Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Shuts off my laptop without warning

This is a discussion on Shuts off my laptop without warning within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Tried to install a software downloaded off the internet. after that, it disabled my mcafee antivirus and pops up are


Closed Thread
 
Thread Tools Search this Thread
Old 01-02-2018, 11:30 PM   #1
Registered Member
 
Join Date: Mar 2008
Posts: 132
OS: xp sp2



Tried to install a software downloaded off the internet. after that, it disabled my mcafee antivirus and pops up are all over. Installed malwarebytes during safe mode. It helps decrease the threat. Back in normal mode, it still incapacitated mcafee causing it not to respond as well as java, and other programs including programs which I presumed it installed on my system. One of the threats detected by mcafee was not yet deleted but "will be deleted". Its was RDM/Generic. Im not certain.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 11.0.9600.18858
Run by User at 15:26:31 on 2018-01-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.63.1033.18.3907.2875 [GMT 8:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100110225030.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - <orphaned>
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
uRun: [CONNMGRTRAY] C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe Silent
uRun: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [boostPc] "C:\Program Files (x86)\boostPc\boostPc.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{A2E14B3B-24C7-4556-905E-A8666C938CE1} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{A2E14B3B-24C7-4556-905E-A8666C938CE1}\05C4444584F4D454649424254646660303 : DHCPNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100110225029.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Hosts: 127.0.0.1 gf.tools.avast.com
Hosts: 127.0.0.1 pair.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\i4e0c56a.default\
FF - prefs.js: browser.search.selectedEngine - YahooŽ
FF - prefs.js: browser.startup.homepage - hxxps://ph.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171214__yaff
FF - plugin: C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-10 243496]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2017-1-25 47032]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2010-1-10 6234056]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-1-10 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-1-10 21080]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-1-10 59088]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-1-10 82128]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2010-1-10 253880]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2017-12-23 226696]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-10 841000]
S1 663a0d281e0e0d1a5b2aaf9161d9e579;663a0d281e0e0d1a5b2aaf9161d9e579;C:\Windows\System32\drivers\663a0d281e0e0d1a5b2aaf9161d9e579.sys [2018-1-2 73600]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-12-23 27552]
S2 0d8461c19919d191c02215759e11a2e9;0d8461c19919d191c02215759e11a2e9;rundll32.exe C:\Windows\0d8461c19919d191c02215759e11a2e9.dll kIHAlYdFMa --> rundll32.exe C:\Windows\0d8461c19919d191c02215759e11a2e9.dll kIHAlYdFMa [?]
S2 156f2b5621deadddad7ec0990240c4a4;156f2b5621deadddad7ec0990240c4a4;C:\Program Files\156f2b5621deadddad7ec0990240c4a4\0b43a3bf0265c98a0e1fe5fae8a6e0ba.exe [2018-1-2 814080]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-12-13 7760552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-15 352336]
S2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2017-12-16 226024]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2015-2-10 129904]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-1-10 263056]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2016-2-11 208936]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-1-10 279488]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-12-19 458176]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-12-21 116224]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2017-12-23 480800]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-1-10 458960]
S3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2010-1-10 417064]
S3 mfeaacsk;McAfee Inc. mfeaacsk;C:\Windows\System32\drivers\mfeaacsk.sys [2010-1-10 65320]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-10 348968]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-10 493352]
S3 mfeplk;McAfee Inc. mfeplk;C:\Windows\System32\drivers\mfeplk.sys [2010-1-10 66344]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-10 114984]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-12-7 257704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2017-12-20 19456]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2010-1-10 33448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2017-12-20 56832]
.
=============== Created Last 30 ================
.
