1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Trojan Virus Worry

Discussion in 'Virus & Other Malware Removal' started by K1979, Sep 27, 2019.

Advertisement
  1. K1979

    K1979 Thread Starter

    Joined:
    Sep 26, 2019
    Messages:
    13
    Hello,

    I ran the Microsoft Security Essentials virus protection program and it found a potentially serious program. Here are the details per the MSE report:


    "Trojan:HTML/FakeAlert.AA

    Category: Trojan

    Description: This program is dangerous and executes commands from an attacker.

    Recommended action: Remove this software immediately."


    I removed the software via the Microsoft Security Essentials virus protection program. Is there anything else I should do? Do I need to reinstall the operating system (Windows 7) and wipe the computer several times (when I re-install)? Do I need to change all the passwords on the computer and on my online accounts (e.g., e-mail account, bank account, etc.)? Can I rest easy or do I need to worry? Please help!
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,964
    First Name:
    Frank
    Is Microsoft Security Essentials 4.10.209.0 the only security-related app that you're using in your computer?

    One of the malware removal specialists here will need to help you, so be patient until one replies.

    It's my guess you're not computer-knowledgeable, so hopefully you'll be able to follow the instructions given to you.

    --------------------------------------------------------------
     
    Last edited: Sep 27, 2019
  3. K1979

    K1979 Thread Starter

    Joined:
    Sep 26, 2019
    Messages:
    13
    The other security-related application I have is Malwarebytes. I ran Malwarebytes before I ran MSE, but Malwarebytes did not detect anything. My concern is that the malicious program had been on my computer for several days before I manually ran MSE. Therefore I am concerned about the possibility of my passwords (e.g., those entered online and the password to log in to the computer) having been compromised.
     
  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi K1979, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,964
    First Name:
    Frank
    iMacg3 is a malware specialist and has jumped in to help you, so please follow his instructions.
    Good luck. (y)

    ---------------------------------------------------------------
     
  6. K1979

    K1979 Thread Starter

    Joined:
    Sep 26, 2019
    Messages:
    13
    I concurrently had asked another expert for help as well, and he said to not worry and just run "eset online scanner". I downloaded and ran it: it found no malware. iMacg3 said: "Do not install any new software or run any fixes/tools on your system unless I request that you do so." I downloaded/ran "eset online scanner" before reading iMacg3's message. Was downloading "eset online scanner" a problem, or is it okay to just go ahead and start executing iMacg3's steps as outlined above?
     
  7. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi K1979,

    Sorry for the delay.

    Are you receiving assistance at another website?
     
  8. K1979

    K1979 Thread Starter

    Joined:
    Sep 26, 2019
    Messages:
    13
    I consulted another website--actually their instant chat forum--and the person I happened to get told me not to worry and just run "eset online scanner". I was just getting multiple opinions, much like getting a few opinions from different doctors (e.g., surgery or no surgery?). The "eset online scanner" found no problems, so I'm guessing going ahead with your plan is okay? Or, is it necessary?
     
  9. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi K1979,

    Continue with the instructions to download and run Farbar Recovery Scan Tool and post both logs. If you have any questions/issues let me know.
     
  10. K1979

    K1979 Thread Starter

    Joined:
    Sep 26, 2019
    Messages:
    13
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2019
    Ran by Gloria (administrator) on GLORIA-PC (02-10-2019 17:17:22)
    Running from C:\Users\Gloria\Downloads
    Loaded Profiles: Gloria (Available Profiles: Gloria)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {43E0CB8B-1644-44D7-9EF3-6A9F7BF90BFA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Gloria\Downloads\esetonlinescanner_enu.exe [8149816 2019-09-27] (ESET, spol. s r.o. -> ESET spol. s r.o.)
    Task: {4CE87036-8A6B-4B34-8355-D4F36C05F912} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    Task: {97D0EEC1-036A-4640-824D-0628080C3C2F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Gloria\Downloads\esetonlinescanner_enu.exe [8149816 2019-09-27] (ESET, spol. s r.o. -> ESET spol. s r.o.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{C85A228F-0923-4836-B54D-336AD9F0BED1}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1979779775-2233383720-3097755226-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us

