Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Trojan Virus Worry

Solved 
5K views 26 replies 3 participants last post by  iMacg3 
#1 ·
Hello,

I ran the Microsoft Security Essentials virus protection program and it found a potentially serious program. Here are the details per the MSE report:


"Trojan:HTML/FakeAlert.AA

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately."


I removed the software via the Microsoft Security Essentials virus protection program. Is there anything else I should do? Do I need to reinstall the operating system (Windows 7) and wipe the computer several times (when I re-install)? Do I need to change all the passwords on the computer and on my online accounts (e.g., e-mail account, bank account, etc.)? Can I rest easy or do I need to worry? Please help!
 
#2 · (Edited)
Is Microsoft Security Essentials 4.10.209.0 the only security-related app that you're using in your computer?

One of the malware removal specialists here will need to help you, so be patient until one replies.

It's my guess you're not computer-knowledgeable, so hopefully you'll be able to follow the instructions given to you.

--------------------------------------------------------------
 
#3 ·
The other security-related application I have is Malwarebytes. I ran Malwarebytes before I ran MSE, but Malwarebytes did not detect anything. My concern is that the malicious program had been on my computer for several days before I manually ran MSE. Therefore I am concerned about the possibility of my passwords (e.g., those entered online and the password to log in to the computer) having been compromised.
 
#4 ·
Hi K1979, welcome to the Tech Support Guy malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 
#6 ·
I concurrently had asked another expert for help as well, and he said to not worry and just run "eset online scanner". I downloaded and ran it: it found no malware. iMacg3 said: "Do not install any new software or run any fixes/tools on your system unless I request that you do so." I downloaded/ran "eset online scanner" before reading iMacg3's message. Was downloading "eset online scanner" a problem, or is it okay to just go ahead and start executing iMacg3's steps as outlined above?
 
#8 ·
I consulted another website--actually their instant chat forum--and the person I happened to get told me not to worry and just run "eset online scanner". I was just getting multiple opinions, much like getting a few opinions from different doctors (e.g., surgery or no surgery?). The "eset online scanner" found no problems, so I'm guessing going ahead with your plan is okay? Or, is it necessary?
 
#10 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2019
Ran by Gloria (administrator) on GLORIA-PC (02-10-2019 17:17:22)
Running from C:\Users\Gloria\Downloads
Loaded Profiles: Gloria (Available Profiles: Gloria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {43E0CB8B-1644-44D7-9EF3-6A9F7BF90BFA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Gloria\Downloads\esetonlinescanner_enu.exe [8149816 2019-09-27] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {4CE87036-8A6B-4B34-8355-D4F36C05F912} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {97D0EEC1-036A-4640-824D-0628080C3C2F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Gloria\Downloads\esetonlinescanner_enu.exe [8149816 2019-09-27] (ESET, spol. s r.o. -> ESET spol. s r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C85A228F-0923-4836-B54D-336AD9F0BED1}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1979779775-2233383720-3097755226-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us