2018-01-03 00:54:49 1038848 ----a-w- C:\Windows\0d8461c19919d191c02215759e11a2e9.dll
2018-01-03 00:53:10 -------- d-----w- C:\Windows\SysWow64\SSL
2018-01-03 00:52:51 -------- d-----w- C:\Program Files\156f2b5621deadddad7ec0990240c4a4
2018-01-03 00:52:11 -------- d-----w- C:\Program Files (x86)\Multitimer
2018-01-03 00:52:06 -------- d-----w- C:\Users\User\AppData\Roaming\NVIDIA
2018-01-03 00:51:37 -------- d-----w- C:\Program Files (x86)\foldershare
2018-01-03 00:51:13 -------- d-----w- C:\Program Files (x86)\aohGTEheqdnWC
2018-01-03 00:51:09 -------- d-----w- C:\Program Files (x86)\boostPc
2018-01-03 00:51:07 -------- d-----w- C:\Program Files (x86)\RrHYXuUpocPTIXdsppR
2018-01-03 00:51:03 -------- d-----w- C:\Program Files (x86)\TwPufLOWyrxU2
2018-01-03 00:50:55 -------- d-----w- C:\Program Files (x86)\qTTaaczyWvUn
2018-01-03 00:50:43 -------- d-----w- C:\Program Files (x86)\GBeMZXQZBIE
2018-01-03 00:50:22 -------- d-----w- C:\Program Files (x86)\umkISPBbU
2018-01-03 00:49:55 -------- d-----w- C:\Users\User\AppData\Local\CrashDumps
2018-01-03 00:48:37 -------- d-----w- C:\Users\User\AppData\Local\PCBooster
2018-01-02 10:07:32 73600 ----a-w- C:\Windows\System32\drivers\663a0d281e0e0d1a5b2aaf9161d9e579.sys
2017-12-31 06:32:48 -------- d-----w- C:\MagicPlusMini
2017-12-31 05:11:35 -------- d-----w- C:\Windows\SysWow64\r
2017-12-29 02:12:57 -------- d-----w- C:\Program Files (x86)\Karmian
2017-12-24 03:46:55 -------- d-----w- C:\Users\User\AppData\Local\Windows_8
2017-12-24 01:32:17 -------- d-----w- C:\Users\User\AppData\Local\fontconfig
2017-12-24 01:32:11 -------- d-----w- C:\Users\User\.gimp-2.8
2017-12-24 01:32:09 -------- d-----w- C:\Users\User\AppData\Local\gegl-0.2
2017-12-23 21:26:48 -------- d-----w- C:\Program Files\GIMP 2
2017-12-23 03:03:47 -------- d-s---w- C:\Windows\System32\CompatTel
2017-12-23 03:03:47 -------- d-----w- C:\Windows\System32\appraiser
2017-12-23 02:24:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2017-12-23 02:24:42 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2017-12-23 02:24:42 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2017-12-23 02:24:42 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2017-12-23 00:39:00 3283745 ----a-w- C:\Windows\Alienware Fire.scr
2017-12-22 23:28:59 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2017-12-22 23:26:12 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2017-12-22 23:26:12 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2017-12-22 23:26:12 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2017-12-22 23:26:11 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2017-12-22 23:26:11 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2017-12-22 23:25:50 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2017-12-22 23:25:03 480800 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2017-12-22 23:24:14 -------- d-----w- C:\Windows\System32\DAX2
2017-12-22 23:24:10 -------- d-----w- C:\Windows\SysWow64\RTCOM
2017-12-22 23:24:10 -------- d-----w- C:\Program Files\Realtek
2017-12-22 23:23:19 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2017-12-22 23:23:18 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2017-12-22 23:23:18 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2017-12-22 23:21:59 574752 ----a-w- C:\Windows\System32\AERTAC64.dll
2017-12-22 23:21:59 122320 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2017-12-22 23:21:59 118592 ----a-w- C:\Windows\System32\AERTAR64.dll
2017-12-22 23:21:37 -------- d-----w- C:\ProgramData\Package Cache
2017-12-22 23:20:12 81920 ----a-w- C:\Windows\System32\nusb3co3.dll
2017-12-22 23:20:12 226696 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys
2017-12-22 23:16:03 96768 ----a-w- C:\Windows\System32\fsutil.exe
2017-12-22 23:16:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2017-12-22 23:16:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2017-12-22 23:16:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2017-12-22 23:16:03 2565632 ----a-w- C:\Windows\System32\esent.dll
2017-12-22 23:16:03 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2017-12-22 23:16:03 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2017-12-22 23:16:03 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2017-12-22 23:16:03 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2017-12-22 23:15:53 2972672 ----a-w- C:\Windows\SysWow64\explorer.exe
2017-12-22 23:15:39 3229696 ----a-w- C:\Windows\explorer.exe
2017-12-22 23:13:54 670208 ----a-w- C:\Windows\System32\generaltel.dll
2017-12-22 23:13:54 605184 ----a-w- C:\Windows\System32\aeinv.dll
2017-12-22 23:13:54 603648 ----a-w- C:\Windows\System32\devinv.dll
2017-12-22 23:13:54 407392 ----a-w- C:\Windows\System32\centel.dll
2017-12-22 23:13:54 370688 ----a-w- C:\Windows\System32\invagent.dll
2017-12-22 23:13:54 241664 ----a-w- C:\Windows\System32\aepic.dll
2017-12-22 23:13:54 2023936 ----a-w- C:\Windows\System32\aitstatic.exe
2017-12-22 23:13:54 181760 ----a-w- C:\Windows\System32\acmigration.dll
2017-12-22 23:13:54 1570304 ----a-w- C:\Windows\System32\appraiser.dll
2017-12-22 23:13:54 134376 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2017-12-22 23:13:51 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2017-12-22 23:09:57 -------- d-----w- C:\ProgramData\ProductData
2017-12-22 23:09:49 -------- d-----w- C:\Windows\IObit
2017-12-22 23:08:34 27552 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2017-12-22 23:07:55 -------- d-----w- C:\ProgramData\IObit
2017-12-22 23:07:37 -------- d-----w- C:\Users\User\AppData\Roaming\IObit
2017-12-22 23:07:10 -------- d-----w- C:\Program Files (x86)\Driver Booster 5
2017-12-21 11:28:30 -------- d-----w- C:\QUARANTINE
2017-12-21 09:52:06 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2017-12-21 09:52:06 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2017-12-21 09:52:06 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2017-12-21 09:52:06 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2017-12-21 09:52:06 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2017-12-21 09:52:06 429568 ----a-w- C:\Windows\System32\wksprt.exe
2017-12-21 09:52:06 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2017-12-21 09:51:31 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2017-12-21 09:51:31 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2017-12-21 09:49:48 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2017-12-21 09:49:24 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2017-12-21 00:16:07 110144 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2017-12-21 00:15:44 -------- d-----w- C:\ProgramData\Oracle
2017-12-20 14:26:28 -------- d-----w- C:\Program Files\CCleaner
2017-12-20 06:41:35 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2017-12-20 06:41:35 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2017-12-20 06:38:32 3181568 ----a-w- C:\Windows\System32\rdpcorets.dll
2017-12-20 06:38:32 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2017-12-20 06:38:32 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2017-12-20 06:38:32 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2017-12-20 06:38:32 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2017-12-20 06:38:31 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2017-12-20 06:38:31 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2017-12-20 06:38:31 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2017-12-20 06:36:57 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2017-12-20 06:32:55 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2017-12-20 06:29:35 -------- d-----w- C:\Program Files (x86)\DAMN NFO Viewer
2017-12-20 06:19:47 647680 ----a-w- C:\Windows\System32\d3d10level9.dll
2017-12-20 06:19:47 603648 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2017-12-20 06:17:07 6656 ----a-w- C:\Windows\SysWow64\kbdgeoqw.dll
2017-12-20 06:17:07 6656 ----a-w- C:\Windows\SysWow64\KBDAZEL.DLL
2017-12-20 06:17:06 7168 ----a-w- C:\Windows\System32\kbdgeoqw.dll
2017-12-20 06:17:06 7168 ----a-w- C:\Windows\System32\KBDAZEL.DLL
2017-12-20 06:16:00 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2017-12-20 06:15:59 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2017-12-20 06:15:22 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2017-12-20 06:15:22 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2017-12-20 06:14:55 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2017-12-20 06:14:55 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2017-12-20 05:59:11 -------- d-----w- C:\Windows\SysWow64\drivers\uk-UA
2017-12-20 05:59:05 -------- d-----w- C:\Windows\SysWow64\wbem\uk-UA
2017-12-20 05:59:04 -------- d-----w- C:\Windows\uk-UA
2017-12-20 05:59:04 -------- d-----w- C:\Windows\System32\drivers\uk-UA
2017-12-20 05:58:53 -------- d-----w- C:\Windows\System32\wbem\uk-UA
