Tech Support Forum banner
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
I have run Malwarebytes, Windows Defender & Kaspersky rescue disk. All say the PC is clean! When I run an older version of Emsisoft emergency kit it finds 24 pieces of malware, 12 of which it quarantines , the remaining 12 it can't do anything with. I was able to change the permissions on the individual files from Trusted Installer to administrator and successfully deleted the files! I have blown away the SSD removed all the partitions, wiped them again, wrote zeros to all sectors, then formatted and installed windows 10 from a write protected usb drive. I did this without an internet connection so I could just install windows as a local user. Ran all my scans again and everything showed clean! Once I connected to the internet and updated windows the PC appeared to be running fine but a new scan with Emsisoft emergency kit from 2015 revealed all the malware to be back! Gen.Variant. Barys, Gen variant Strictor, and Gen.Trojan.Heur.Fu are some of the nastiness infecting this machine. I did run an Eset on line scan but it too did not find anything. Tried to run an Eset rescue disk but it will not run on this PC but runs fine on my laptop. Seems like that is being blocked somehow. Don't know where to turn next
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #3 ·
Hi, didn’t expect such a quick response. I need to reinstall windows on the infected machine so it will be awhile. We are also going out to dinner (Mother’s Day) so more than likely I will send the reports tomorrow afternoon. Thanks for your quick response to our problem. Believe me it is very much appreciated.



Regards, Tmac505
 

·
Moderator , Security Team
Joined
·
1,999 Posts
If you're re-installing Windows then there is absolutely no point in posting a set of FRST logs, since they won't show anything of value.

In any case, a clean re-install of Windows will have removed any infection present on the machine.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #5 · (Edited by Moderator)
I agree with Gary that wiping the hard drive should eliminate the malware but in this case I am not sure. I have a brand new, out of the box SSD, that I have installed windows on from a write protected usb drive made on a clean computer. I have not installed anything else yet just FRST 64. I have done the scans with it and attached the files . Please tell me it looks clear, with no infection present. Sorry it took awhile to get this to you. Fingers crossed. Thanks for your help