    FireFox:
    ========
    FF DefaultProfile: kntavqcv.default
    FF ProfilePath: C:\Users\Gloria\AppData\Roaming\Mozilla\Firefox\Profiles\kntavqcv.default [2019-06-12]
    FF ProfilePath: C:\Users\Gloria\AppData\Roaming\Mozilla\Firefox\Profiles\fywfcf1f.default-release [2019-10-02]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [5020672 2009-07-13] (Microsoft Windows -> ATI Technologies Inc.)
    R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151296 2007-04-12] (Creative -> Creative Technology Ltd)
    S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
    R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
    S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
    S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
    S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
    S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
    S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
    S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
    S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.)
    R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-30] (Malwarebytes Corporation -> Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
    R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Microsoft Windows -> Realtek Corporation )

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-02 17:17 - 2019-10-02 17:19 - 000007483 _____ C:\Users\Gloria\Downloads\FRST.txt
    2019-10-02 17:16 - 2019-10-02 17:18 - 000000000 ____D C:\FRST
    2019-10-02 17:07 - 2019-10-02 17:08 - 001615360 _____ (Farbar) C:\Users\Gloria\Downloads\FRST64.exe
    2019-09-30 21:15 - 2019-09-30 21:15 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-09-27 22:00 - 2019-09-27 22:00 - 000003722 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
    2019-09-27 22:00 - 2019-09-27 22:00 - 000003282 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
    2019-09-27 20:23 - 2019-09-27 20:23 - 000000792 _____ C:\Users\Gloria\Desktop\ESET Online Scanner.lnk
    2019-09-27 20:23 - 2019-09-27 20:23 - 000000000 ____D C:\Users\Gloria\AppData\Local\ESET
    2019-09-27 20:22 - 2019-09-27 20:22 - 008149816 _____ (ESET spol. s r.o.) C:\Users\Gloria\Downloads\esetonlinescanner_enu.exe
    2019-09-18 16:30 - 2019-09-18 21:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2019-09-10 16:56 - 2019-08-28 22:56 - 003966904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2019-09-10 16:56 - 2019-08-28 22:55 - 004061112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2019-09-10 16:56 - 2019-08-28 22:55 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2019-09-10 16:56 - 2019-08-28 22:54 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2019-09-10 16:56 - 2019-08-28 22:53 - 005553104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2019-09-10 16:56 - 2019-08-28 22:53 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2019-09-10 16:56 - 2019-08-28 22:53 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2019-09-10 16:56 - 2019-08-28 22:53 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2019-09-10 16:56 - 2019-08-28 22:53 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2019-09-10 16:56 - 2019-08-28 22:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2019-09-10 16:56 - 2019-08-28 22:52 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2019-09-10 16:56 - 2019-08-28 22:51 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 001078784 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2019-09-10 16:56 - 2019-08-28 22:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2019-09-10 16:56 - 2019-08-28 22:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2019-09-10 16:56 - 2019-08-28 22:19 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2019-09-10 16:56 - 2019-08-28 22:19 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2019-09-10 16:56 - 2019-08-28 22:15 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2019-09-10 16:56 - 2019-08-28 22:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2019-09-10 16:56 - 2019-08-28 22:15 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2019-09-10 16:56 - 2019-08-28 22:15 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2019-09-10 16:56 - 2019-08-28 22:15 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2019-09-10 16:56 - 2019-08-28 22:15 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2019-09-10 16:56 - 2019-08-28 22:14 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2019-09-10 16:56 - 2019-08-28 22:14 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
    2019-09-10 16:56 - 2019-08-28 22:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
    2019-09-10 16:56 - 2019-08-28 22:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
    2019-09-10 16:56 - 2019-08-28 22:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
    2019-09-10 16:56 - 2019-08-28 22:14 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2019-09-10 16:56 - 2019-08-27 16:50 - 000390536 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2019-09-10 16:56 - 2019-08-27 15:59 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2019-09-10 16:56 - 2019-08-27 01:07 - 025752064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2019-09-10 16:56 - 2019-08-26 23:29 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2019-09-10 16:56 - 2019-08-26 23:27 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2019-09-10 16:56 - 2019-08-26 23:27 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2019-09-10 16:56 - 2019-08-26 23:27 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2019-09-10 16:56 - 2019-08-26 23:27 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2019-09-10 16:56 - 2019-08-26 23:26 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2019-09-10 16:56 - 2019-08-26 23:21 - 020290560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2019-09-10 16:56 - 2019-08-26 23:20 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2019-09-10 16:56 - 2019-08-26 23:19 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2019-09-10 16:56 - 2019-08-26 23:17 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2019-09-10 16:56 - 2019-08-26 23:17 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2019-09-10 16:56 - 2019-08-26 23:16 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2019-09-10 16:56 - 2019-08-26 23:16 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2019-09-10 