2017-12-20 05:42:38 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2017-12-20 05:42:37 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2017-12-20 05:42:36 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2017-12-20 05:42:36 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2017-12-20 05:42:35 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2017-12-20 05:42:35 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2017-12-20 05:42:35 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2017-12-20 05:42:35 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2017-12-20 05:42:35 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2017-12-20 05:42:34 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2017-12-20 05:42:34 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2017-12-20 05:27:34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2017-12-20 05:27:32 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2017-12-20 05:27:32 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2017-12-20 05:11:34 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2017-12-20 05:11:34 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2017-12-20 05:11:34 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2017-12-20 05:11:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2017-12-20 05:11:33 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2017-12-20 05:11:33 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2017-12-20 05:11:33 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2017-12-20 04:56:58 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\scfilter.sys.mui
2017-12-20 04:56:38 3584 ----a-w- C:\Windows\System32\drivers\uk-UA\portcls.sys.mui
2017-12-20 04:56:37 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\serscan.sys.mui
2017-12-20 04:56:36 3072 ----a-w- C:\Windows\System32\drivers\uk-UA\ataport.sys.mui
2017-12-20 04:56:36 2048 ----a-w- C:\Windows\System32\drivers\uk-UA\amdide.sys.mui
2017-12-20 04:56:33 48640 ----a-w- C:\Windows\System32\drivers\uk-UA\tcpip.sys.mui
2017-12-20 04:56:20 3072 ----a-w- C:\Windows\System32\drivers\uk-UA\hidbth.sys.mui
2017-12-20 04:56:19 7680 ----a-w- C:\Windows\System32\drivers\uk-UA\bthport.sys.mui
2017-12-20 04:56:19 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\BTHUSB.SYS.mui
2017-12-20 04:56:19 2048 ----a-w- C:\Windows\System32\drivers\uk-UA\bthenum.sys.mui
2017-12-20 04:54:29 -------- d-----w- C:\Windows\SysWow64\wbem\sk-SK
2017-12-20 04:54:29 -------- d-----w- C:\Windows\SysWow64\drivers\sk-SK
2017-12-20 04:54:29 -------- d-----w- C:\Windows\sk-SK
2017-12-20 04:54:22 -------- d-----w- C:\Windows\System32\wbem\sk-SK
2017-12-20 04:54:22 -------- d-----w- C:\Windows\System32\drivers\sk-SK
2017-12-20 04:49:05 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\serscan.sys.mui
2017-12-20 04:48:45 3584 ----a-w- C:\Windows\System32\drivers\sk-SK\portcls.sys.mui
2017-12-20 04:48:41 3072 ----a-w- C:\Windows\System32\drivers\sk-SK\ataport.sys.mui
2017-12-20 04:48:41 2048 ----a-w- C:\Windows\System32\drivers\sk-SK\amdide.sys.mui
2017-12-20 04:48:38 47616 ----a-w- C:\Windows\System32\drivers\sk-SK\tcpip.sys.mui
2017-12-20 04:48:36 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\scfilter.sys.mui
2017-12-20 04:48:24 3072 ----a-w- C:\Windows\System32\drivers\sk-SK\hidbth.sys.mui
2017-12-20 04:48:23 7680 ----a-w- C:\Windows\System32\drivers\sk-SK\bthport.sys.mui
2017-12-20 04:48:23 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\BTHUSB.SYS.mui
2017-12-20 04:48:23 2048 ----a-w- C:\Windows\System32\drivers\sk-SK\bthenum.sys.mui
2017-12-20 04:45:50 879104 ----a-w- C:\Windows\System32\tdh.dll
2017-12-20 04:45:50 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2017-12-20 04:44:56 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2017-12-20 04:44:56 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2017-12-20 04:44:55 286720 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll
2017-12-20 04:44:55 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2017-12-20 04:44:05 515584 ----a-w- C:\Windows\System32\timedate.cpl
2017-12-20 04:44:05 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2017-12-20 04:42:59 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2017-12-20 04:42:55 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2017-12-20 04:42:55 31232 ----a-w- C:\Windows\System32\prevhost.exe
2017-12-20 04:42:34 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2017-12-20 04:42:34 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2017-12-20 04:42:34 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2017-12-20 04:42:34 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2017-12-20 04:42:34 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2017-12-20 04:41:41 2104320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2017-12-20 04:41:40 353280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll
2017-12-20 04:41:40 275456 ----a-w- C:\Windows\System32\InkEd.dll
2017-12-20 04:41:40 274944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2017-12-20 04:41:40 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2017-12-20 04:41:40 18432 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2017-12-20 04:41:40 169984 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll
2017-12-20 04:41:40 16384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2017-12-20 04:41:40 1416192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2017-12-20 04:41:40 126464 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2017-12-20 04:30:21 396800 ----a-w- C:\Windows\System32\webio.dll
2017-12-20 04:30:21 316416 ----a-w- C:\Windows\SysWow64\webio.dll
2017-12-20 04:30:20 69888 ----a-w- C:\Windows\System32\drivers\stream.sys
2017-12-20 04:30:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2017-12-20 04:30:11 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2017-12-20 04:30:10 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2017-12-20 04:30:10 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2017-12-20 04:30:09 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2017-12-20 04:30:08 165888 ----a-w- C:\Windows\System32\charmap.exe
2017-12-20 04:30:08 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2017-12-20 03:18:11 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2017-12-20 03:18:11 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-12-20 02:20:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2017-12-20 02:20:24 5120 ----a-w- C:\Windows\System32\wmi.dll
2017-12-20 02:20:24 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2017-12-20 02:16:54 4296704 ----a-w- C:\Windows\System32\D3DCompiler_47.dll
2017-12-20 02:16:54 3550208 ----a-w- C:\Windows\SysWow64\D3DCompiler_47.dll
2017-12-20 02:11:13 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2017-12-20 02:11:13 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2017-12-20 02:11:13 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2017-12-20 02:11:13 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2017-12-20 02:11:12 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2017-12-20 02:11:12 8856 ----a-w- C:\Windows\System32\icardres.dll
2017-12-20 02:10:58 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2017-12-20 02:10:58 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2017-12-20 02:08:23 683520 ----a-w- C:\Windows\System32\termsrv.dll
2017-12-20 02:05:05 1743360 ----a-w- C:\Windows\System32\sysmain.dll
2017-12-20 02:05:03 2560 ----a-w- C:\Windows\System32\drivers\en-US\mountmgr.sys.mui
2017-12-20 02:04:39 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2017-12-20 02:04:39 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2017-12-20 02:04:27 328704 ----a-w- C:\Windows\System32\services.exe
2017-12-20 02:04:06 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2017-12-20 02:04:06 723968 ----a-w- C:\Windows\System32\EncDec.dll
2017-12-20 02:04:05 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2017-12-20 02:04:05 535040 ----a-w- C:\Windows\SysWow64\EncDec.dll
2017-12-20 02:02:55 455168 ----a-w- C:\Windows\System32\winlogon.exe
2017-12-20 02:02:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2017-12-20 02:02:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2017-12-20 02:02:54 235520 ----a-w- C:\Windows\System32\winsta.dll
2017-12-20 02:02:54 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2017-12-20 02:02:54 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2017-12-20 02:02:54 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2017-12-20 02:00:44 52736 ----a-w- C:\Windows\System32\basesrv.dll
2017-12-20 01:58:42 241152 ----a-w- C:\Windows\System32\pku2u.dll
2017-12-20 01:58:42 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2017-12-20 01:58:03 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2017-12-20 01:58:02 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2017-12-20 01:58:02 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2017-12-20 01:55:57 215552 ----a-w- C:\Windows\System32\ubpm.dll