FireFox:
========
FF DefaultProfile: kntavqcv.default
FF ProfilePath: C:\Users\Gloria\AppData\Roaming\Mozilla\Firefox\Profiles\kntavqcv.default [2019-06-12]
FF ProfilePath: C:\Users\Gloria\AppData\Roaming\Mozilla\Firefox\Profiles\fywfcf1f.default-release [2019-10-02]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [5020672 2009-07-13] (Microsoft Windows -> ATI Technologies Inc.)
R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151296 2007-04-12] (Creative -> Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-30] (Malwarebytes Corporation -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Microsoft Windows -> Realtek Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-02 17:17 - 2019-10-02 17:19 - 000007483 _____ C:\Users\Gloria\Downloads\FRST.txt
2019-10-02 17:16 - 2019-10-02 17:18 - 000000000 ____D C:\FRST
2019-10-02 17:07 - 2019-10-02 17:08 - 001615360 _____ (Farbar) C:\Users\Gloria\Downloads\FRST64.exe
2019-09-30 21:15 - 2019-09-30 21:15 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-09-27 22:00 - 2019-09-27 22:00 - 000003722 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2019-09-27 22:00 - 2019-09-27 22:00 - 000003282 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2019-09-27 20:23 - 2019-09-27 20:23 - 000000792 _____ C:\Users\Gloria\Desktop\ESET Online Scanner.lnk
2019-09-27 20:23 - 2019-09-27 20:23 - 000000000 ____D C:\Users\Gloria\AppData\Local\ESET
2019-09-27 20:22 - 2019-09-27 20:22 - 008149816 _____ (ESET spol. s r.o.) C:\Users\Gloria\Downloads\esetonlinescanner_enu.exe
2019-09-18 16:30 - 2019-09-18 21:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-09-10 16:56 - 2019-08-28 22:56 - 003966904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-09-10 16:56 - 2019-08-28 22:55 - 004061112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-09-10 16:56 - 2019-08-28 22:55 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-09-10 16:56 - 2019-08-28 22:54 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-09-10 16:56 - 2019-08-28 22:53 - 005553104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-09-10 16:56 - 2019-08-28 22:53 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-09-10 16:56 - 2019-08-28 22:53 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-09-10 16:56 - 2019-08-28 22:53 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-09-10 16:56 - 2019-08-28 22:53 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-09-10 16:56 - 2019-08-28 22:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-09-10 16:56 - 2019-08-28 22:52 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-09-10 16:56 - 2019-08-28 22:51 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 001078784 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-09-10 16:56 - 2019-08-28 22:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-09-10 16:56 - 2019-08-28 22:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-09-10 16:56 - 2019-08-28 22:19 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-09-10 16:56 - 2019-08-28 22:19 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-09-10 16:56 - 2019-08-28 22:15 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-09-10 16:56 - 2019-08-28 22:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-09-10 16:56 - 2019-08-28 22:15 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-09-10 16:56 - 2019-08-28 22:15 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-09-10 16:56 - 2019-08-28 22:15 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-09-10 16:56 - 2019-08-28 22:15 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-09-10 16:56 - 2019-08-28 22:14 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-09-10 16:56 - 2019-08-28 22:14 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-09-10 16:56 - 2019-08-28 22:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-09-10 16:56 - 2019-08-28 22:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-09-10 16:56 - 2019-08-28 22:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-09-10 16:56 - 2019-08-28 22:14 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-09-10 16:56 - 2019-08-27 16:50 - 000390536 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-09-10 16:56 - 2019-08-27 15:59 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-09-10 16:56 - 2019-08-27 01:07 - 025752064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-09-10 16:56 - 2019-08-26 23:29 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-09-10 16:56 - 2019-08-26 23:27 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-09-10 16:56 - 2019-08-26 23:27 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-09-10 16:56 - 2019-08-26 23:27 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-09-10 16:56 - 2019-08-26 23:27 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-09-10 16:56 - 2019-08-26 23:26 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-09-10 16:56 - 2019-08-26 23:21 - 020290560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-09-10 16:56 - 2019-08-26 23:20 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-09-10 16:56 - 2019-08-26 23:19 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-09-10 16:56 - 2019-08-26 23:17 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-09-10 16:56 - 2019-08-26 23:17 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-09-10 16:56 - 2019-08-26 23:16 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-09-10 16:56 - 2019-08-26 23:16 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-09-10 16:56 - 2019-08-26 23:15 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-09-10 16:56 - 2019-08-26 23:15 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-09-10 16:56 - 2019-08-26 23:08 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-09-10 16:56 - 2019-08-26 23:05 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-09-10 16:56 - 2019-08-26 23:03 