16:56 - 2019-08-26 23:15 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2019-09-10 16:56 - 2019-08-26 23:15 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2019-09-10 16:56 - 2019-08-26 23:08 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2019-09-10 16:56 - 2019-08-26 23:05 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2019-09-10 16:56 - 2019-08-26 23:03 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2019-09-10 16:56 - 2019-08-26 23:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2019-09-10 16:56 - 2019-08-26 23:02 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2019-09-10 16:56 - 2019-08-26 23:02 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2019-09-10 16:56 - 2019-08-26 23:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2019-09-10 16:56 - 2019-08-26 22:59 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2019-09-10 16:56 - 2019-08-26 22:59 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2019-09-10 16:56 - 2019-08-26 22:58 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2019-09-10 16:56 - 2019-08-26 22:58 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2019-09-10 16:56 - 2019-08-26 22:56 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2019-09-10 16:56 - 2019-08-26 22:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2019-09-10 16:56 - 2019-08-26 22:55 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2019-09-10 16:56 - 2019-08-26 22:54 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2019-09-10 16:56 - 2019-08-26 22:54 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2019-09-10 16:56 - 2019-08-26 22:53 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2019-09-10 16:56 - 2019-08-26 22:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2019-09-10 16:56 - 2019-08-26 22:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2019-09-10 16:56 - 2019-08-26 22:52 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2019-09-10 16:56 - 2019-08-26 22:50 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2019-09-10 16:56 - 2019-08-26 22:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2019-09-10 16:56 - 2019-08-26 22:42 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2019-09-10 16:56 - 2019-08-26 22:40 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2019-09-10 16:56 - 2019-08-26 22:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2019-09-10 16:56 - 2019-08-26 22:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2019-09-10 16:56 - 2019-08-26 22:39 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2019-09-10 16:56 - 2019-08-26 22:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2019-09-10 16:56 - 2019-08-26 22:37 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2019-09-10 16:56 - 2019-08-26 22:37 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2019-09-10 16:56 - 2019-08-26 22:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2019-09-10 16:56 - 2019-08-26 22:36 - 015389184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2019-09-10 16:56 - 2019-08-26 22:36 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2019-09-10 16:56 - 2019-08-26 22:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2019-09-10 16:56 - 2019-08-26 22:34 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
    2019-09-10 16:56 - 2019-08-26 22:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2019-09-10 16:56 - 2019-08-26 22:30 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2019-09-10 16:56 - 2019-08-26 22:28 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2019-09-10 16:56 - 2019-08-26 22:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2019-09-10 16:56 - 2019-08-26 22:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2019-09-10 16:56 - 2019-08-26 22:26 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2019-09-10 16:56 - 2019-08-26 22:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2019-09-10 16:56 - 2019-08-26 22:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2019-09-10 16:56 - 2019-08-26 22:15 - 001568256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2019-09-10 16:56 - 2019-08-26 22:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2019-09-10 16:56 - 2019-08-26 22:06 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2019-09-10 16:56 - 2019-08-26 22:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2019-09-10 16:56 - 2019-08-26 22:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2019-09-10 16:56 - 2019-08-22 18:07 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2019-09-10 16:56 - 2019-08-20 21:59 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2019-09-10 16:56 - 2019-08-20 00:24 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2019-09-10 16:56 - 2019-08-20 00:21 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2019-09-10 16:56 - 2019-08-19 23:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
    2019-09-10 16:56 - 2019-08-19 23:51 - 003232256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2019-09-10 16:56 - 2019-08-19 22:47 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2019-09-10 16:56 - 2019-08-15 03:59 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2019-09-10 16:56 - 2019-08-15 03:59 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2019-09-10 16:56 - 2019-08-14 13:54 - 003229184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2019-09-10 16:56 - 2019-08-14 13:54 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
    2019-09-10 16:56 - 2019-08-14 13:53 - 000253440 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
    2019-09-10 16:56 - 2019-08-14 13:53 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2019-09-10 16:56 - 2019-08-14 01:22 - 000374496 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2019-09-10 16:56 - 2019-08-14 01:20 - 003730432 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2019-09-10 16:56 - 2019-08-14 01:20 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
    2019-09-10 16:56 - 2019-08-14 01:20 - 000282112 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
    2019-09-10 16:56 - 2019-08-14 01:20 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2019-09-10 16:56 - 2019-08-14 01:19 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2019-09-10 16:56 - 2019-08-14 01:04 - 001053184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2019-09-10 16:56 - 2019-08-14 01:04 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2019-09-10 16:56 - 2019-08-14 00:59 - 001120768 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2019-09-10 16:56 - 2019-08-14 00:59 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2019-09-10 16:56 - 2019-08-14 00:52 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2019-09-10 16:56 - 2019-08-13 18:20 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2019-09-10 16:56 - 2019-08-13 18:19 - 000988384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2019-09-10 16:56 - 2019-08-13 18:19 - 000267488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2019-09-10 16:56 - 2019-08-13 18:16 - 001009664 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2019-09-10 16:56 - 2019-08-13 18:16 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2019-09-10 16:56 - 2019-08-13 18:15 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2019-09-10 16:56 - 2019-08-13 18:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2019-09-10 16:56 - 2019-08-13 18:13 - 000833536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2019-09-10 16:56 - 2019-08-13 18:13 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2019-09-10 16:56 - 2019-08-13 18:13 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2019-09-10 16:56 - 2019-08-12 22:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
    2019-09-10 16:56 - 2019-08-12 22:58 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
    2019-09-10 16:56 - 2019-08-12 22:58 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
    2019-09-10 16:56 - 2019-08-12 22:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
    2019-09-10 16:56 - 2019-08-12 20:56 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2019-09-10 16:56 - 2019-08-12 20:56 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2019-09-10 16:55 - 2019-08-28 22:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2019-09-10 16:55 - 2019-08-28 22:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2019-09-10 16:55 - 2019-08-28 22:22 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2019-09-10 16:55 - 2019-08-28 22:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2019-09-10 16:55 - 2019-08-28 22:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2019-09-10 16:55 - 2019-08-28 22:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2019-09-10 16:55 - 2019-08-28 22:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2019-09-10 16:55 - 2019-08-28 22:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2019-09-10 16:55 - 2019-08-28 22:21 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2019-09-10 16:55 - 2019-08-28 22:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2019-09-10 16:55 - 2019-08-28 22:18 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2019-09-10 16:55 - 2019-08-28 22:14 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
    2019-09-10 16:55 - 2019-08-26 23:41 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2019-09-10 16:55 - 2019-08-26 23:41 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2019-09-10 16:55 - 2019-08-26 23:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2019-09-10 16:55 - 2019-08-20 21:56 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2019-09-10 16:55 - 2019-08-20 21:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2019-09-10 16:55 - 2019-08-20 21:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2019-09-10 16:55 - 2019-08-20 19:19 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2019-09-10 16:55 - 2019-08-20 00:21 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2019-09-10 16:55 - 2019-08-20 00:21 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2019-09-10 16:55 - 2019-08-20 00:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2019-09-10 16:55 - 2019-08-13 18:15 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2019-09-10 16:55 - 2019-08-12 20:56 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2019-09-10 16:55 - 2019-08-12 20:56 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2019-09-10 16:55 - 2019-08-12 20:56 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2019-09-10 16:55 - 2019-08-12 20:56 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2019-09-10 16:55 - 2019-08-12 20:56 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2019-09-10 16:55 - 2019-08-12 20:56 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2019-09-10 16:55 - 2019-08-12 20:56 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2019-09-10 16:53 - 2019-08-15 21:02 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2019-09-10 16:53 - 2019-08-15 20:56 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-02 17:18 - 2019-06-12 22:01 - 000000000 ____D C:\Users\Gloria\AppData\LocalLow\Mozilla
    2019-10-02 17:12 - 2009-07-14 00:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-10-02 17:12 - 2009-07-14 00:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-10-01 17:01 - 2019-06-13 14:25 - 000034240 _____ C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
    2019-10-01 17:01 - 2019-06-13 14:25 - 000034240 _____ C:\Windows\system32\BMXState-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
    2019-10-01 17:01 - 2019-06-13 14:25 - 000030528 _____ C:\Windows\system32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
    2019-10-01 17:01 - 2019-06-13 14:25 - 000030528 _____ C:\Windows\system32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
    2019-10-01 17:01 - 2019-06-13 14:25 - 000011564 _____ C:\Windows\system32\DVCState-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
    2019-09-30 21:15 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-09-26 17:08 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
    2019-09-18 21:20 - 2019-06-12 21:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-09-14 13:45 - 2019-07-03 18:38 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2019-09-11 16:04 - 2009-07-14 01:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-09-11 16:04 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
    2019-09-10 17:12 - 2009-07-14 00:45 - 000418968 _____ C:\Windows\system32\FNTCACHE.DAT
    2019-09-10 17:09 - 2019-06-13 14:24 - 000000000 ___SD C:\Windows\system32\CompatTel
    2019-09-10 17:05 - 2019-06-13 14:15 - 000773788 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-07-15 05:05
    ==================== End of FRST.txt ============================


    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2019
    Ran by Gloria (02-10-2019 17:20:59)
    Running from C:\Users\Gloria\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2019-06-13 01:51:46)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1979779775-2233383720-3097755226-500 - Administrator - Disabled)
    Gloria (S-1-5-21-1979779775-2233383720-3097755226-1000 - Administrator - Enabled) => C:\Users\Gloria
    Guest (S-1-5-21-1979779775-2233383720-3097755226-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1979779775-2233383720-3097755226-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
    Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
    Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Mozilla Firefox 69.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 69.0.1 (x86 en-US)) (Version: 69.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.2 - Mozilla)
    SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

    ==================== Loaded Modules (Whitelisted) ==============

    2019-07-03 18:39 - 2019-09-14 13:45 - 001700328 _____ (Malwarebytes Inc -> Igor Pavlov) [File not signed] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1979779775-2233383720-3097755226-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gloria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{3AE60CF4-3EAB-4A56-B6CF-C32585508EAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{72866C30-C97D-4B04-AE72-431582D9D9EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{E05834F3-BA9D-453D-B5A7-8CFE36CAFFCA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [UDP Query User{F1432E2A-7C54-4D8D-A94E-890705416DED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    ==================== Codecs (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)

    ==================== Restore Points =========================

    03-09-2019 16:46:58 Windows Update
    07-09-2019 17:02:54 Windows Update
    10-09-2019 16:59:29 Windows Update
    11-09-2019 16:00:53 Windows Update
    15-09-2019 11:26:13 Windows Update
    18-09-2019 16:36:32 Windows Update
    21-09-2019 16:49:38 Windows Update
    25-09-2019 16:37:25 Windows Update
    30-09-2019 16:20:12 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/30/2019 09:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/27/2019 10:02:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 69.0.1.7199 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 11d0

    Start Time: 01d5756b717b1d68

    Termination Time: 406

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id:

    Error: (09/25/2019 08:06:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/20/2019 04:36:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/12/2019 05:30:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/10/2019 05:13:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/07/2019 04:28:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/06/2019 04:20:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    System errors:
    =============
    Error: (09/30/2019 04:23:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.303.557.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.16400.2

    Error code: 0x800704e8

    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Error: (09/30/2019 04:23:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.303.557.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.16400.2

    Error code: 0x800704e8

    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Error: (09/27/2019 08:32:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The eapihdrv service failed to start due to the following error:
    This driver has been blocked from loading

    Error: (09/27/2019 08:32:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Gloria\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (09/27/2019 08:32:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The eapihdrv service failed to start due to the following error:
    This driver has been blocked from loading

    Error: (09/27/2019 08:32:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Gloria\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (09/27/2019 08:32:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The eapihdrv service failed to start due to the following error:
    This driver has been blocked from loading

    Error: (09/27/2019 08:32:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Gloria\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 0406 09/10/2009
    Motherboard: ASUSTeK Computer INC. M4A785-M
    Processor: AMD Phenom(tm) II X2 550 Processor
    Percentage of memory in use: 88%
    Total physical RAM: 2047.18 MB
    Available physical RAM: 243.44 MB
    Total Virtual: 4094.35 MB
    Available Virtual: 1414.88 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:429.87 GB) NTFS

    \\?\Volume{431c836d-8d95-11e9-a881-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5B7C5C16)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  11. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi K1979,

    No malware was found in your logs. There are a few files that I can't find much information about - the following FRST fix will take a look at those file properties.


    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      File: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
     
  12. K1979

    K1979 Thread Starter

    Joined:
    Sep 26, 2019
    Messages:
    13
    Fix result of Farbar Recovery Scan Tool (x64) Version: 02-10-2019
    Ran by Gloria (04-10-2019 19:12:37) Run:1
    Running from C:\Users\Gloria\Downloads
    Loaded Profiles: Gloria (Available Profiles: Gloria)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    File: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx

    *****************


    ========================= File: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx ========================

    C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
    File not signed
    MD5: AC85858A0E0620530DC5A26CB90CC2FB
    Creation and modification date: 2019-06-13 14:25 - 2019-10-04 17:42
    Size: 000034240
    Attributes: ----A
    Company Name:
    Internal Name:
    Original Name:
    Product:
    Description:
    File Version:
    Product Version:
    Copyright:
    VirusTotal: 0

    ====== End of File: ======


    ==== End of Fixlog 19:12:38 ====
     
  13. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi K1979,

    Please run the following FRST fix to upload a file to VirusTotal for scanning:

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      VirusTotal: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
     
  14. K1979

    K1979 Thread Starter

    Joined:
    Sep 26, 2019
    Messages:
    13
    Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
    Ran by Gloria (07-10-2019 18:06:17) Run:2
    Running from C:\Users\Gloria\Downloads
    Loaded Profiles: Gloria (Available Profiles: Gloria)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    VirusTotal: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx

    *****************

    VirusTotal: C:\Windows\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20041102}.rfx => https://www.virustotal.com/file/b33...5600223dba1bf365e1611f78/analysis/1570485979/

    ==== End of Fixlog 18:06:19 ====
     
  15. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi K1979,

    ---------------------------------------------------
    AdwCleaner

    Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now ...
      • When the scan has finished a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab ...
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------
    Emsisoft Emergency Kit

    Download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
    • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
    • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
    • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
    • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
    • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
    • Please save the log in Notepad on your desktop and post the contents in your next reply.
    • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

    ---------------------------------------------------

    In your next reply, please include:
    • AdwCleaner[S0*].txt
    • Emsisoft Emergency Kit log
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1233541

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice