (AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-29] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2015-03-10] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-05-03] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-05-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-03] (Malwarebytes)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RtkA2dp; C:\Windows\system32\drivers\RtkA2dp.sys [176344 2013-11-04] (Realtek Semiconductor Corporation)
S3 RtkAvrcp; C:\Windows\System32\drivers\RtkAvrcp.sys [57560 2013-08-13] (Realtek Semiconductor Corporation)
S3 RtkAvrcpCtrlr; C:\Windows\System32\drivers\RtkAvrcpCtrlr.sys [69848 2013-06-20] (Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-04-18] (Realtek Semiconductor Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3421040 2014-04-30] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [25608 2018-05-03] (SlimWare Utilities, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-04-29] ()
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [467040 2018-01-22] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [30728 2014-05-28] (Creative Technology Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-03-23] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-03-23] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-15] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-23] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-04-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-04-26] (Zemana Ltd.)
U3 aswbdisk; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 uxddrv; \??\C:\Users\Administrator\Desktop\WST\uxddrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-03 02:04 - 2018-05-03 02:04 - 000015890 ____C C:\Windows\system32\results.xml
2018-05-03 01:55 - 2018-05-03 01:56 - 000000000 ___DC C:\Windows\LastGood.Tmp
2018-05-03 01:18 - 2018-05-03 02:16 - 000000000 ___DC C:\Users\Mercedes Lopez\Desktop\FRST64
2018-05-03 01:14 - 2018-05-03 01:23 - 264424269 ____C (Realtek Semiconductor Corp.) C:\Users\Mercedes Lopez\Desktop\0009-64bit_Win7_Win8_Win81_Win10_R282.exe
2018-05-03 01:12 - 2018-05-03 01:13 - 010857121 ____C C:\Users\Mercedes Lopez\Desktop\realtek 0034-Install_Win8_8.1_8062_03202018.zip
2018-05-03 01:08 - 2018-05-03 01:08 - 000024576 ____C C:\Users\Mercedes Lopez\Desktop\intel Release News.txt
2018-05-03 01:08 - 2018-05-03 01:08 - 000004607 ____C C:\Users\Mercedes Lopez\Desktop\intel README.txt
2018-05-03 01:07 - 2018-05-03 01:15 - 205918208 ____C C:\Users\Mercedes Lopez\Desktop\IPDT_Installer_4.1.0.24.exe
2018-05-03 01:06 - 2018-05-03 01:09 - 062684415 ____C C:\Users\Mercedes Lopez\Desktop\bits-2073.zip
2018-05-03 01:04 - 2018-05-03 02:03 - 000000000 ___DC C:\Intel
2018-05-03 01:03 - 2018-05-03 01:03 - 000011947 ____C C:\Users\Mercedes Lopez\Desktop\Detailed-System-Report.html
2018-05-03 00:53 - 2018-05-03 00:53 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-05-03 00:50 - 2018-05-03 00:50 - 013898160 ____C (Intel) C:\Users\Mercedes Lopez\Desktop\Intel Driver and Support Assistant Installer(1).exe
2018-05-02 23:40 - 2018-05-03 02:04 - 000000510 ____C C:\Windows\Tasks\Avast Driver Updater Startup.job
2018-05-02 23:40 - 2018-05-03 02:03 - 000025608 ____C (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2018-05-02 23:40 - 2018-05-02 23:40 - 000002934 ____C C:\Windows\System32\Tasks\Avast Driver Updater Startup
2018-05-02 23:40 - 2018-05-02 23:40 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\AVAST Software
2018-05-02 23:28 - 2018-05-02 23:28 - 000002517 ____C C:\Users\Public\Desktop\Avast Driver Updater.lnk
2018-05-02 23:28 - 2018-05-02 23:28 - 000000000 ___DC C:\Users\Public\Documents\Downloaded Installers
2018-05-02 23:28 - 2018-05-02 23:28 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
2018-05-02 23:28 - 2018-05-02 23:28 - 000000000 ___DC C:\Program Files (x86)\Avast Driver Updater
2018-05-02 22:29 - 2018-05-02 23:11 - 000001538 ____C C:\Users\Mercedes Lopez\Desktop\-accountservergroupcom.crt
2018-05-02 22:22 - 2018-05-02 22:22 - 000001031 ____C C:\Users\Mercedes Lopez\Desktop\MailShield.der
2018-05-02 21:39 - 2018-05-03 02:18 - 000103384 ____C C:\Windows\ZAM.krnl.trace
2018-05-02 21:39 - 2018-05-03 02:18 - 000028016 ____C C:\Windows\ZAM_Guard.krnl.trace
2018-05-02 09:28 - 2018-05-02 09:28 - 000000000 __HDC C:\Users\Public\Documents\AdobeGC
2018-04-30 03:14 - 2018-04-30 03:14 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\Alexandre_Coelho
2018-04-30 03:09 - 2018-04-30 03:09 - 000916254 ____C C:\Users\Mercedes Lopez\Desktop\WSA_SA_Report-Mon_2018-04-30_03-09-29.bmp
2018-04-30 03:09 - 2018-04-30 03:09 - 000000079 ____C C:\Users\Mercedes Lopez\Desktop\WSA_SA_Report-Mon_2018-04-30_03-09-29.html
2018-04-30 03:07 - 2018-04-30 03:08 - 000000000 ___DC C:\ProgramData\WRData
2018-04-30 02:22 - 2018-04-30 02:22 - 000001601 ____C C:\Users\Mercedes Lopez\Desktop\2018-04-27 b malware bytes report.txt
2018-04-30 02:19 - 2018-04-30 02:19 - 000001383 ____C C:\Users\Mercedes Lopez\Desktop\2018-04-27 malware bytes report.txt
2018-04-30 01:20 - 2018-04-30 01:29 - 000064236 ____C C:\Users\Mercedes Lopez\Desktop\Addition.txt
2018-04-30 01:13 - 2018-04-30 01:29 - 000110389 ____C C:\Users\Mercedes Lopez\Desktop\FRST.txt
2018-04-30 00:10 - 2018-04-30 00:10 - 000001123 ____C C:\Users\Public\Desktop\DriveImage XML.lnk
2018-04-30 00:10 - 2018-04-30 00:10 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2018-04-30 00:10 - 2018-04-30 00:10 - 000000000 ___DC C:\Program Files (x86)\Runtime Software
2018-04-30 00:08 - 2018-04-30 00:08 - 002023440 ____C C:\Users\Mercedes Lopez\Desktop\dixmlsetup.exe
2018-04-29 23:51 - 2018-04-29 23:51 - 000685320 ____C C:\Users\Mercedes Lopez\Desktop\rkreport html.html
2018-04-29 23:51 - 2018-04-29 23:13 - 001317821 ____C C:\Users\Mercedes Lopez\Desktop\rkreportjson.txt
2018-04-29 23:50 - 2018-04-29 23:50 - 000273198 ____C C:\Users\Mercedes Lopez\Desktop\RKreport.txt
2018-04-29 21:26 - 2018-04-29 21:32 - 000933766 ____C C:\TDSSKiller.3.1.0.17_29.04.2018_21.26.24_log.txt
2018-04-29 20:55 - 2018-04-29 21:22 - 000256178 ____C C:\TDSSKiller.3.1.0.17_29.04.2018_20.55.51_log.txt
2018-04-29 20:33 - 2018-04-29 21:34 - 000000000 __RDC C:\Users\Mercedes Lopez\Desktop\security
2018-04-29 20:30 - 2018-04-29 20:30 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Roaming\adaware
2018-04-29 20:30 - 2018-04-29 20:30 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\AdAwareDesktop
2018-04-29 20:21 - 2018-04-29 20:21 - 000002359 ____C C:\Users\Public\Desktop\Adaware Antivirus.lnk
2018-04-29 20:21 - 2018-04-29 20:21 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2018-04-29 20:16 - 2018-04-29 20:16 - 000000000 ___DC C:\Program Files\adaware
2018-04-29 20:11 - 2018-04-29 20:11 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\AdAwareUpdater
2018-04-29 20:09 - 2018-04-29 20:09 - 000000000 ___DC C:\Program Files\Common Files\adaware
2018-04-29 20:02 - 2018-04-29 20:02 - 000000000 ___DC C:\ProgramData\adaware
2018-04-29 20:01 - 2018-04-29 20:01 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2018-04-29 19:56 - 2018-04-29 19:56 - 000000945 ____C C:\Users\Mercedes Lopez\Downloads\Documents - Shortcut.lnk
2018-04-29 15:35 - 2018-04-29 15:35 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\Apps\2.0
2018-04-29 15:10 - 2018-05-03 02:04 - 000112864 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-29 04:16 - 2018-04-29 04:17 - 000000000 ____C C:\Recovery.txt
2018-04-29 03:00 - 2018-04-29 03:00 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Roaming\AVAST Software
2018-04-29 02:59 - 2018-05-03 01:55 - 000000000 ___DC C:\Windows\System32\Tasks\Avast Software
2018-04-29 02:59 - 2018-04-29 02:59 - 000001938 ____C C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-29 02:59 - 2018-04-29 02:59 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-04-29 02:58 - 2018-05-02 21:49 - 000004168 ____C C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-29 02:57 - 2018-04-29 02:58 - 000147224 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-29 02:57 - 2018-04-29 02:56 - 000460520 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-29 02:57 - 2018-04-29 02:56 - 000380528 ____C (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-29 02:57 - 2018-04-29 02:56 - 000205976 ____C (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-29 02:57 - 2018-04-29 02:56 - 000196640 ____C (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-29 02:57 - 2018-04-29 02:56 - 000111352 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-29 02:57 - 2018-04-29 02:56 - 000084368 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-29 02:57 - 2018-04-29 02:56 - 000046968 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-29 02:57 - 2018-04-29 02:55 - 001026696 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-29 02:57 - 2018-04-29 02:55 - 000343752 ____C (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-04-29 02:57 - 2018-04-29 02:55 - 000227784 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-29 02:57 - 2018-04-29 02:55 - 000227504 ____C (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-04-29 02:57 - 2018-04-29 02:55 - 000199440 ____C (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-04-29 02:57 - 2018-04-29 02:55 - 000057680 ____C (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-04-29 02:56 - 2018-04-29 02:56 - 000376536 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-29 02:56 - 2018-04-29 02:56 - 000000000 ___DC C:\Program Files\Common Files\AVAST Software
2018-04-29 02:54 - 2018-04-29 02:54 - 000000000 ___DC C:\Program Files\AVAST Software
2018-04-29 02:52 - 2018-04-29 05:12 - 000000000 ___DC C:\ProgramData\AVAST Software
2018-04-29 00:46 - 2018-04-29 02:58 - 000000000 ___DC C:\Users\Mercedes Lopez\.gimp-2.8
2018-04-28 09:34 - 2018-04-28 16:26 - 000000000 ___DC C:\Users\Mercedes Lopez\Desktop\Untitled Export
2018-04-28 02:23 - 2017-10-04 09:21 - 000029352 ____C (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2018-04-28 02:23 - 2017-10-04 09:21 - 000019088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2018-04-28 02:23 - 2017-10-04 04:45 - 000030888 ____C (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2018-04-28 02:23 - 2017-10-04 04:45 - 000019088 ____C (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2018-04-28 01:59 - 2016-05-12 19:38 - 000135336 ____C (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2018-04-28 01:59 - 2016-05-12 18:43 - 000115704 ____C (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2018-04-28 01:59 - 2016-05-12 17:17 - 000331776 ____C (Microsoft Corporation) C:\Windows\system32\polstore.dll
2018-04-28 01:59 - 2016-05-12 17:08 - 000092160 ____C (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2018-04-28 01:59 - 2016-05-12 17:07 - 001360896 ____C (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2018-04-28 01:59 - 2016-05-12 16:59 - 000398848 ____C (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2018-04-28 01:59 - 2016-05-12 16:43 - 000291328 ____C (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2018-04-28 01:59 - 2016-05-12 16:37 - 000050176 ____C (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2018-04-28 01:22 - 2016-01-10 17:56 - 000186880 ____C (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 002745184 ____C (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 002528784 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 002450240 ____C (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 002447136 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 002334104 ____C (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 002324744 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 001877504 ____C (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 001484888 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 001288128 ____C (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 001210200 ____C (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 001150232 ____C (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 001115640 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 001037680 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000914672 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000850680 ____C (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000735496 ____C (Microsoft Corporation) C:\Windows\system32\evr.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000700360 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000629600 ____C (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000584656 ____C (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000557856 ____C (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000492736 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000463776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000299080 ____C (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000275312 ____C (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000274280 ____C (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000250520 ____C (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000248432 ____C (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000246856 ____C (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000244296 ____C (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000229272 ____C (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000203016 ____C (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000184912 ____C (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000183856 ____C (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000116720 ____C (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000110544 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000099136 ____C (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2018-04-28 01:22 - 2015-12-05 06:58 - 000090904 ____C (Microsoft Corporation) C:\Windows\system32\devenum.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000090392 ____C (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000081032 ____C (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2018-04-28 01:22 - 2015-12-05 06:58 - 000076936 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2018-04-28 01:22 - 2015-12-03 19:07 - 000340992 ____C (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2018-04-28 01:22 - 2015-12-03 19:07 - 000289792 ____C (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2018-04-28 01:22 - 2015-12-03 19:05 - 000644608 ____C (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2018-04-28 01:22 - 2015-12-03 19:02 - 001664000 ____C (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2018-04-28 01:22 - 2015-12-03 19:00 - 000451072 ____C (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2018-04-28 01:22 - 2015-12-03 18:36 - 001697792 ____C (Microsoft Corporation) C:\Windows\system32\quartz.dll
2018-04-28 01:22 - 2015-12-03 18:30 - 000468480 ____C (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2018-04-28 01:22 - 2015-12-03 18:28 - 000519680 ____C (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2018-04-28 01:22 - 2015-12-03 18:28 - 000245760 ____C (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2018-04-28 01:22 - 2015-12-03 18:27 - 000736256 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2018-04-28 01:22 - 2015-12-03 18:24 - 001411584 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2018-04-28 01:22 - 2015-12-03 18:23 - 000402432 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2018-04-28 01:22 - 2015-12-03 18:06 - 001501184 ____C (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2018-04-28 01:22 - 2015-12-03 18:01 - 000743936 ____C (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2018-04-28 01:22 - 2015-12-03 17:40 - 001010688 ____C (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2018-04-28 01:22 - 2015-12-03 17:29 - 000887296 ____C (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2018-04-28 01:21 - 2018-03-16 19:51 - 000144000 ____C (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-28 01:21 - 2018-03-14 14:23 - 001993728 ____C (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-28 01:21 - 2018-03-14 14:23 - 001559552 ____C (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-28 01:21 - 2018-03-14 14:23 - 000739840 ____C (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-28 01:21 - 2018-03-14 14:23 - 000656384 ____C (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-28 01:21 - 2018-03-14 14:23 - 000599552 ____C (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-28 01:21 - 2018-03-14 14:23 - 000450048 ____C (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-28 01:21 - 2018-03-14 14:23 - 000414720 ____C (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-28 01:21 - 2018-03-14 14:23 - 000291840 ____C (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-28 01:21 - 2018-03-14 14:23 - 000237056 ____C (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-28 01:21 - 2015-09-03 03:18 - 002531400 ____C (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-04-28 01:21 - 2015-09-03 03:17 - 001903848 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-04-28 01:21 - 2015-09-02 19:48 - 002345472 ____C (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-04-28 01:21 - 2015-09-02 18:09 - 001556992 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-04-27 23:53 - 2018-04-27 23:53 - 000001241 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-04-27 23:53 - 2018-04-27 23:53 - 000001229 ____C C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-04-27 23:40 - 2018-05-03 02:04 - 000044768 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-27 23:40 - 2018-04-27 23:40 - 000193768 ____C (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-27 23:39 - 2018-05-03 02:03 - 000253664 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-27 19:41 - 2018-04-27 19:41 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\Outlook Files
2018-04-27 18:10 - 2018-04-27 18:10 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\Zemana
2018-04-27 16:41 - 2018-04-27 16:41 - 000000000 __RDC C:\Users\MLI\Creative Cloud Files
2018-04-27 15:45 - 2018-04-27 15:45 - 000255928 ____C (Malwarebytes) C:\Windows\system32\Drivers\476781BC.sys
2018-04-27 15:29 - 2018-04-27 17:41 - 000000000 ___DC C:\Users\MLI\Desktop\mbar
2018-04-27 15:29 - 2018-04-27 17:41 - 000000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-27 12:48 - 2018-04-29 21:35 - 000028272 ____C C:\Windows\system32\Drivers\TrueSight.sys
2018-04-27 12:47 - 2018-04-27 14:48 - 000000870 ____C C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-27 12:47 - 2018-04-27 14:48 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-27 12:47 - 2018-04-27 14:48 - 000000000 ___DC C:\Program Files\RogueKiller
2018-04-27 12:47 - 2018-04-27 12:47 - 000000000 ___DC C:\ProgramData\RogueKiller
2018-04-27 12:35 - 2018-04-27 12:38 - 036606168 ____C (Adlice Software ) C:\Users\MLI\Desktop\roguekillersetup.exe
2018-04-27 01:31 - 2018-04-27 01:31 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-27 00:54 - 2018-04-27 00:54 - 000000000 ___DC C:\Users\MLI\AppData\Roaming\IrfanView
2018-04-27 00:50 - 2018-05-03 02:16 - 000000000 ___DC C:\FRST
2018-04-26 11:02 - 2018-04-26 11:02 - 000203680 ____C (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-04-26 11:02 - 2018-04-26 11:02 - 000203680 ____C (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-04-26 11:02 - 2018-04-26 11:02 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-04-26 11:02 - 2018-04-26 11:02 - 000000000 ___DC C:\Program Files (x86)\Zemana AntiMalware
2018-04-26 11:01 - 2018-04-26 11:01 - 000000000 ___DC C:\Users\MLI\AppData\Local\Zemana
2018-04-26 08:11 - 2018-04-26 08:12 - 000000000 ___DC C:\AdwCleaner
2018-04-26 08:05 - 2018-04-26 08:05 - 000672330 ____C C:\Users\MLI\Desktop\Redirect virus Firefox.pdf
2018-04-26 08:00 - 2018-04-26 08:00 - 000000000 ___DC C:\Users\MLI\AppData\Roaming\Opera Software
2018-04-26 08:00 - 2018-04-26 08:00 - 000000000 ___DC C:\Users\MLI\AppData\Local\Opera Software
2018-04-26 07:55 - 2018-04-26 07:55 - 000001650 ____C C:\Users\MLI\Desktop\20180426 malwarebt report.txt
2018-04-26 07:48 - 2018-04-26 07:48 - 007256272 ____C (Malwarebytes) C:\Users\MLI\Downloads\adwcleaner_7.1.0.0.exe
2018-04-26 07:44 - 2018-04-26 07:44 - 000000262 ___HC C:\Windows\Tasks\User_Feed_Synchronization-{855FC051-9C32-4EB2-9085-7E2E396AFA35}.job
2018-04-26 04:25 - 2018-04-26 04:25 - 000001888 ____C C:\Users\MLI\Desktop\Rkill2.txt
2018-04-26 03:44 - 2018-04-27 01:29 - 000000000 ___DC C:\Users\MLI\Desktop\2018-04-27 security check
2018-04-26 03:43 - 2018-04-27 15:46 - 000000000 ___DC C:\ProgramData\Malwarebytes
2018-04-26 03:43 - 2018-04-26 03:43 - 000000000 ___DC C:\Program Files\Malwarebytes
2018-04-26 03:43 - 2018-03-19 12:57 - 000076192 ____C C:\Windows\system32\Drivers\mbae64.sys
2018-04-26 03:30 - 2018-04-26 04:20 - 000001888 ____C C:\Users\MLI\Desktop\Rkill.txt
2018-04-26 03:30 - 2018-04-26 03:30 - 000000000 ___DC C:\Users\MLI\Desktop\rkill
2018-04-26 01:59 - 2018-04-29 20:01 - 000000000 ___DC C:\Program Files (x86)\Cobian Backup 11
2018-04-26 00:33 - 2018-04-26 00:33 - 000000000 ___DC C:\ProgramData\SUPERSetup
2018-04-25 23:52 - 2018-04-25 23:52 - 000081775 ____C C:\Users\Mercedes Lopez\Desktop\Remove the XMRig CPU Miner Process.htm
2018-04-25 20:54 - 2018-04-25 20:55 - 000023886 ____C C:\Users\Mercedes Lopez\Documents\cc_20180425_205433.reg
2018-04-25 20:53 - 2018-04-25 20:53 - 000003638 ____C C:\Users\Mercedes Lopez\Documents\cc_20180425_205325.reg
2018-04-25 20:33 - 2018-04-25 20:34 - 000285554 ____C C:\Users\Mercedes Lopez\Documents\back up registry cc_20180425_203210.reg
2018-04-25 19:11 - 2018-04-25 19:11 - 000000834 ____C C:\Users\Mercedes Lopez\Desktop\CCleaner.lnk
2018-04-25 19:03 - 2018-04-25 19:03 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-25 19:02 - 2018-04-25 20:18 - 000000000 ___DC C:\Program Files (x86)\Google
2018-04-25 19:02 - 2018-04-25 19:06 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\Google
2018-04-25 10:48 - 2018-04-25 11:06 - 000000000 ___DC C:\Windows_Repair_Toolbox
2018-04-25 10:48 - 2018-04-25 10:48 - 000000782 ____C C:\Users\Public\Desktop\Windows Repair Toolbox.lnk
2018-04-25 10:48 - 2018-04-25 10:48 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Repair Toolbox
2018-04-25 10:43 - 2018-05-03 01:55 - 000004128 ____C C:\Windows\System32\Tasks\CCleaner Update
2018-04-25 10:43 - 2018-05-03 01:55 - 000002800 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-25 10:43 - 2018-04-25 22:03 - 000000000 ___DC C:\Program Files\CCleaner
2018-04-25 10:43 - 2018-04-25 10:43 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-25 06:43 - 2018-04-25 06:50 - 000000000 ___DC C:\Users\Mercedes Lopez\Desktop\Docs
2018-04-25 01:33 - 2018-04-25 01:33 - 000001077 ____C C:\Users\Mercedes Lopez\Desktop\Adobe Lightroom Classic CC.lnk
2018-04-25 01:33 - 2018-04-25 01:33 - 000001077 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic CC.lnk
2018-04-24 04:33 - 2018-05-03 01:55 - 000003718 ____C C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-04-24 04:01 - 2018-04-24 04:01 - 000001478 ____C C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
2018-04-24 04:01 - 2018-04-24 04:01 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2018-04-24 04:01 - 2018-04-24 04:01 - 000000000 ___DC C:\Program Files (x86)\Western Digital Corporation
2018-04-24 03:58 - 2018-04-24 03:58 - 000000000 ___DC C:\Users\Mercedes Lopez\.wdc
2018-04-24 03:56 - 2018-04-24 03:56 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2018-04-24 03:41 - 2018-04-24 03:41 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\WesternDigitalSSDDashboard
2018-04-24 03:40 - 2018-04-24 03:40 - 000000000 ___DC C:\Users\Mercedes Lopez\.WesternDigitalSSDDashboard
2018-04-24 03:40 - 2018-04-24 03:40 - 000000000 ___DC C:\Users\Mercedes Lopez\.QtWebEngineProcess
2018-04-24 03:40 - 2018-04-24 03:40 - 000000000 ___DC C:\Program Files (x86)\Western Digital
2018-04-24 03:36 - 2018-04-24 03:36 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\New folder (2)
2018-04-24 03:33 - 2018-04-24 03:33 - 000000000 ___DC C:\ProgramData\Western Digital
2018-04-24 02:44 - 2018-04-24 02:44 - 000000000 ___DC C:\Users\Mercedes Lopez\Downloads\Intel Components
2018-04-24 02:28 - 2018-05-03 01:55 - 000003616 ____C C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-04-24 02:28 - 2018-05-03 01:55 - 000003370 ____C C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-04-24 02:28 - 2018-05-03 00:53 - 000000000 ___DC C:\Program Files (x86)\Intel Driver and Support Assistant
2018-04-24 02:22 - 2018-05-03 00:39 - 013898160 ____C (Intel) C:\Users\Mercedes Lopez\Desktop\Intel Driver and Support Assistant Installer.exe
2018-04-24 02:11 - 2018-04-24 02:11 - 001881544 ____C (Oracle Corporation) C:\Users\Mercedes Lopez\Desktop\jxpiinstall.exe
2018-04-24 00:18 - 2018-04-24 00:18 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-23 23:55 - 2016-12-29 14:10 - 000001951 ____C C:\Windows\NvContainerRecovery.bat
2018-04-23 23:09 - 2018-01-02 06:28 - 000013312 ____C (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-04-23 23:09 - 2018-01-02 05:16 - 000464384 ____C (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-04-23 21:06 - 2018-04-23 21:06 - 000000000 ___DC C:\Users\Mercedes Lopez\Downloads\visual studio
2018-04-22 03:43 - 2018-04-22 03:43 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\Android
2018-04-22 03:43 - 2015-06-01 01:00 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\.android_secure
2018-04-21 23:18 - 2018-04-21 23:18 - 000001056 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk
2018-04-21 20:01 - 2018-04-21 20:01 - 000001122 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2018.lnk
2018-04-21 20:01 - 2018-04-21 20:01 - 000000000 ___DC C:\Users\Public\Documents\Adobe
2018-04-21 19:06 - 2018-04-21 19:06 - 000000000 ___DC C:\Users\Public\Documents\AdobeInstalledCodecs
2018-04-21 16:10 - 2018-05-03 01:55 - 000003512 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MEME-Mercedes Lopez
2018-04-12 20:02 - 2018-04-12 20:02 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by AnVir)
2018-04-12 20:01 - 2018-04-12 20:38 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by AnVir)
2018-04-12 01:32 - 2018-04-12 01:32 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-09 11:17 - 2018-04-09 11:17 - 000051024 ____C (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-04-09 11:17 - 2018-04-09 11:17 - 000045672 ____C (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-04-09 11:17 - 2018-04-09 11:17 - 000045672 ____C (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-04-09 11:17 - 2018-04-09 11:17 - 000045640 ____C (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-04-07 05:19 - 2018-04-07 05:19 - 000000000 ___DC C:\Users\Mercedes Lopez\Downloads\img tarjeta
2018-04-05 03:48 - 2018-04-25 09:20 - 000019456 __SHC C:\Users\Mercedes Lopez\Thumbs.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-03 02:09 - 2016-11-22 04:38 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\LocalLow\Mozilla
2018-05-03 02:09 - 2015-07-11 15:28 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4184657218-562847275-3791502786-1001
2018-05-03 02:03 - 2016-01-09 08:28 - 000000439 ____C C:\Windows\system32\Drivers\etc\hosts.ics
2018-05-03 02:03 - 2015-08-11 01:52 - 000000401 ____C C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2018-05-03 02:03 - 2015-07-11 15:22 - 000000000 _SHDC C:\Users\Mercedes Lopez\IntelGraphicsProfiles
2018-05-03 02:01 - 2016-01-27 09:47 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-05-03 02:01 - 2015-04-09 05:36 - 000000000 ___DC C:\ProgramData\NVIDIA
2018-05-03 02:01 - 2013-08-22 15:45 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2018-05-03 02:00 - 2016-05-17 04:20 - 000000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2018-05-03 02:00 - 2015-07-15 08:09 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-03 01:57 - 2015-04-09 05:33 - 000000000 ___DC C:\Program Files\Intel
2018-05-03 01:57 - 2013-08-22 14:36 - 000000000 ___DC C:\Windows\Inf
2018-05-03 01:55 - 2018-02-03 14:51 - 000003468 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-MEME-Mercedes Lopez
2018-05-03 01:55 - 2017-09-18 22:48 - 000003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A214CED2-FA6A-4A8C-ABEE-173431458FDD}
2018-05-03 01:55 - 2016-10-23 05:10 - 000003290 _____ C:\Windows\System32\Tasks\Anvirlauncher
2018-05-03 01:55 - 2015-10-15 18:25 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-03 01:55 - 2015-04-09 05:36 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4184657218-562847275-3791502786-500
2018-05-03 01:10 - 2018-01-10 06:03 - 000000000 ___DC C:\Users\Mercedes Lopez\Zotero
2018-05-03 00:53 - 2015-04-09 05:32 - 000000000 ___DC C:\ProgramData\Package Cache
2018-05-03 00:15 - 2015-11-08 09:55 - 000000000 ___DC C:\Users\Mercedes Lopez\Downloads\IT
2018-05-02 21:48 - 2015-07-11 15:22 - 000000000 ___DC C:\Users\Mercedes Lopez
2018-05-02 09:28 - 2014-11-22 02:44 - 000013602 ____C C:\Windows\system32\PerfStringBackup.INI
2018-05-02 09:28 - 2014-11-22 01:59 - 000019860 ____C C:\Windows\system32\perfh011.dat
2018-05-02 09:28 - 2014-11-22 01:59 - 000010692 ____C C:\Windows\system32\perfc011.dat
2018-04-30 22:06 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\ModemLogs
2018-04-30 21:50 - 2013-08-22 14:25 - 000786432 ___SH C:\Windows\system32\config\BBI
2018-04-30 21:07 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\AppReadiness
2018-04-30 20:47 - 2015-10-10 07:04 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Roaming\Skype
2018-04-30 20:08 - 2017-08-22 22:47 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Roaming\vlc
2018-04-30 18:49 - 2015-07-11 15:23 - 000000000 _RHDC C:\S-1-5-21-4184657218-562847275-3791502786-1001
2018-04-30 18:28 - 2016-10-16 07:15 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\My Kindle Content
2018-04-29 23:13 - 2015-08-08 15:15 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2018-04-29 23:09 - 2013-08-22 16:36 - 000000000 __HDC C:\Windows\system32\GroupPolicy
2018-04-29 11:49 - 2017-05-21 03:45 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\cache
2018-04-29 02:53 - 2016-01-09 10:06 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\CrashDumps
2018-04-28 09:58 - 2015-10-04 09:30 - 000000000 _RHDC C:\Users\Mercedes Lopez\Creative Cloud Files
2018-04-28 09:58 - 2015-07-12 16:13 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\Adobe
2018-04-28 08:37 - 2015-04-09 05:23 - 000000000 ___DC C:\Windows\Panther
2018-04-28 03:38 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache
2018-04-28 03:18 - 2013-08-22 16:36 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2018-04-28 03:16 - 2017-07-22 07:56 - 000000000 ___DC C:\Windows\system32\appraiser
2018-04-28 03:13 - 2017-05-21 00:49 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-28 03:13 - 2015-08-07 18:50 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-04-28 03:13 - 2015-08-07 18:49 - 000000000 ___DC C:\Program Files (x86)\Microsoft Office
2018-04-28 03:03 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\SysWOW64\en-GB
2018-04-28 03:03 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\system32\en-GB
2018-04-28 02:35 - 2013-08-22 16:20 - 000000000 ___DC C:\Windows\CbsTemp
2018-04-28 02:03 - 2015-07-15 12:28 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\Home
2018-04-27 23:53 - 2015-04-09 05:44 - 000000000 ___DC C:\Program Files (x86)\Adobe
2018-04-27 22:03 - 2016-10-09 20:15 - 000001093 ____C C:\Users\Mercedes Lopez\Desktop\uMark 5.lnk
2018-04-27 18:09 - 2016-04-07 06:22 - 000000000 ___DC C:\Users\MLI
2018-04-27 17:05 - 2016-04-07 06:23 - 000000000 ____D C:\Users\MLI\AppData\Local\VirtualStore
2018-04-27 16:43 - 2016-04-07 06:23 - 000000000 ___DC C:\Users\MLI\AppData\Roaming\Adobe
2018-04-27 16:41 - 2016-05-29 14:45 - 000000000 ____D C:\Users\MLI\AppData\Local\Adobe
2018-04-27 14:58 - 2016-04-07 06:29 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4184657218-562847275-3791502786-1010
2018-04-27 14:51 - 2017-09-05 14:22 - 000000000 ____D C:\Users\MLI\AppData\LocalLow\Mozilla
2018-04-27 14:46 - 2016-04-07 06:23 - 000000000 _SHDC C:\Users\MLI\IntelGraphicsProfiles
2018-04-27 12:39 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\system32\NDF
2018-04-27 01:09 - 2016-04-12 19:05 - 000000000 ____D C:\Users\MLI\AppData\Local\CrashDumps
2018-04-26 11:12 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-26 10:59 - 2017-04-08 20:41 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-04-26 08:00 - 2017-10-27 12:28 - 000001135 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2018-04-26 04:17 - 2016-04-07 06:24 - 000000000 ___DC C:\Users\MLI\AppData\Roaming\Mozilla
2018-04-26 03:21 - 2015-07-11 15:23 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-04-26 03:12 - 2016-12-01 16:16 - 000000934 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-04-26 03:12 - 2016-12-01 16:16 - 000000930 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-04-26 02:20 - 2015-08-19 07:15 - 000000000 ___DC C:\Users\Mercedes Lopez\.thumbnails
2018-04-25 22:06 - 2015-07-11 15:22 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\Packages
2018-04-25 22:00 - 2015-10-04 11:12 - 000000000 ___DC C:\Program Files\Adobe
2018-04-25 21:49 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\SysWOW64\Macromed
2018-04-25 21:48 - 2018-03-02 06:22 - 000003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1483273753
2018-04-25 21:47 - 2016-12-01 16:16 - 000003908 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-04-25 21:47 - 2016-12-01 16:16 - 000003672 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-04-25 09:28 - 2016-02-22 08:58 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\New folder
2018-04-25 06:48 - 2013-08-22 14:25 - 000000852 ____C C:\Windows\system32\Drivers\etc\hosts.old
2018-04-25 06:31 - 2016-10-23 05:09 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\AnVir
2018-04-25 06:06 - 2013-08-22 15:44 - 000579512 ____C C:\Windows\system32\FNTCACHE.DAT
2018-04-25 06:04 - 2015-07-20 03:42 - 000000000 ___DC C:\ProgramData\HP
2018-04-25 06:04 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\tracing
2018-04-25 06:03 - 2017-10-30 16:55 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-04-25 05:36 - 2016-08-29 09:00 - 000000000 ___DC C:\Program Files (x86)\HP
2018-04-25 05:31 - 2017-06-20 13:45 - 000000000 ___DC C:\Users\MLI\Desktop\Python27
2018-04-25 03:28 - 2015-08-24 00:32 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\Anki
2018-04-25 03:23 - 2015-08-24 00:30 - 000000754 ____C C:\Users\Mercedes Lopez\Desktop\Anki.lnk
2018-04-24 03:56 - 2015-04-09 05:32 - 000000000 ___DC C:\Program Files (x86)\Realtek
2018-04-24 03:50 - 2016-10-23 05:09 - 000001105 ____C C:\Users\Mercedes Lopez\Desktop\AnVir Task Manager Free.lnk
2018-04-24 02:28 - 2015-04-09 05:33 - 000000000 ___DC C:\ProgramData\Intel
2018-04-24 02:16 - 2018-02-02 06:07 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-04-24 02:16 - 2018-02-02 06:04 - 000000000 ___DC C:\Program Files\Java
2018-04-24 02:16 - 2017-01-04 06:42 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-24 02:16 - 2017-01-04 06:41 - 000000000 ___DC C:\Program Files (x86)\Java
2018-04-24 02:13 - 2017-01-04 06:42 - 000098760 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-04-24 01:36 - 2015-07-14 11:56 - 000000000 ___DC C:\Windows\system32\MRT
2018-04-24 00:18 - 2015-07-14 11:56 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-23 23:55 - 2015-04-09 05:36 - 000000000 ___DC C:\Program Files (x86)\NVIDIA Corporation
2018-04-23 23:55 - 2015-04-09 05:35 - 000000000 ___DC C:\Program Files\NVIDIA Corporation
2018-04-22 03:28 - 2015-07-25 08:16 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\Professional
2018-04-21 23:26 - 2015-07-11 15:22 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Roaming\Adobe
2018-04-21 23:18 - 2016-06-08 04:14 - 000000000 ___DC C:\Users\Mercedes Lopez\Documents\Adobe
2018-04-21 21:04 - 2016-06-08 02:41 - 000000000 ___DC C:\ProgramData\regid.1986-12.com.adobe
2018-04-21 20:01 - 2016-06-08 04:06 - 000000000 ___DC C:\Program Files\Common Files\Adobe
2018-04-13 20:09 - 2015-08-12 09:27 - 000000000 ___DC C:\Users\Mercedes Lopez\AppData\Local\JDownloader v2.0
2018-04-13 13:25 - 2017-01-01 13:29 - 000000000 ___DC C:\Program Files (x86)\Opera
2018-04-13 09:00 - 2018-01-10 05:33 - 000000000 ___DC C:\Program Files (x86)\Zotero
2018-04-13 09:00 - 2016-10-06 07:46 - 000000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2018-04-12 20:51 - 2016-10-23 05:09 - 000001129 ____C C:\Users\Mercedes Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\AnVir Task Manager Free.lnk
2018-04-12 20:51 - 2016-10-23 05:09 - 000000000 ___DC C:\Program Files (x86)\AnVir Task Manager Free
2018-04-12 20:03 - 2017-03-12 23:20 - 000003016 _____ C:\Windows\System32\Tasks\{C2246B65-36E4-43A6-8E88-51CBDF388EA4}
2018-04-12 20:02 - 2018-03-14 10:36 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-12 20:02 - 2018-02-18 18:04 - 000003462 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-MEME-S&NL-S
2018-04-12 20:02 - 2018-01-01 20:58 - 000004072 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1514836699
2018-04-12 20:02 - 2017-05-24 19:03 - 000004326 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-12 20:02 - 2017-03-12 23:20 - 000003022 _____ C:\Windows\System32\Tasks\{6149C948-440C-4FD2-998F-2B2FA29921A8}
2018-04-12 20:02 - 2017-01-03 18:40 - 000004438 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-04-12 01:33 - 2016-12-01 16:16 - 000000000 ___DC C:\Program Files (x86)\Dropbox
2018-04-11 11:36 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\system32\Macromed
2018-04-03 02:38 - 2015-08-24 00:12 - 000007679 ____C C:\Users\Mercedes Lopez\AppData\Local\resmon.resmoncfg
2018-04-03 02:13 - 2013-08-22 16:36 - 000000000 ___DC C:\Windows\registration
2018-04-03 02:01 - 2017-09-20 23:59 - 000835064 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-03 02:01 - 2017-09-20 23:59 - 000179704 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-08-26 06:22 - 2016-01-14 15:02 - 000018968 ____C () C:\Users\Mercedes Lopez\AppData\Roaming\Rim.Desktop.Exception.log
2015-08-25 22:46 - 2016-01-12 15:27 - 000005172 ____C () C:\Users\Mercedes Lopez\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-08-26 06:22 - 2016-11-30 02:41 - 000003003 ____C () C:\Users\Mercedes Lopez\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-08-28 13:54 - 2016-11-30 02:41 - 000003003 ____C () C:\Users\Mercedes Lopez\AppData\Roaming\Rim.Transcoder.Exception.log
2015-07-11 15:23 - 2018-04-30 21:49 - 003582542 ____C () C:\Users\Mercedes Lopez\AppData\Local\BTServer.log
2015-08-28 13:54 - 2017-07-03 06:43 - 000094208 ____C () C:\Users\Mercedes Lopez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-17 14:56 - 2017-07-17 14:56 - 000001564 ____C () C:\Users\Mercedes Lopez\AppData\Local\recently-used.xbel
2015-08-24 00:12 - 2018-04-03 02:38 - 000007679 ____C () C:\Users\Mercedes Lopez\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-04-29 21:34 - 2016-08-13 08:40 - 001737080 ____C (Microsoft Corporation) C:\Users\Mercedes Lopez\AppData\Local\Temp\dllnt_dump.dll
2018-04-27 12:47 - 2016-08-13 08:40 - 001737080 _____ (Microsoft Corporation) C:\Users\MLI\AppData\Local\Temp\dllnt_dump.dll
2018-04-26 03:54 - 2018-04-26 03:54 - 000000000 ____D () C:\Users\MLI\AppData\Local\Temp\ntdll.dll
2018-03-12 22:43 - 2018-03-12 22:43 - 002153984 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_180312214314530.dll
2018-03-12 22:43 - 2018-03-12 22:43 - 002153984 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_180312214324014.dll
2018-03-12 22:43 - 2018-03-12 22:43 - 002153984 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_180312214325889.dll
2018-03-12 22:43 - 2018-03-12 22:43 - 002153984 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_180312214328780.dll
2018-03-12 22:43 - 2018-03-12 22:43 - 002153984 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_180312214331249.dll
2018-03-12 22:43 - 2018-03-12 22:43 - 002153984 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_180312214345264.dll
2018-03-12 22:45 - 2018-03-12 22:45 - 002153984 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_180312214515562.dll
2018-03-13 11:02 - 2018-03-13 11:02 - 002153984 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_180313100219399.dll
2018-03-12 22:34 - 2018-03-12 22:34 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_20183123457272.dll
2018-03-05 21:49 - 2018-03-05 21:49 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_2018354924916.dll
2018-03-05 21:49 - 2018-03-05 21:49 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_2018354927322.dll
2018-03-05 21:49 - 2018-03-05 21:49 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_2018354933603.dll
2018-03-05 21:49 - 2018-03-05 21:49 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_201835493572.dll
2018-03-05 21:49 - 2018-03-05 21:49 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_2018354936885.dll
2018-03-05 21:49 - 2018-03-05 21:49 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_2018354942650.dll
2018-03-05 21:50 - 2018-03-05 21:50 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_2018355024604.dll
2018-03-07 04:45 - 2018-03-07 04:45 - 002149376 ____C (Opera Software) C:\Users\S&NL-S\AppData\Local\Temp\Opera_installer_2018374545880.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-01 09:18

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 03 May 2018 - 07:47 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4184657218-562847275-3791502786-1001\...\MountPoints2: {362033a3-81bf-11e7-8368-80fa5b06e6b0} - "F:\MediaJet.exe"
HKU\S-1-5-21-4184657218-562847275-3791502786-1001\...\MountPoints2: {dec044d5-9b1b-11e6-82bf-80fa5b06e6b0} - "F:\MediaJet.exe"
FF Extension: (Download with JDownloader) - C:\Users\Mercedes Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\d31zlux6.default-1500576038687\Extensions\{03e07985-30b0-4ae0-8b3e-0c7519b9bdf6}.xpi [2018-02-06]
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [25608 2018-05-03] (SlimWare Utilities, Inc.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [467040 2018-01-22] (BitDefender S.R.L.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 uxddrv; \??\C:\Users\Administrator\Desktop\WST\uxddrv64.sys [X]
C:\Windows\system32\DRIVERS\SWDUMon.sys
C:\Windows\System32\DRIVERS\Trufos.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1FFCE36C-C85A-4E41-8D1E-7C93062977F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3D9B50B6-76AB-4759-8AE8-93D7080ED9D6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {568A129E-6821-44CE-9CDA-01982714CC47} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {691C89D4-A3A5-41F0-AF49-25488EA9C532} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E3F98C33-C339-4757-BB20-F0106A3942C8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FB18D63A-E1C6-497F-902A-E2F21D9A9BBC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [135]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

---
Unless you need this old version of Java for delopment remove this program in bold via the Control Panel > Programs > Programs and Features.
Java SE Development Kit 8 Update 162 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180162}) (Version: 8.0.1620.12 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

p.s.

Windows Defender has been disabled, not by me

Avast when installed will disable Windows Defender, it's normal.

Re: MediaJet.exe
Not sure is your version is compromised
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA%3AWin32%2FMediaGet

===

#5 Merlinva

Merlinva
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:22 PM

Posted 05 May 2018 - 02:32 PM

Hello, Nasdaq,

 

Thank you very much for your help.

 

The same problems are still here, it is slightly better though opening documents.
And I see the disk is 100% just after turning on the computer, with the memory up to 95%. Right now the Task Manager has 10 Adobe reader processes RdrCEF.exe running on the background when only having two documents open and appearing so listed as applications AcroRd32.exe. Or 6 Firefox, two or more Client runtime processes, the command console window host is also running.

There is something terrible wrong in this computer, not able to handle basic activity and unable to run AV files and applications as before, and it was made to be good at aV and games. It is causing me major problems.
Yesterday I had a server warning that somebody tried to log into one of my email accounts from London. Or at least, that was one of the locations traced, later furhter down the log, there were no geographical locations.
I am worried my computer is been infected and used as a zombie or a cryptocurrency miner. I

 

Please find attached the files from FRST scan. I am looking forward to your advice.

Kind regards

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 06 May 2018 - 07:14 AM

Hi,

You already have Avast running.
When and Why to installed this AnVir Task Manager.
I'm not sure but when running it may delay your browsing since it's not recommended to run two Anti software in real time.
AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version: 9.2.3 - AnVir Software)


Also I see entries fo the Ad-Aware Antivirus Shell Extension by Lavasoft Limited
Is the Lavsoft software still on the computer of was it removed?
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1FFCE36C-C85A-4E41-8D1E-7C93062977F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3D9B50B6-76AB-4759-8AE8-93D7080ED9D6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {568A129E-6821-44CE-9CDA-01982714CC47} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {691C89D4-A3A5-41F0-AF49-25488EA9C532} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E3F98C33-C339-4757-BB20-F0106A3942C8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FB18D63A-E1C6-497F-902A-E2F21D9A9BBC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [135]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (MTB.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
==

Yesterday I had a server warning that somebody tried to log into one of my email accounts from London
Make sure that your password is strong.

Read this and change it if you feel unsecure.
https://strongpasswordgenerator.com/
===

Post the logs for my review.

#7 Merlinva

Merlinva
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:22 PM

Posted 09 May 2018 - 07:35 PM

Hello and thank you,

 

The computer was already agonising before I installed Avast, Adware and Malwarebytes. I installed them when I suspected there was an infection. Before, I was using Windows Defender and before WD, I had Kaspersky but slowed my computer a lot.

Shall I uninstall Ad-Aware Antivirus Shell Extension by Lavasoft Limited before runing the tools you told me to?

Following your advice, I will run the tools and post back.

Thank you again.

M.


Edited by Merlinva, 09 May 2018 - 07:37 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 10 May 2018 - 08:01 AM

Hi,

Yes and uninstall also the AnVir Task Manager Free

#9 Merlinva

Merlinva
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:22 PM

Posted 15 May 2018 - 08:40 PM

Thank you.

AnVir uninstalled.

Please, find  pasted the RogueKiller and MiniToolBar logs

MTB

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Mercedes Lopez (administrator) on 12-05-2018 at 07:05:56
Running from "C:\Users\Mercedes Lopez\Desktop"
Microsoft Windows 8.1  (X64)
Model: W650SF Manufacturer: MouseComputer/81
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

TAP Adapter V9 for Private Tunnel = Ethernet 2 (Disconnected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC = WiFi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : MeMe
   Primary Dns Suffix  . . . . . . . : Meme
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Meme
   System Quarantine State . . . . . : Not Restricted


Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP Adapter V9 for Private Tunnel
   Physical Address. . . . . . . . . : 00-FF-EA-E0-4B-5A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : AC-B5-7D-C1-73-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 80-FA-5B-06-E6-B0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...00 ff ea e0 4b 5a ......TAP Adapter V9 for Private Tunnel
  4...ac b5 7d c1 73 14 ......Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
  3...80 fa 5b 06 e6 b0 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/12/2018 05:38:40 AM) (Source: Microsoft Security Client) (User: )
Description: 0x1ProtectionManagement

Error: (05/12/2018 05:38:40 AM) (Source: Microsoft Security Client) (User: )
Description: 0x1ProtectionManagement

Error: (05/12/2018 04:21:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: ZAM.exe, version: 2.74.0.150, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc000070a
Fault offset: 0x000f5946
Faulting process ID: 0x24c4
Faulting application start time: 0xZAM.exe0
Faulting application path: ZAM.exe1
Faulting module path: ZAM.exe2
Report ID: ZAM.exe3
Faulting package full name: ZAM.exe4
Faulting package-relative application ID: ZAM.exe5

Error: (05/10/2018 12:02:59 PM) (Source: Microsoft Security Client) (User: )
Description: 0x1ProtectionManagement

Error: (05/10/2018 09:43:28 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {75357bb6-b2eb-484f-8a87-2cd624c0661c}

Error: (05/10/2018 09:41:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: ZAM.exe, version: 2.74.0.150, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc000070a
Fault offset: 0x000f5946
Faulting process ID: 0x1010
Faulting application start time: 0xZAM.exe0
Faulting application path: ZAM.exe1
Faulting module path: ZAM.exe2
Report ID: ZAM.exe3
Faulting package full name: ZAM.exe4
Faulting package-relative application ID: ZAM.exe5

Error: (05/10/2018 04:44:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MEME)
Description: Activation of application Microsoft.MicrosoftTreasureHunt_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/10/2018 04:13:46 AM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073422333

Error: (05/09/2018 11:12:57 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialise the filter host process. Terminating.


Details:
    The media is write protected.  (HRESULT : 0x80070013) (0x80070013)

Error: (05/08/2018 04:07:37 AM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073422333


System errors:
=============
Error: (05/12/2018 05:38:45 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume \\?...0ace-4654-8495-97b81703ee8a} were aborted because volume \\?...0ace-4654-8495-97b81703ee8a}, which contains shadow copy storage for this shadow copy, was force dismounted.

Error: (05/12/2018 04:31:29 AM) (Source: ipnathlp) (User: )
Description:

Error: (05/12/2018 04:31:29 AM) (Source: ipnathlp) (User: )
Description:

Error: (05/11/2018 11:08:17 PM) (Source: Service Control Manager) (User: )
Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
%%1070 = After starting, the service, stopped responding and was in a start-pending state.



Error: (05/11/2018 11:08:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service did not respond on starting.

Error: (05/11/2018 11:06:54 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service did not respond on starting.

Error: (05/11/2018 11:01:30 PM) (Source: Service Control Manager) (User: )
Description: The aswbIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (05/11/2018 11:00:50 PM) (Source: Service Control Manager) (User: )
Description: The RIP Listener service did not respond on starting.

Error: (05/11/2018 11:00:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/11/2018 10:58:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Encryption Provider Host Service service terminated with the following error:
%%1064 = An exception occurred in the service when handling the control request.



Microsoft Office Sessions:
=========================
Error: (05/12/2018 05:38:40 AM) (Source: Microsoft Security Client)(User: )
Description: 0x1ProtectionManagement

Error: (05/12/2018 05:38:40 AM) (Source: Microsoft Security Client)(User: )
Description: 0x1ProtectionManagement

Error: (05/12/2018 04:21:58 AM) (Source: Application Error)(User: )
Description: ZAM.exe2.74.0.15000000000ntdll.dll6.3.9600.188955a4b127ec000070a000f594624c401d3e9a015c7605aC:\Program Files (x86)\Zemana AntiMalware\ZAM.exeC:\Windows\SYSTEM32\ntdll.dlla0966fc1-5593-11e8-844e-80fa5b06e6b0

Error: (05/10/2018 12:02:59 PM) (Source: Microsoft Security Client)(User: )
Description: 0x1ProtectionManagement

Error: (05/10/2018 09:43:28 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {75357bb6-b2eb-484f-8a87-2cd624c0661c}

Error: (05/10/2018 09:41:52 AM) (Source: Application Error)(User: )
Description: ZAM.exe2.74.0.15000000000ntdll.dll6.3.9600.188955a4b127ec000070a000f5946101001d3e82dcb2b2361C:\Program Files (x86)\Zemana AntiMalware\ZAM.exeC:\Windows\SYSTEM32\ntdll.dllfbd76197-542d-11e8-844b-80fa5b06e6b0

Error: (05/10/2018 04:44:02 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MEME)
Description: Microsoft.MicrosoftTreasureHunt_8wekyb3d8bbwe!App-2144927142

Error: (05/10/2018 04:13:46 AM) (Source: Office 2016 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073422333

Error: (05/09/2018 11:12:57 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The media is write protected.  (HRESULT : 0x80070013) (0x80070013)

Error: (05/08/2018 04:07:37 AM) (Source: Office 2016 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073422333


**** End of log ****
 

 

Hi,

Yes and uninstall also the AnVir Task Manager Free



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 16 May 2018 - 06:46 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists or if you see any improvement.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 22 May 2018 - 07:11 AM

Are you still with me?

#12 Merlinva

Merlinva
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:22 PM

Posted 23 May 2018 - 06:27 AM

Hello,

Yes, I am. Sorry, I have been quite busy and unable to reply.

I did the Rkill scan you asked me to do it. I ran it some days ago, when you mentioned but couldn't find the report, so I ran it again tonight.

The results are pasted below. Its window is open and is asking me if I want to remove the items selected, 843 threats found, I will not do anything until you tell me to.
RogueKiller V12.12.18.0 (x64) [May 22 2018] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Mercedes Lopez [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/23/2018 00:32:32 (Duration : 02:38:02)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 843 (Driver: Loaded) ¤¤¤
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE[0] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CLOSE[2] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_READ[3] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_WRITE[4] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_FLUSH_BUFFERS[9] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DEVICE_CONTROL[14] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CLEANUP[18] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_POWER[22] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SYSTEM_CONTROL[23] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_PNP[27] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc02810
[IRP:Addr(Microsoft)] \Driver\disk - DriverUnload[29] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff8001cc43e00
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_WRITE[4] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff802b2af8060
[IAT:Addr] (explorer.exe) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr(Microsoft)] (explorer.exe @ apphelp.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88e9ee0
[IAT:Addr(Microsoft)] (explorer.exe @ apphelp.dll) kernel32!GetPackageFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88db8d0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0790
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!CloseThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d5060
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!StartThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3adf60
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!CancelThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e8ca0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ shlwapi.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ shlwapi.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ shell32.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ shell32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ uxtheme.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ duser.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ dui70.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ dui70.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr(Microsoft)] (explorer.exe @ dui70.dll) kernel32!GetCurrentPackageId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b8ff0
[IAT:Addr] (explorer.exe @ slc.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ slc.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ dxgi.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ imm32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ msctf.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ ole32.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ ole32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr(Microsoft)] (explorer.exe @ comctl32.dll) kernel32!GetCurrentPackageId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b8ff0
[IAT:Addr] (explorer.exe @ comctl32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d7f30
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38ddf0
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38e2c0
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ oleacc.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ twinui.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ twinui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!GetSystemAppDataKey : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f62a0
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!CloseState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f5c30
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!GetStateFolder : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f6a40
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!OpenStateExplicit : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f6140
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!OpenState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f7f90
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!GetCurrentPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88c7aa0
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!ParseApplicationUserModelId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88e8150
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0790
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!EventEnabled : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf580
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ explorerframe.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ explorerframe.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ tiptsf.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ msutb.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ msutb.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ msutb.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ msutb.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ msutb.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr(Microsoft)] (explorer.exe @ wldp.dll) kernel32!GetPackageFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88db8d0
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ wldp.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ wldp.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ wtsapi32.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!CloseThreadpool : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3efa30
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!SetThreadpoolThreadMaximum : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e48b0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3885b0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3dddc0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!RegisterTraceGuidsA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38e690
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!TraceEvent : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e54f0
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ igd10iumd64.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39ba90
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ igdusc64.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ msftedit.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ InputSwitch.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ InputSwitch.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ lockscreencn.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ lockscreencn.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ lockscreencn.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr(Microsoft)] (explorer.exe @ lockscreencn.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0790
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr(Microsoft)] (explorer.exe @ lockscreencn.dll) kernel32!GetSystemAppDataKey : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f62a0
[IAT:Addr(Microsoft)] (explorer.exe @ lockscreencn.dll) kernel32!CloseState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f5c30
[IAT:Addr(Microsoft)] (explorer.exe @ lockscreencn.dll) kernel32!OpenStateExplicit : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f6140
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ lockscreencn.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ stobject.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr(Microsoft)] (explorer.exe @ stobject.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ sxs.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr(Microsoft)] (explorer.exe @ prnfldr.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr(Microsoft)] (explorer.exe @ winspool.drv) kernel32!GetCurrentPackageFamilyName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88cb7e0
[IAT:Addr] (explorer.exe @ ntshrui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ Actioncenter.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ Actioncenter.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ Actioncenter.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ Actioncenter.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1b00
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab402320
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ DXP.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ GdiPlus.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ GdiPlus.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ shdocvw.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ linkinfo.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CancelThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e8ca0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!StartThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3adf60
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d5060
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr(Microsoft)] (explorer.exe @ wininet.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeConditionVariable : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WakeAllConditionVariable : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3df180
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr(Microsoft)] (explorer.exe @ wininet.dll) kernel32!SleepConditionVariableCS : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88d5040
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38ddf0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38e2c0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d7f30
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0790
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!DeleteProcThreadAttributeList : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b5490
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!UpdateProcThreadAttribute : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88c3a40
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!InitializeProcThreadAttributeList : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88c3b70
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ Syncreg.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ Syncreg.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ Syncreg.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ Syncreg.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ nlaapi.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ nlaapi.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ nlaapi.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ nlaapi.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ nlaapi.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ nlaapi.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39ba90
[IAT:Addr(Microsoft)] (explorer.exe @ ieframe.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1c70
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1b00
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!QueryDepthSList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1ca0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InterlockedFlushSList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d5820
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3dddc0
[IAT:Addr(Microsoft)] (explorer.exe @ ieframe.dll) kernel32!SetWaitableTimerEx : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b1840
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab402320
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ ieframe.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!TraceEvent : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e54f0
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ PortableDeviceApi.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38e2c0
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d7f30
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38ddf0
[IAT:Addr(Microsoft)] (explorer.exe @ SettingMonitor.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3dddc0
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ srchadmin.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ msiltcfg.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ msiltcfg.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ msiltcfg.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ msiltcfg.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3885b0
[IAT:Addr] (explorer.exe @ msi.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ SyncCenter.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr(Microsoft)] (explorer.exe @ SyncCenter.dll) kernel32!SetWaitableTimerEx : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b1840
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ imapi2.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ imapi2.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ imapi2.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ imapi2.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ hgcpl.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3885b0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39ba90
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38e2c0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38ddf0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d7f30
[IAT:Addr] (explorer.exe @ urlmon.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ urlmon.dll) advapi32!EventSetInformation : C:\Windows\System32\ntdll.dll @ 0x7ff9ab46bca0
[IAT:Addr] (explorer.exe @ urlmon.dll) advapi32!RegisterTraceGuidsA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38e690
[IAT:Addr] (explorer.exe @ authui.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ authui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr(Microsoft)] (explorer.exe @ authui.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0790
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr(Microsoft)] (explorer.exe @ authui.dll) kernel32!OpenPackageInfoByFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88ee020
[IAT:Addr(Microsoft)] (explorer.exe @ authui.dll) kernel32!GetPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88eed80
[IAT:Addr(Microsoft)] (explorer.exe @ authui.dll) kernel32!ClosePackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88eed20
[IAT:Addr] (explorer.exe @ FXSST.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ FXSST.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ FXSST.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr(Microsoft)] (explorer.exe @ FXSST.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ FXSAPI.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ FXSAPI.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ FXSAPI.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ FXSAPI.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ FXSAPI.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ FXSAPI.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ FXSAPI.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ FXSAPI.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ FXSAPI.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ FXSAPI.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ FXSAPI.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ FXSAPI.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetSystemAppDataKey : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f62a0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88e9ee0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetCurrentPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88c7aa0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!OpenPackageInfoByFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88ee020
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88eed80
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetPackageFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88db8d0
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!IsThreadpoolTimerSet : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3afc00
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0790
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!ClosePackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88eed20
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!CloseState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f5c30
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetStateFolder : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f6a40
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!OpenStateExplicit : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f6140
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!OpenState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f7f90
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr(Microsoft)] (explorer.exe @ WSShared.dll) kernel32!GetPackageFamilyName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88e4f40
[IAT:Addr(Microsoft)] (explorer.exe @ WSShared.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88e9ee0
[IAT:Addr(Microsoft)] (explorer.exe @ WSShared.dll) kernel32!FindPackagesByPackageFamily : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f8340
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3dddc0
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ DropboxExt64.19.0.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ NetworkExplorer.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0790
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ AltTab.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ pnidui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ Windows.UI.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ bthprops.cpl) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!InterlockedFlushSList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d5820
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1c70
[IAT:Addr] (explorer.exe @ CoreSync_x64.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!TraceEvent : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e54f0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88e9ee0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!InitOnceInitialize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88c7aa0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!CloseState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f5c30
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetStateFolder : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f6a40
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!OpenState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88f7f90
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentApplicationUserModelId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88cba00
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackageFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a89072c0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackagePath : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a893aca0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackageId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b8ff0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!CloseThreadpoolCleanupGroup : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e3f60
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!CloseThreadpoolCleanupGroupMembers : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d79d0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackageFamilyName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88cb7e0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39ba90
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39ba90
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3885b0
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!QueryDepthSList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1ca0
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InterlockedFlushSList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d5820
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1b00
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab402320
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1c70
[IAT:Addr] (explorer.exe @ ashShA64.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ searchfolder.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr(Microsoft)] (explorer.exe @ searchfolder.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88e9ee0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0790
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ apprepapi.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ apprepapi.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ apprepapi.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr(Microsoft)] (explorer.exe @ apprepapi.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88b2580
[IAT:Addr] (explorer.exe @ apprepapi.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ apprepapi.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ apprepapi.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ apprepapi.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ apprepapi.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ apprepapi.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ apprepapi.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ apprepapi.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ sfc_os.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ VAN.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ VAN.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ dot3mm.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c7410
[IAT:Addr] (explorer.exe @ dot3mm.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ dot3mm.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ dot3mm.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ dot3mm.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ RASMM.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ RASMM.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ RASMM.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ RASMM.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ RASMM.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3dddc0
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab402320
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ netshell.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1b00
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab402320
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1b00
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ WLanConn.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ WLanConn.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ WLanConn.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ WLanConn.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ WLanConn.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ SetNetworkLocation.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ wpnprv.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ wscapi.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ wscapi.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ wscui.cpl) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ wscui.cpl) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ wscui.cpl) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ wscui.cpl) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab402320
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1b00
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!IsThreadpoolTimerSet : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3afc00
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3b1f20
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8040
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e0830
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!WakeAllConditionVariable : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3df180
[IAT:Addr(Microsoft)] (explorer.exe @ werconcpl.dll) kernel32!SleepConditionVariableCS : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9a88d5040
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!InitializeConditionVariable : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3db590
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8000
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38e2c0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d7f30
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38ddf0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab39f0a0
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391b50
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c920
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ werconcpl.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab391a70
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e50a0
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38c930
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e4e90
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5060
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c20e0
[IAT:Addr] (explorer.exe @ wercplsupport.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ wercplsupport.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ wercplsupport.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ wercplsupport.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d8190
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38ddf0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d7f30
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ad9f0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab960
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ac020
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3aaba0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab670
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9ab38e2c0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ hcproviders.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3bf040
[IAT:Addr] (explorer.exe @ winmm.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400450
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ timedate.cpl) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ timedate.cpl) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3e5d00
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3abfa0
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ab700
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3ce700
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3cdd40
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d3d70
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3a0c90
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab402320
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3c5fd0
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9ab3d1b00
[IAT:Addr] (explorer.exe @ atl.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9ab400460

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-22V0TT0 +++++
--- User ---
[MBR] eb21d14b11374ab298e10b848383e556
[BSP] ce00a87959a6fe1e8b965f92d8d78c30 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1148928 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1411072 | Size: 461251 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 946053120 | Size: 15000 MB
User = LL1 ... OK
User = LL2 ... OK


Thank you very much indeed.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 23 May 2018 - 10:05 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please paste the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 29 May 2018 - 06:31 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users