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-09-10 16:56 - 2019-08-26 23:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-09-10 16:56 - 2019-08-26 23:02 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-09-10 16:56 - 2019-08-26 23:02 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-09-10 16:56 - 2019-08-26 23:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-09-10 16:56 - 2019-08-26 22:59 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-09-10 16:56 - 2019-08-26 22:59 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-09-10 16:56 - 2019-08-26 22:58 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-09-10 16:56 - 2019-08-26 22:58 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-09-10 16:56 - 2019-08-26 22:56 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-09-10 16:56 - 2019-08-26 22:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-09-10 16:56 - 2019-08-26 22:55 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-09-10 16:56 - 2019-08-26 22:54 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-09-10 16:56 - 2019-08-26 22:54 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-09-10 16:56 - 2019-08-26 22:53 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-09-10 16:56 - 2019-08-26 22:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-09-10 16:56 - 2019-08-26 22:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-09-10 16:56 - 2019-08-26 22:52 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-09-10 16:56 - 2019-08-26 22:50 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-09-10 16:56 - 2019-08-26 22:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-09-10 16:56 - 2019-08-26 22:42 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-09-10 16:56 - 2019-08-26 22:40 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-09-10 16:56 - 2019-08-26 22:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-09-10 16:56 - 2019-08-26 22:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-09-10 16:56 - 2019-08-26 22:39 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-09-10 16:56 - 2019-08-26 22:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-09-10 16:56 - 2019-08-26 22:37 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-09-10 16:56 - 2019-08-26 22:37 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-09-10 16:56 - 2019-08-26 22:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-09-10 16:56 - 2019-08-26 22:36 - 015389184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-09-10 16:56 - 2019-08-26 22:36 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-09-10 16:56 - 2019-08-26 22:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-09-10 16:56 - 2019-08-26 22:34 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-10 16:56 - 2019-08-26 22:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-09-10 16:56 - 2019-08-26 22:30 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-09-10 16:56 - 2019-08-26 22:28 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-09-10 16:56 - 2019-08-26 22:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-09-10 16:56 - 2019-08-26 22:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-09-10 16:56 - 2019-08-26 22:26 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-09-10 16:56 - 2019-08-26 22:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-09-10 16:56 - 2019-08-26 22:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-09-10 16:56 - 2019-08-26 22:15 - 001568256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-09-10 16:56 - 2019-08-26 22:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-09-10 16:56 - 2019-08-26 22:06 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-09-10 16:56 - 2019-08-26 22:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-09-10 16:56 - 2019-08-26 22:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-09-10 16:56 - 2019-08-22 18:07 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-10 16:56 - 2019-08-20 21:59 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-09-10 16:56 - 2019-08-20 00:24 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-09-10 16:56 - 2019-08-20 00:21 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-09-10 16:56 - 2019-08-19 23:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-10 16:56 - 2019-08-19 23:51 - 003232256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-09-10 16:56 - 2019-08-19 22:47 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-09-10 16:56 - 2019-08-15 03:59 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-10 16:56 - 2019-08-15 03:59 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-09-10 16:56 - 2019-08-14 13:54 - 003229184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-09-10 16:56 - 2019-08-14 13:54 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2019-09-10 16:56 - 2019-08-14 13:53 - 000253440 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2019-09-10 16:56 - 2019-08-14 13:53 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2019-09-10 16:56 - 2019-08-14 01:22 - 000374496 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-09-10 16:56 - 2019-08-14 01:20 - 003730432 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-10 16:56 - 2019-08-14 01:20 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-10 16:56 - 2019-08-14 01:20 - 000282112 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2019-09-10 16:56 - 2019-08-14 01:20 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2019-09-10 16:56 - 2019-08-14 01:19 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2019-09-10 16:56 - 2019-08-14 01:04 - 001053184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2019-09-10 16:56 - 2019-08-14 01:04 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2019-09-10 16:56 - 2019-08-14 00:59 - 001120768 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2019-09-10 16:56 - 2019-08-14 00:59 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2019-09-10 16:56 - 2019-08-14 00:52 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-10 16:56 - 2019-08-13 18:20 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-10 16:56 - 2019-08-13 18:19 - 000988384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-09-10 16:56 - 2019-08-13 18:19 - 000267488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-09-10 16:56 - 2019-08-13 18:16 - 001009664 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-09-10 16:56 - 2019-08-13 18:16 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-10 16:56 - 2019-08-13 18:15 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-09-10 16:56 - 2019-08-13 18:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-09-10 16:56 - 2019-08-13 18:13 - 000833536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-09-10 16:56 - 2019-08-13 18:13 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-09-10 16:56 - 2019-08-13 18:13 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-09-10 16:56 - 2019-08-12 22:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-09-10 16:56 - 2019-08-12 22:58 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-09-10 16:56 - 2019-08-12 22:58 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-09-10 16:56 - 2019-08-12 22:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-09-10 16:56 - 2019-08-12 20:56 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-10 16:56 - 2019-08-12 20:56 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-09-10 16:55 - 2019-08-28 22:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-09-10 16:55 - 2019-08-28 22:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-09-10 16:55 - 2019-08-28 22:22 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-09-10 16:55 - 2019-08-28 22:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-09-10 16:55 - 2019-08-28 22:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-09-10 16:55 - 2019-08-28 22:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-09-10 16:55 - 2019-08-28 22:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-09-10 16:55 - 2019-08-28 22:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-09-10 16:55 - 2019-08-28 22:21 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-09-10 16:55 - 2019-08-28 22:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-09-10 16:55 - 2019-08-28 22:18 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-09-10 16:55 - 2019-08-28 22:14 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-09-10 16:55 - 2019-08-26 23:41 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-09-10 16:55 - 2019-08-26 23:41 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-09-10 16:55 - 2019-08-26 23:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-09-10 16:55 - 2019-08-20 21:56 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-09-10 16:55 - 2019-08-20 21:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-09-10 16:55 - 2019-08-20 21:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-09-10 16:55 - 2019-08-20 19:19 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-09-10 16:55 - 2019-08-20 00:21 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-09-10 16:55 - 2019-08-20 00:21 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-09-10 16:55 - 2019-08-20 00:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-09-10 16:55 - 2019-08-13 18:15 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-10 16:55 - 2019-08-12 20:56 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-09-10 16:55 - 2019-08-12 20:56 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-10 16:55 - 2019-08-12 20:56 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-10 16:55 - 2019-08-12 20:56 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-09-10 16:55 - 2019-08-12 20:56 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-10 16:55 - 2019-08-12 20:56 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-10 16:55 - 2019-08-12 20:56 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-10 16:53 - 2019-08-15 21:02 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-09-10 16:53 - 2019-08-15 20:56 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-02 17:18 - 2019-06-12 22:01 - 000000000 ____D C:\Users\Gloria\AppData\LocalLow\Mozilla
2019-10-02 17:12 - 2009-07-14 00:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-02 17:12 - 2009-07-14 00:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-01 17:01 - 2019-06-13 14:25 - 000034240 _____ C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
2019-10-01 17:01 - 2019-06-13 14:25 - 000034240 _____ C:\Windows\system32\BMXState-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
2019-10-01 17:01 - 2019-06-13 14:25 - 000030528 _____ C:\Windows\system32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
2019-10-01 17:01 - 2019-06-13 14:25 - 000030528 _____ C:\Windows\system32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
2019-10-01 17:01 - 2019-06-13 14:25 - 000011564 _____ C:\Windows\system32\DVCState-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
2019-09-30 21:15 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-26 17:08 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2019-09-18 21:20 - 2019-06-12 21:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-14 13:45 - 2019-07-03 18:38 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-09-11 16:04 - 2009-07-14 01:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-11 16:04 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-09-10 17:12 - 2009-07-14 00:45 - 000418968 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-10 17:09 - 2019-06-13 14:24 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-09-10 17:05 - 2019-06-13 14:15 - 000773788 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-07-15 05:05
==================== End of FRST.txt ============================

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2019
Ran by Gloria (02-10-2019 17:20:59)
Running from C:\Users\Gloria\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2019-06-13 01:51:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1979779775-2233383720-3097755226-500 - Administrator - Disabled)
Gloria (S-1-5-21-1979779775-2233383720-3097755226-1000 - Administrator - Enabled) => C:\Users\Gloria
Guest (S-1-5-21-1979779775-2233383720-3097755226-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1979779775-2233383720-3097755226-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Mozilla Firefox 69.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 69.0.1 (x86 en-US)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.2 - Mozilla)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2019-07-03 18:39 - 2019-09-14 13:45 - 001700328 _____ (Malwarebytes Inc -> Igor Pavlov) [File not signed] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1979779775-2233383720-3097755226-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3AE60CF4-3EAB-4A56-B6CF-C32585508EAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{72866C30-C97D-4B04-AE72-431582D9D9EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E05834F3-BA9D-453D-B5A7-8CFE36CAFFCA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{F1432E2A-7C54-4D8D-A94E-890705416DED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)

==================== Restore Points =========================

03-09-2019 16:46:58 Windows Update
07-09-2019 17:02:54 Windows Update
10-09-2019 16:59:29 Windows Update
11-09-2019 16:00:53 Windows Update
15-09-2019 11:26:13 Windows Update
18-09-2019 16:36:32 Windows Update
21-09-2019 16:49:38 Windows Update
25-09-2019 16:37:25 Windows Update
30-09-2019 16:20:12 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2019 09:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/27/2019 10:02:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 69.0.1.7199 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11d0

Start Time: 01d5756b717b1d68

Termination Time: 406

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (09/25/2019 08:06:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/20/2019 04:36:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/12/2019 05:30:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/10/2019 05:13:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/07/2019 04:28:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2019 04:20:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (09/30/2019 04:23:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.303.557.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.16400.2

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (09/30/2019 04:23:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.303.557.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.16400.2

Error code: 0x800704e8

Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (09/27/2019 08:32:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/27/2019 08:32:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Gloria\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/27/2019 08:32:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/27/2019 08:32:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Gloria\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/27/2019 08:32:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/27/2019 08:32:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Gloria\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0406 09/10/2009
Motherboard: ASUSTeK Computer INC. M4A785-M
Processor: AMD Phenom(tm) II X2 550 Processor
Percentage of memory in use: 88%
Total physical RAM: 2047.18 MB
Available physical RAM: 243.44 MB
Total Virtual: 4094.35 MB
Available Virtual: 1414.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:429.87 GB) NTFS

\\?\Volume{431c836d-8d95-11e9-a881-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5B7C5C16)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#11 ·
Hi K1979,

No malware was found in your logs. There are a few files that I can't find much information about - the following FRST fix will take a look at those file properties.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    File: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
 
#12 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-10-2019
Ran by Gloria (04-10-2019 19:12:37) Run:1
Running from C:\Users\Gloria\Downloads
Loaded Profiles: Gloria (Available Profiles: Gloria)
Boot Mode: Normal
==============================================

fixlist content:
*****************
File: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx

*****************


========================= File: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx ========================

C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
File not signed
MD5: AC85858A0E0620530DC5A26CB90CC2FB
Creation and modification date: 2019-06-13 14:25 - 2019-10-04 17:42
Size: 000034240
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


==== End of Fixlog 19:12:38 ====
 
#13 ·
Hi K1979,

Please run the following FRST fix to upload a file to VirusTotal for scanning:

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    VirusTotal: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
 
#14 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by Gloria (07-10-2019 18:06:17) Run:2
Running from C:\Users\Gloria\Downloads
Loaded Profiles: Gloria (Available Profiles: Gloria)
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx

*****************

VirusTotal: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx => https://www.virustotal.com/file/b33...5600223dba1bf365e1611f78/analysis/1570485979/

==== End of Fixlog 18:06:19 ====
 
#15 ·
Hi K1979,

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

---------------------------------------------------
Emsisoft Emergency Kit

Download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[S0*].txt
  • Emsisoft Emergency Kit log
 
#16 ·
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-09-2019
# Duration: 00:00:19
# OS: Windows 7 Home Premium
# Scanned: 35164
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner_Debug.log - [4734 octets] - [09/10/2019 15:50:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Emsisoft Emergency Kit - Version 2019.6
Last update: 10/9/2019 4:12:07 PM
User account: Gloria-PC\Gloria
Computer name: GLORIA-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 10/9/2019 4:14:26 PM

Scanned 10216
Found 0

Scan end: 10/9/2019 4:19:48 PM
Scan time: 0:05:22
 
#17 ·
Hi K1979,

Your logs are clean of malware. The Windows Defender detection is often caused by a webpage such as a tech support scam page loading in your browser. Windows Defender will block that, resulting in the detection.

Let me know of any outstanding issues with this computer.
 
#18 ·
Thank you very much for your help! The virus detection only came about as a result of me deciding to run a "full scan". I trust and hope that does not mean that there exists some chance that perhaps some personal data was snatched from my computer before I ran the scan and removed the virus.
 
#19 ·
Hi K1979,

  • Click the Start button. Type Windows Security and press Enter.
  • Select Virus & threat protection > Threat History.
  • Under "Quarantined Items" select See full history.
  • Next to the detected threat, click See details.
  • Under Affected items, the file path will be listed.
In your next reply, copy and paste or type the file path of the quarantined threat.
 
#20 ·
After typing "Windows Security" and pressing enter, the "Windows Firewall with Advanced Security" window opened. However I was unable to find anything labeled "Virus & threat protection", "Threat History", etc. Way back when, when I ran the "full scan" it was on Microsoft Security Essentials not Windows Defender--perhaps this explains this. I did record some info from MSE when it caught the Trojan virus. Perhaps this is what you need to know (at the bottom"?:

Trojan:HTML/FakeAlert.AA

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
containerfile:C:\Users\Gloria\AppData\Local\Mozilla\Firefox\Profiles\fywfcf1f.default-release\cache2\entries\18A988B67BF219A138532F07BF98DB11B16BE574
file:C:\Users\Gloria\AppData\Local\Mozilla\Firefox\Profiles\fywfcf1f.default-release\cache2\entries\18A988B67BF219A138532F07BF98DB11B16BE574->(GZip)​

If this is not what you need to know, please advise me further.
 
#21 ·
Hi K1979,

Yes, that's the correct information. It looks like the file is in Firefox's cache and not something that has infected your PC.

If all is well:

The following will remove the tools we used as well as reset system restore points:

---------------------------------------------------
KpRm

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
Here are some articles about how to keep your computer safe on the internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing :)
 
#22 ·
Sorry to bother you, but I had one more concern. My SSD failed me a couple of months ago, and I installed an HDD. The result was slower operating speed. It takes about 5-7 for the calculator program to appear after I press the calculator button on my keyboard. A family member thinks it virus-related. I think not. I'm thinking add SDRAM will help (It looks like I currently have 2.00 GB of installed memory). I don't know if we should look further for a hidden virus or whether your tests should be enough assurance.
 
#23 ·
Hi K1979,

Adding more RAM will help when running multiple applications/etc.

Please run the following FRST fix to empty temporary files:

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    Emptytemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • Let me know if computer performance has improved.
 
#24 ·
It does seem faster. So I just repeat this process in the future to free things up?

I did as requested, but it required me to restart the computer--hence no log popped up automatically. I made the hasty decision to repeat the emptytemp process, rather than search for the notepad file. In short, the Fixlog.txt report reflects the second time I did the emptytemp process. Here's the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by Gloria (16-10-2019 17:52:31) Run:4
Running from C:\Users\Gloria\Downloads
Loaded Profiles: Gloria (Available Profiles: Gloria)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Emptytemp:

*****************


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2100480 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 12832486 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Gloria => 20458 B

RecycleBin => 0 B
EmptyTemp: => 14.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:52:41 ====
 
#26 ·
I ran the KpRm program, and here is the report that was generated:

# Run at 10/18/2019 5:36:19 PM
# KpRm (Kernel-panik) version 1.13.2
# Website https://kernel-panik.me/tool/kprm/
# Run by Gloria from C:\Users\Gloria\Downloads
# Computer Name: GLORIA-PC
# OS: Windows 7 X64 (7601) Service Pack 1
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point

- Create Registry Backup -

~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\Gloria\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2019-10-18-17-35-48

- Remove Tools -

## AdwCleaner
[OK] C:\Users\Gloria\Desktop\Extra Scanning Tools\AdwCleaner.exe deleted (1)
[OK] C:\AdwCleaner deleted (1)

## ESET Online Scanner
[OK] C:\Users\Gloria\Desktop\ESET Online Scanner.lnk deleted (1)
[OK] C:\Users\Gloria\Desktop\Extra Scanning Tools\ESET Online Scanner.lnk deleted (1)
[OK] C:\Users\Gloria\Downloads\esetonlinescanner_enu.exe deleted (1)
[OK] C:\Users\Gloria\AppData\Local\ESET\ESETOnlineScanner deleted (1)

## FRST
[OK] C:\Users\Gloria\Downloads\Fixlog.txt deleted (1)
[OK] C:\Users\Gloria\Downloads\FRST64(1).exe deleted (1)
[OK] C:\Users\Gloria\Downloads\FRST64(2).exe deleted (1)
[OK] C:\Users\Gloria\Downloads\FRST64(3).exe deleted (1)
[OK] C:\Users\Gloria\Downloads\FRST64(4).exe deleted (1)
[OK] C:\Users\Gloria\Downloads\FRST64(5).exe deleted (1)
[OK] C:\Users\Gloria\Downloads\FRST64.exe deleted (1)
[OK] C:\FRST deleted (1)

- Restore System Settings -

[OK] Flush DNS
[OK] Reset WinSock
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableLUA with default (1) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Windows Update created at 09/03/2019 20:46:58 deleted
~ [OK] RP named Windows Update created at 09/07/2019 21:02:54 deleted
~ [OK] RP named Windows Update created at 09/10/2019 20:59:29 deleted
~ [OK] RP named Windows Update created at 09/11/2019 20:00:53 deleted
~ [OK] RP named Windows Update created at 09/15/2019 15:26:13 deleted
~ [OK] RP named Windows Update created at 09/18/2019 20:36:32 deleted
~ [OK] RP named Windows Update created at 09/21/2019 20:49:38 deleted
~ [OK] RP named Windows Update created at 09/25/2019 20:37:25 deleted
~ [OK] RP named Windows Update created at 09/30/2019 20:20:12 deleted
~ [OK] RP named Windows Update created at 10/04/2019 20:39:33 deleted
~ [OK] RP named Windows Update created at 10/05/2019 07:00:27 deleted
~ [OK] RP named Windows Update created at 10/05/2019 21:18:16 deleted
~ [OK] RP named Windows Update created at 10/09/2019 07:01:00 deleted
~ [OK] RP named Windows Modules Installer created at 10/12/2019 22:35:58 deleted
~ [OK] RP named Windows Update created at 10/12/2019 22:53:12 deleted
~ [OK] RP named Windows Modules Installer created at 10/13/2019 00:02:21 deleted
~ [OK] RP named Windows Modules Installer created at 10/13/2019 01:18:38 deleted
~ [OK] RP named Windows Modules Installer created at 10/13/2019 01:25:26 deleted
~ [OK] RP named Windows Update created at 10/16/2019 20:15:03 deleted

[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 10/18/2019 21:39:32 found

-- KPRM finished in 245.91s --
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top