Tmac

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2022
Ran by SportsKing (administrator) on DESKTOP-5PTMDH9 (09-05-2022 15:18:49)
Running from C:\Users\SportsKing\Desktop
Loaded Profiles: SportsKing
Platform: Microsoft Windows 10 Home Version 21H2 19044.1682 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1677_none_7dfadea07c9b7349\TiWorker.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F160C92-3055-45D1-9B9C-199B986296BC} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{65fa2d9b-b1ec-4b8e-8f8e-50841235d562}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\SportsKing\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-05-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-05-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 MpKsl17d149f0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9F4CBB4-0BCA-4F18-9ADA-94F0D1426C35}\MpKslDrv.sys [137464 2022-05-09] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2022-05-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [443664 2022-05-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-05-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-09 18:32 - 2022-05-09 17:33 - 000000000 ____D C:\Windows\Panther
2022-05-09 17:44 - 2022-05-09 15:18 - 000000000 ____D C:\FRST
2022-05-09 17:42 - 2022-05-09 14:21 - 002366976 _ (Farbar) C:\Users\SportsKing\Desktop\FRST64.exe
2022-05-09 17:41 - 2022-05-09 15:18 - 000795738 _ C:\Windows\system32\PerfStringBackup.INI
2022-05-09 17:37 - 2022-05-09 17:37 - 000000000 ___RD C:\Users\SportsKing\OneDrive
2022-05-09 17:37 - 2022-05-09 15:00 - 000003388 _ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3903313097-884693474-3297602483-1001
2022-05-09 17:36 - 2022-05-09 17:36 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-05-09 17:35 - 2022-05-09 17:37 - 000000000 ____D C:\Users\SportsKing
2022-05-09 17:35 - 2022-05-09 17:35 - 000000020 ___SH C:\Users\SportsKing\ntuser.ini
2022-05-09 17:35 - 2022-05-09 17:35 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-05-09 17:35 - 2022-05-09 17:35 - 000000000 ___RD C:\Users\SportsKing\3D Objects
2022-05-09 17:35 - 2022-05-09 17:35 - 000000000 ____D C:\Users\SportsKing\AppData\Roaming\Adobe
2022-05-09 17:35 - 2022-05-09 17:35 - 000000000 ____D C:\Users\SportsKing\AppData\Local\VirtualStore
2022-05-09 17:35 - 2022-05-09 17:35 - 000000000 ____D C:\Users\SportsKing\AppData\Local\Publishers
2022-05-09 17:35 - 2022-05-09 17:35 - 000000000 ____D C:\Users\SportsKing\AppData\Local\ConnectedDevicesPlatform
2022-05-09 17:35 - 2022-05-09 15:00 - 000002378 _ C:\Users\SportsKing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-05-09 17:35 - 2022-05-09 14:51 - 000000000 ____D C:\Users\SportsKing\AppData\Local\Packages
2022-05-09 17:35 - 2022-05-09 14:51 - 000000000 ____D C:\ProgramData\Packages
2022-05-09 17:34 - 2022-05-09 17:34 - 000000000 _SHDL C:\Documents and Settings
2022-05-09 17:33 - 2022-05-09 17:33 - 000003480 _ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-05-09 17:33 - 2022-05-09 17:33 - 000003356 _ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-05-09 17:33 - 2022-05-09 17:33 - 000002438 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-05-09 17:33 - 2022-05-09 17:33 - 000002276 _ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-05-09 17:33 - 2022-05-09 17:33 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-05-09 17:33 - 2022-05-09 17:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-05-09 17:33 - 2022-05-09 17:33 - 000000000 ____D C:\Windows\ServiceProfiles
2022-05-09 17:33 - 2022-05-09 15:12 - 000008192 ___SH C:\DumpStack.log.tmp
2022-05-09 17:33 - 2022-05-09 15:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-05-09 17:33 - 2022-05-09 15:09 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-05-09 17:33 - 2022-05-09 14:59 - 000257824 _ C:\Windows\system32\FNTCACHE.DAT
2022-05-09 15:18 - 2022-05-09 15:19 - 000005704 _ C:\Users\SportsKing\Desktop\FRST.txt
2022-05-09 15:15 - 2022-05-09 15:15 - 000000477 _ C:\Users\SportsKing\Desktop\System - Shortcut.lnk
2022-05-09 15:03 - 2022-05-09 15:03 - 000288768 _ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-05-09 15:03 - 2022-05-09 15:03 - 000093696 _ C:\Windows\system32\Drivers\cimfs.sys
2022-05-09 15:03 - 2022-05-09 15:03 - 000011821 _ C:\Windows\system32\DrtmAuthTxt.wim
2022-05-09 15:00 - 2022-05-09 15:00 - 000003840 _ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2022-05-09 15:00 - 2022-05-09 15:00 - 000003588 _ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3903313097-884693474-3297602483-1001
2022-05-09 15:00 - 2022-05-09 15:00 - 000000000 ___HD C:\$WinREAgent
2022-05-09 14:58 - 2022-05-09 14:58 - 000000000 ____D C:\Windows\SystemTemp
2022-05-09 14:56 - 2022-05-09 14:56 - 002254336 _ C:\Windows\system32\dwmscene.dll
2022-05-09 14:56 - 2022-05-09 14:56 - 000523776 _ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-05-09 14:56 - 2022-05-09 14:56 - 000464384 _ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-05-09 14:56 - 2022-05-09 14:56 - 000223744 _ C:\Windows\SysWOW64\TpmTool.exe
2022-05-09 14:56 - 2022-05-09 14:56 - 000060928 _ C:\Windows\system32\runexehelper.exe
2022-05-09 14:56 - 2022-05-09 14:56 - 000048640 _ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-05-09 14:56 - 2022-05-09 14:56 - 000039936 _ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2022-05-09 14:55 - 2022-05-09 14:55 - 002260992 _ C:\Windows\system32\TextInputMethodFormatter.dll
2022-05-09 14:55 - 2022-05-09 14:55 - 000272896 _ C:\Windows\system32\TpmTool.exe
2022-05-09 14:55 - 2022-05-09 14:55 - 000162816 _ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-05-09 14:52 - 2022-05-09 14:52 - 000001146 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-05-09 14:52 - 2022-05-09 14:52 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-05-09 14:52 - 2022-05-09 14:52 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-05-09 14:50 - 2022-05-09 14:52 - 000000000 ____D C:\Windows\system32\MRT
2022-05-09 14:48 - 2022-05-09 15:12 - 000000000 ____D C:\ProgramData\NVIDIA
2022-05-09 14:48 - 2022-05-09 14:48 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2022-05-09 14:48 - 2022-05-09 14:48 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-05-09 14:48 - 2022-05-09 14:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-05-09 14:48 - 2020-10-07 16:36 - 001769688 _ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-05-09 14:48 - 2020-10-07 16:36 - 001769688 _ C:\Windows\system32\vulkaninfo.exe
2022-05-09 14:48 - 2020-10-07 16:36 - 001370328 _ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-05-09 14:48 - 2020-10-07 16:36 - 001370328 _ C:\Windows\SysWOW64\vulkaninfo.exe
2022-05-09 14:48 - 2020-10-07 16:36 - 001054936 _ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-05-09 14:48 - 2020-10-07 16:36 - 001054936 _ C:\Windows\system32\vulkan-1.dll
2022-05-09 14:48 - 2020-10-07 16:36 - 000917720 _ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-05-09 14:48 - 2020-10-07 16:36 - 000917720 _ C:\Windows\SysWOW64\vulkan-1.dll
2022-05-09 14:48 - 2020-10-07 16:36 - 000455408 _ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-05-09 14:48 - 2020-10-07 16:36 - 000351128 _ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-05-09 14:48 - 2020-10-07 16:34 - 001023216 _ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-05-09 14:48 - 2020-10-07 16:34 - 000816368 _ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2022-05-09 14:48 - 2020-10-07 16:34 - 000673520 _ C:\Windows\system32\nvofapi64.dll
2022-05-09 14:48 - 2020-10-07 16:34 - 000670616 _ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2022-05-09 14:48 - 2020-10-07 16:34 - 000555248 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2022-05-09 14:48 - 2020-10-07 16:34 - 000543128 _ C:\Windows\SysWOW64\nvofapi.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 007707544 _ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 006860184 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 004174064 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 002508528 _ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 002098072 _ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 001585560 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 001507224 _ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 001161112 _ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 000813464 _ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 000657304 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-05-09 14:48 - 2020-10-07 16:33 - 000589208 _ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-05-09 14:48 - 2020-10-07 16:33 - 000445848 _ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-05-09 14:48 - 2020-10-07 16:33 - 000230720 _ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-05-09 14:48 - 2020-10-07 16:33 - 000047232 _ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-05-09 14:48 - 2020-10-07 16:32 - 005519600 _ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-05-09 14:48 - 2020-10-07 16:32 - 000849648 _ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-05-09 14:48 - 2020-10-07 16:29 - 007001536 _ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-05-09 14:48 - 2020-10-07 16:29 - 005972824 _ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-05-09 14:48 - 2020-10-07 16:11 - 000080930 _ C:\Windows\system32\nvinfo.pb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-09 18:32 - 2019-12-07 05:14 - 000028672 _ C:\Windows\system32\config\BCD-Template
2022-05-09 17:38 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-05-09 17:36 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-05-09 17:36 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\spool
2022-05-09 17:35 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-05-09 17:33 - 2019-12-07 05:03 - 000032768 _ C:\Windows\system32\config\ELAM
2022-05-09 15:18 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2022-05-09 15:12 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-05-09 15:12 - 2019-12-07 05:03 - 000262144 _ C:\Windows\system32\config\BBI
2022-05-09 15:09 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-05-09 15:09 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2022-05-09 15:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2022-05-09 15:05 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-05-09 15:05 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-05-09 15:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2022-05-09 15:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-05-09 15:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2022-05-09 14:58 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-05-09 14:58 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing
2022-05-09 14:51 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-05-09 14:51 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-05-09 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Attachments

1 - 7 of 7 Posts
Status
Not open for further replies.
Top