2017-12-20 01:54:59 424448 ----a-w- C:\Windows\System32\rastls.dll
2017-12-20 01:52:29 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2017-12-20 01:39:18 1902776 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
2017-12-20 01:39:17 21160 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.en-us.dll
2017-12-20 01:35:13 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2017-12-20 01:35:13 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2017-12-20 01:35:13 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2017-12-20 01:35:12 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2017-12-20 01:35:12 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2017-12-19 03:05:58 -------- d-----w- C:\Users\User\AppData\Local\BMExplorer
2017-12-19 02:56:49 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2017-12-19 02:55:10 -------- d-----w- C:\Program Files (x86)\Common Files\QCA_Bluetooth
2017-12-19 02:45:23 -------- d-----w- C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-12-19 02:12:21 -------- d-----w- C:\Windows\SysWow64\NV
2017-12-19 02:12:21 -------- d-----w- C:\Windows\System32\NV
2017-12-19 02:04:46 269600 ----a-w- C:\Windows\SysWow64\vulkan-1.dll
2017-12-19 02:04:46 261920 ----a-w- C:\Windows\System32\vulkan-1.dll
2017-12-19 02:04:46 125216 ----a-w- C:\Windows\System32\vulkaninfo.exe
2017-12-19 02:04:46 110880 ----a-w- C:\Windows\SysWow64\vulkaninfo.exe
2017-12-19 02:04:46 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-12-19 02:04:19 1951 ----a-w- C:\Windows\NvContainerRecovery.bat
2017-12-19 01:56:56 -------- d-----w- C:\Users\User\AppData\Roaming\IDM
2017-12-19 01:56:56 -------- d-----w- C:\ProgramData\IDM
2017-12-19 01:56:55 -------- d-----w- C:\Users\User\AppData\Roaming\DMCache
2017-12-19 01:56:50 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2017-12-19 01:54:47 -------- d-----w- C:\Windows\System32\SPReview
2017-12-19 01:54:20 -------- d-----w- C:\Windows\System32\EventProviders
2017-12-19 01:49:03 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2017-12-19 01:46:56 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2017-12-19 01:45:28 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2017-12-19 01:09:13 -------- d-----w- C:\Users\User\AppData\Local\Adobe
2017-12-16 09:14:25 -------- d-----w- C:\Games
2017-12-16 09:14:24 -------- d-----w- C:\Users\User\AppData\Local\Skyrim
2017-12-16 00:57:16 226024 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2017-12-15 09:58:39 -------- d-----w- C:\Program Files\Windows KMS Activator Ultimate 2017 v3.5
2017-12-15 09:57:51 90112 ----a-w- C:\Windows\System32\Vestris.ResourceLib.dll
2017-12-15 09:57:51 -------- d-----w- C:\Program Files\KMSpico
2017-12-14 01:50:20 -------- d-----w- C:\searchplugins
2017-12-14 01:48:04 -------- d-----w- C:\Users\User\AppData\Roaming\uTorrent
2017-12-14 01:14:35 13899592 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{456C30D9-281E-4739-882A-EA5A247243AA}\mpengine.dll
2017-12-14 01:14:15 -------- d-----w- C:\Windows\Migration
2017-12-14 01:11:55 -------- d-----w- C:\Windows\System32\MRT
2017-12-14 01:11:41 133326408 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2017-12-14 01:10:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2017-12-14 01:10:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2017-12-14 01:10:34 304128 ----a-w- C:\Windows\System32\EOSNotify.exe
2017-12-14 01:08:09 -------- d-----w- C:\Users\User\AppData\Local\Mozilla
2017-12-13 21:37:07 -------- d-----w- C:\Program Files (x86)\Foxit Software
2017-12-13 21:36:21 -------- d-----w- C:\Windows\System32\appmgmt
2017-12-13 21:35:15 -------- d-----w- C:\Program Files (x86)\CCleaner
2017-12-13 13:58:57 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2017-12-13 01:02:58 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2017-12-13 01:02:57 -------- d-----r- C:\Users\User\OneDrive
2017-12-13 01:02:42 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-12-13 00:52:28 5264040 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-12-13 00:45:44 -------- d-----w- C:\ProgramData\AutoKMS
2017-12-07 15:41:32 585384 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-12-07 15:40:48 31400 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-12-07 15:29:36 257704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
==================== Find3M ====================
.
2017-12-22 23:29:31 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-12-22 23:29:31 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-12-22 23:29:13 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2017-12-22 23:29:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2017-12-22 23:29:13 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2017-12-22 23:29:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2017-12-21 10:08:53 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2017-12-19 02:20:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2017-12-19 02:20:11 175616 ----a-w- C:\Windows\System32\msclmd.dll
2017-12-03 15:50:26 83792 ----a-w- C:\Windows\SysWow64\vcruntime140.dll
2017-12-03 15:50:26 440128 ----a-w- C:\Windows\SysWow64\msvcp140.dll
2017-12-03 15:50:26 263856 ----a-w- C:\Windows\SysWow64\vccorlib140.dll
2017-12-03 15:50:24 242496 ----a-w- C:\Windows\SysWow64\concrt140.dll
2017-12-03 15:38:38 87728 ----a-w- C:\Windows\System32\vcruntime140.dll
2017-12-03 15:38:38 641696 ----a-w- C:\Windows\System32\msvcp140.dll
2017-12-03 15:38:38 389296 ----a-w- C:\Windows\System32\vccorlib140.dll
2017-12-03 15:38:38 331432 ----a-w- C:\Windows\System32\concrt140.dll
2017-11-29 01:11:26 77432 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2017-11-17 04:23:29 3222528 ----a-w- C:\Windows\System32\win32k.sys
2017-11-14 03:43:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-11-14 03:43:17 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-11-14 03:31:40 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-11-14 03:31:03 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-11-14 03:30:59 417792 ----a-w- C:\Windows\System32\html.iec
2017-11-14 03:30:50 577024 ----a-w- C:\Windows\System32\vbscript.dll
2017-11-14 03:30:34 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-11-14 03:25:02 5925888 ----a-w- C:\Windows\System32\jscript9.dll
2017-11-14 03:20:46 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-11-14 03:20:46 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-11-14 03:20:26 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-11-14 03:15:06 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-11-14 0339 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-11-14 0322 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-11-14 02:47:01 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-11-14 02:46:49 2134528 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-11-14 02:39:43 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-11-14 00:32:49 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-11-14 00:31:16 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-11-07 20:56:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-11-07 20:46:44 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-11-07 20:46:17 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-11-07 20:46:10 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-11-07 20:38:59 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-11-07 20:38:45 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-11-07 20:29:15 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-11-07 20:28:59 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-11-07 20:27:15 4509696 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-11-07 20:17:43 2058752 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-11-07 20:17:24 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-11-07 20:04:46 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-11-07 16:31:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2017-11-07 16:13:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2017-11-04 15:31:02 194048 ----a-w- C:\Windows\System32\itircl.dll
2017-11-04 15:31:02 170496 ----a-w- C:\Windows\System32\itss.dll
2017-11-04 15:10:55 158720 ----a-w- C:\Windows\SysWow64\itircl.dll
2017-11-04 15:10:55 142336 ----a-w- C:\Windows\SysWow64\itss.dll
2017-11-02 16:55:42 138240 ----a-w- C:\Windows\System32\rtm.dll
2017-11-02 16:55:36 97792 ----a-w- C:\Windows\System32\mprdim.dll
2017-11-02 16:55:34 9728 ----a-w- C:\Windows\System32\iprtprio.dll
2017-11-02 16:55:34 281600 ----a-w- C:\Windows\System32\iprtrmgr.dll
2017-11-02 15:11:36 115200 ----a-w- C:\Windows\SysWow64\rtm.dll
2017-11-02 15:11:29 75264 ----a-w- C:\Windows\SysWow64\mprdim.dll
2017-11-02 15:11:26 271360 ----a-w- C:\Windows\SysWow64\iprtrmgr.dll
2017-11-02 14:56:56 8192 ----a-w- C:\Windows\SysWow64\iprtprio.dll
2017-10-18 0257 344064 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2017-10-18 0246 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2017-10-18 0240 56320 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2017-10-18 0240 327168 ----a-w- C:\Windows\System32\drivers\usbport.sys
2017-10-18 0239 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2017-10-18 0237 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2017-10-18 0235 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2017-10-16 23:07:21 1680616 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2017-10-16 23:04:40 1001984 ----a-w- C:\Windows\System32\gpedit.dll
2017-10-16 22:46:34 953344 ----a-w- C:\Windows\SysWow64\gpedit.dll
2017-10-16 21:55:15 339968 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2017-10-12 00:58:25 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-10-12 00:40:31 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-10-12 00:39:11 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-10-12 00:38:44 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-10-12 00:38:15 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-10-12 00:26:21 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-10-12 00:26:07 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-10-12 00:25:47 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-10-12 00:25:28 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2017-10-12 00:24:37 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2017-10-12 00:20:30 317440 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2017-10-12 00:20:09 113152 ----a-w- C:\Windows\System32\drivers\luafv.sys
2017-10-12 00:16:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 15:28:09.79 ===============
Attached Files
File Type: txt attach.txt (29.8 KB, 20 views)
mytonpadi is offline  
Sponsored Links
Advertisement
 
Old 01-05-2018, 09:09 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You are running a pirated copy of Windows, and Office, just like you posted in your previous thread over 3 years ago here.

Some crack users just never learn.

As you should have read in our pre-posting thread:

IMPORTANT - Read This Before Posting For Malware Removal Help

*It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.

This thread shall now be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD 0x116 and 0x119
Hi and thanks for this great site. I have been having BSODs that seem to relate to video card errors, usually with the above codes 0x116 and 0x119. Admittedly, I have been overclocking but its a very mild overclock and I'm now back to stock. In the past, the overclock worked 24/7, temps are...
Stumpy70 BSOD, App Crashes And Hangs 4 06-19-2013 08:03 AM
Rootkit TR/Sirefef.BP.1 and Rootkit.Gen2
Hi Everybody, I have this issue with my computer: Rootkit TR/Sirefef.BP.1 and Rootkit.Gen2 have been detected by Antivir and, though removed, reappear at the PC reboot. Avira RealTime Protection keeps sending alerts, detecting unspecified viruses with access denied. Several of the directories...
beppe1968 Resolved HJT Threads 81 03-15-2012 11:19 AM
ok hopefully Idid this right
wondering if you guys can help me with the problems I have with my present pc. about 3 hrs after i installed WoW it i had my first bsod, yet it was not the only program that has caused a BSOD (j-player, silverlight, rift, and most recently SWTOR) and it has gotten to the point where I can use...
cuke BSOD, App Crashes And Hangs 7 01-01-2012 04:31 PM
BSOD Vista Hall.dll
For About the last month my computer had been giving me BSOD. Mainly caused by the Hall.Dll as you can see in the screenshot of the BlueScreenViewer, I also included all the files as instructed in ''jcgriff2 BSOD Posting Instructions Windows 7 - Vista''. I hope someone can help me! Greetz.
LobeMusic BSOD, App Crashes And Hangs 3 08-25-2011 07:49 AM
[SOLVED] BSOD -- NETIO.SYS
I've been having these bluescreens for a little while now, and after numerous attempts at seeing if solutions for cases similar to mine would fix it, it keeps coming back. So, now I'm here. Anyway, here's the requested info: OS: Windows 7 32-bit The original OS was WinXP WinXP was OEM, the...
mackncheesiest BSOD, App Crashes And Hangs 4 06-04-2011 06:35 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:33 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts