Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2020
Ran by Administrator (administrator) on NETMON (Dell Inc. OptiPlex 755) (25-02-2020 15:31:28)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows Server 2008 R2 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Apache Software Foundation) [File not signed] D:\xampp\apache\bin\httpd.exe
(Apache Software Foundation) [File not signed] D:\xampp\apache\bin\httpd.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-3998977143-2418715955-457950580-500\...\MountPoints2: {07f0a36c-a4c0-11e6-8c7b-001e4fbe1867} - G:\SISetup.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-23] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2011-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2011-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\SysWOW64\iesetup.dll [2011-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\SysWOW64\iesetup.dll [2011-12-07] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Notification Packages] scecli rassfm
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [152064 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [252416 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {7DB4756D-BE06-4ACF-A0C3-78BCC9CEB998} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-28] (Google Inc -> Google Inc.)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [39424 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [252416 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {FA1DE0F8-D61C-4529-818F-DE45934E87BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-28] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.193 8.8.8.8
Tcpip\..\Interfaces\{8141C687-539D-4F28-A0DC-065B7D642930}: [DhcpNameServer] 192.168.88.193 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-3998977143-2418715955-457950580-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3998977143-2418715955-457950580-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF DefaultProfile: d4yshoyg.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\d4yshoyg.default [2020-02-25]
Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2020-02-24]
CHR Extension: (Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-28]
CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-28]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-28]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-02-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-30]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-17]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apache2.2; D:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation) [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126520 2011-05-11] (Hewlett-Packard Company -> HP)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-02-24] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16647736 2020-02-24] (Adlice -> )
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-02-24] (Malwarebytes Corporation -> Malwarebytes)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-11] (Microsoft Windows -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-02-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [226448 2020-02-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-02-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-02-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [109168 2020-02-25] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation -> Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation -> Microsoft Corporation)
S3 RkFlt; C:\Windows\System32\drivers\rkflt.sys [40800 2020-02-25] (Adlice -> )
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2020-02-25] (Adlice -> )
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation -> Oracle Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-02-25 15:31 - 2020-02-25 15:32 - 000011661 _____ C:\Users\Administrator\Desktop\FRST.txt
2020-02-25 15:31 - 2020-02-25 15:31 - 000000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2020-02-25 15:30 - 2020-02-25 15:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2
2020-02-25 13:12 - 2020-02-25 14:47 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
2020-02-25 12:39 - 2020-02-25 12:39 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\IGDump
2020-02-25 12:37 - 2020-02-25 14:47 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-02-25 12:37 - 2020-02-25 12:37 - 000226448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-02-25 12:37 - 2020-02-25 12:37 - 000109168 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-02-25 12:36 - 2020-02-25 14:47 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-02-25 12:36 - 2020-02-25 12:36 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-02-25 12:15 - 2020-02-25 14:47 - 000040800 _____ C:\Windows\system32\Drivers\rkflt.sys
2020-02-25 12:14 - 2020-02-25 12:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\is-B79JA.tmp
2020-02-25 12:14 - 2020-02-25 12:14 - 047658504 _____ (Adlice Software ) C:\Users\Administrator\AppData\Local\Temp\as_3F23.tmp.exe
2020-02-25 12:14 - 2020-02-25 12:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\as_3F23.tmp
2020-02-25 12:13 - 2020-02-25 12:15 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-02-25 12:13 - 2020-02-25 12:15 - 000000858 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2020-02-25 12:12 - 2020-02-25 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-02-25 12:12 - 2020-02-25 12:15 - 000000000 ____D C:\Program Files\RogueKiller
2020-02-25 12:12 - 2020-02-25 12:13 - 000000000 ____D C:\ProgramData\RogueKiller
2020-02-25 12:12 - 2020-02-24 17:43 - 047641808 _____ (Adlice Software ) C:\Users\Administrator\Desktop\RogueKiller_setup.exe
2020-02-25 10:26 - 2020-02-25 10:26 - 000285536 _____ C:\Windows\Minidump\022520-12994-01.dmp
2020-02-25 09:37 - 2020-02-25 12:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2020-02-24 16:52 - 2020-02-24 16:52 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-02-24 16:52 - 2020-02-24 16:52 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-02-24 16:52 - 2020-02-24 16:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\mbam
2020-02-24 16:52 - 2020-02-24 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-02-24 16:51 - 2020-02-24 16:52 - 000000000 ____D C:\AdwCleaner
2020-02-24 16:51 - 2020-02-24 16:51 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-02-24 16:51 - 2020-02-24 16:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-02-24 16:51 - 2020-02-24 16:47 - 008356016 _____ (Malwarebytes) C:\Users\Administrator\Desktop\AdwCleaner.exe
2020-02-24 16:50 - 2020-02-24 16:44 - 001924728 _____ (Malwarebytes) C:\Users\Administrator\Desktop\MBSetup.exe
2020-02-24 16:49 - 2020-02-24 16:50 - 000041723 _____ C:\Users\Administrator\AppData\Local\Temp\Uninstall Log 2020-02-24 #001.txt
2020-02-24 14:56 - 2020-02-25 15:31 - 002279424 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2020-02-24 14:56 - 2020-02-25 15:31 - 000000000 ____D C:\FRST
2020-02-24 14:06 - 2020-02-24 17:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-02-24 14:03 - 2020-02-24 14:03 - 005197739 _____ C:\Users\Administrator\AppData\Local\Temp\tmpaddon-b5e787
2020-02-24 14:03 - 2020-02-24 14:03 - 000491261 _____ C:\Users\Administrator\AppData\Local\Temp\tmpaddon
2020-02-24 14:01 - 2020-02-24 14:01 - 000000000 ____D C:\ProgramData\Mozilla
2020-02-24 11:41 - 2020-02-24 11:37 - 001445888 _____ (Option^Explicit Software Solutions) C:\Users\Administrator\Desktop\WinsockxpFix.exe
2020-02-21 17:46 - 2020-02-21 17:46 - 000001447 _____ C:\Users\azeem.amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-02-21 17:46 - 2020-02-21 17:46 - 000001413 _____ C:\Users\azeem.amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2020-02-21 17:34 - 2020-02-21 17:34 - 000000000 ____D C:\Users\Administrator\Desktop\Malwarebytes Premium 3.7.1.2839 + keygen - Crackingpatching
2020-02-21 17:34 - 2020-02-21 17:34 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Obsidium
2020-02-21 17:34 - 2020-02-21 17:34 - 000000000 ____D C:\Program Files\Malwarebytes
2020-02-21 17:20 - 2020-02-21 17:27 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2020-02-21 17:20 - 2020-02-21 17:20 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2020-02-21 17:19 - 2020-02-21 17:13 - 065980814 _____ C:\Users\Administrator\Desktop\Malwarebytes Anti-Malware Premium 3.8.3.2965 Repack [4REALTORRENTZ.COM].zip
2020-02-20 11:53 - 2020-02-20 11:53 - 000290528 _____ C:\Windows\Minidump\022020-12807-01.dmp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-02-25 14:54 - 2009-07-14 09:49 - 000020944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-02-25 14:54 - 2009-07-14 09:49 - 000020944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-02-25 14:46 - 2009-07-14 10:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-25 12:19 - 2016-10-28 14:09 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2020-02-25 10:26 - 2018-09-11 19:20 - 216915650 _____ C:\Windows\MEMORY.DMP
2020-02-25 10:26 - 2018-09-11 19:20 - 000000000 ____D C:\Windows\Minidump
2020-02-25 10:13 - 2017-03-28 11:09 - 000000000 ____D C:\Users\Administrator\.VirtualBox
2020-02-24 18:10 - 2009-07-14 08:20 - 000000000 ____D C:\Windows\rescache
2020-02-24 17:45 - 2016-10-25 12:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-02-24 14:08 - 2009-07-14 08:20 - 000000000 ____D C:\Windows\inf
2020-02-24 14:06 - 2009-07-14 10:07 - 000000000 ____D C:\Windows\system32\ServerManager
2020-02-24 14:01 - 2016-10-28 14:09 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2020-02-24 13:08 - 2017-06-17 08:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\msdtadmin
2020-02-24 13:08 - 2009-07-14 08:20 - 000000000 ____D C:\Windows\system32\NDF
2020-02-24 11:25 - 2016-10-19 13:58 - 000002154 ____H C:\Users\Administrator\Documents\Default.rdp
2020-02-24 10:39 - 2016-10-20 01:48 - 000000000 ____D C:\Users\Administrator
2020-02-22 09:58 - 2016-10-19 15:14 - 000002958 __RSH C:\ProgramData\ntuser.pol
2020-02-22 09:57 - 2016-10-19 13:58 - 000000128 _____ C:\Windows\system32\config\netlogon.ftl
2020-02-21 17:46 - 2016-11-24 16:55 - 000000000 ____D C:\Users\azeem.amir
2020-02-17 15:08 - 2018-09-13 10:55 - 000000000 ____D C:\Program Files (x86)\HostMonitor
2020-02-05 09:43 - 2016-10-28 14:14 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-05 09:43 - 2016-10-28 14:14 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories ========
2016-10-20 15:00 - 2016-10-20 15:00 - 000589506 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI00AE.txt
2016-10-20 15:00 - 2016-10-20 15:00 - 000016126 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI00AE.txt
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-02-17 00:14
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2020
Ran by Administrator (25-02-2020 15:32:58)
Running from C:\Users\Administrator\Desktop
Windows Server 2008 R2 Enterprise Service Pack 1 (X64) (2016-10-19 20:47:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3998977143-2418715955-457950580-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3998977143-2418715955-457950580-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Advanced Host Monitor 10 (HKLM-x32\...\HostMonitor 10) (Version: - )
AstroGrep (HKLM-x32\...\AstroGrep) (Version: 4.4.5 - AstroComma, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.5 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50501 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 74.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 74.0 (x86 en-US)) (Version: 74.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 74.0.0.7356 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.1 - Notepad++ Team)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Update 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation)
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
RogueKiller version 14.2.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.2.1.0 - Adlice Software)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XAMPP 1.7.7 (HKLM-x32\...\xampp) (Version: - )
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2012-03-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2012-03-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2012-03-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-07-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:CIMV2\__TimerInstruction->__AStagingTimer::
WMI:CIMV2\__TimerInstruction->__IStagingTimer::
WMI:CIMV2\__AbsoluteTimerInstruction->__AStagingTimer::
WMI:CIMV2\__IntervalTimerInstruction->__IStagingTimer::
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__FilterToConsumerBinding->ActiveScriptEventConsumer.Name=\"__StagingConsumer\"",Filter="__EventFilter.Name=\"__StagingFilter\"::
WMI:subscription\__FilterToConsumerBinding->ActiveScriptEventConsumer.Name=\"__StagingConsumer\"",Filter="__EventFilter.Name=\"__StartupFilter\"::
WMI:subscription\__TimerInstruction->__atimer1::
WMI:subscription\__TimerInstruction->__itimer1::
WMI:subscription\__AbsoluteTimerInstruction->__atimer1::
WMI:subscription\__IntervalTimerInstruction->__itimer1::
WMI:subscription\__EventFilter->__StartupFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System' AND TargetInstance.SystemUpTime >= 200 AND TargetInstance.SystemUpTime < 320]
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\__EventFilter->__StagingFilter::[Query => SELECT * FROM __TimerEvent WHERE TimerID = '__IStagingTimer' OR TimerID = '__AStagingTimer']
WMI:subscription\ActiveScriptEventConsumer->__StagingConsumer::[ScriptText => function s(e){var t=new ActiveXObject("ADODB.Stream");t.Type=1,t.Open(),t.Write(e),t.Position=0,t.Type=2,t.CharSet="UTF-16LE";var n=t.ReadText(),r=[];for(var I=0;I<n.length;I++){var s=n.charCodeAt(I);r.push(s&255),r.push(s>>8&255)}return r}function o(e){var e=s(e),t=e.slice(0,32),n=e.slice(32),r=""; (the data entry has 907 more characters).]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2011-09-10 14:31 - 2011-09-10 14:31 - 000133120 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\bin\libapr-1.dll
2011-09-10 14:31 - 2011-09-10 14:31 - 000027136 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\bin\libapriconv-1.dll
2011-09-10 14:32 - 2011-09-10 14:32 - 000179712 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\bin\libaprutil-1.dll
2011-09-10 14:34 - 2011-09-10 14:34 - 000266752 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\bin\libhttpd.dll
2011-09-10 14:45 - 2011-09-10 14:45 - 000011264 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_actions.so
2011-09-10 14:45 - 2011-09-10 14:45 - 000014336 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_alias.so
2011-09-10 14:45 - 2011-09-10 14:45 - 000011264 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_asis.so
2011-09-10 14:34 - 2011-09-10 14:34 - 000012288 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_auth_basic.so
2011-09-10 14:45 - 2011-09-10 14:45 - 000025600 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_auth_digest.so
2011-09-10 14:44 - 2011-09-10 14:44 - 000009728 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_authn_default.so
2011-09-10 14:44 - 2011-09-10 14:44 - 000011264 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_authn_file.so
2011-09-10 14:44 - 2011-09-10 14:44 - 000009728 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_authz_default.so
2011-09-10 14:44 - 2011-09-10 14:44 - 000012800 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_authz_groupfile.so
2011-09-10 14:44 - 2011-09-10 14:44 - 000011776 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_authz_host.so
2011-09-10 14:43 - 2011-09-10 14:43 - 000010752 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_authz_user.so
2011-09-10 14:43 - 2011-09-10 14:43 - 000029184 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_autoindex.so
2011-09-10 14:42 - 2011-09-10 14:42 - 000019968 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_cgi.so
2011-09-10 14:35 - 2011-09-10 14:35 - 000072192 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_dav.so
2011-09-10 14:42 - 2011-09-10 14:42 - 000016896 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_dav_lock.so
2011-09-10 14:50 - 2011-09-10 14:50 - 000011776 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_dir.so
2011-09-10 14:41 - 2011-09-10 14:41 - 000010752 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_env.so
2011-09-10 14:40 - 2011-09-10 14:40 - 000016384 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_headers.so
2011-09-10 14:40 - 2011-09-10 14:40 - 000035840 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_include.so
2011-09-10 14:40 - 2011-09-10 14:40 - 000019456 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_info.so
2011-09-10 14:40 - 2011-09-10 14:40 - 000024064 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_isapi.so
2011-09-10 14:39 - 2011-09-10 14:39 - 000020992 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_log_config.so
2011-09-10 14:39 - 2011-09-10 14:39 - 000016896 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_mime.so
2011-09-10 14:39 - 2011-09-10 14:39 - 000028160 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_negotiation.so
2011-09-10 14:38 - 2011-09-10 14:38 - 000059904 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_proxy.so
2011-09-10 14:38 - 2011-09-10 14:38 - 000029184 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_proxy_ajp.so
2011-09-10 14:41 - 2011-09-10 14:41 - 000048640 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_rewrite.so
2011-09-10 14:42 - 2011-09-10 14:42 - 000013312 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_setenvif.so
2011-09-10 14:52 - 2011-09-10 14:52 - 000117248 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_ssl.so
2011-09-10 14:45 - 2011-09-10 14:45 - 000019456 _____ (Apache Software Foundation) [File not signed] D:\xampp\apache\modules\mod_status.so
2011-09-10 14:10 - 2011-09-10 14:10 - 001098240 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\xampp\apache\bin\LIBEAY32.dll
2011-09-10 14:12 - 2011-09-10 14:12 - 000237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\xampp\apache\bin\SSLEAY32.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000060928 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_bz2.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000044544 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_exif.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 001057280 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_gd2.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000039936 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_gettext.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000818688 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_imap.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 002062336 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_mbstring.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000035328 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_mysql.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000088064 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_mysqli.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000022528 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_pdo_mysql.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000022016 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_pdo_odbc.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000514560 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_pdo_sqlite.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000251904 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_soap.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000034304 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_sockets.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000246272 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_sqlite.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000526848 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_sqlite3.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000063488 _____ (The PHP Group) [File not signed] D:\xampp\php\ext\php_xmlrpc.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 000026624 _____ (The PHP Group) [File not signed] D:\xampp\php\php5apache2_2.dll
2011-08-23 14:59 - 2011-08-23 14:59 - 005908480 _____ (The PHP Group) [File not signed] D:\xampp\php\php5ts.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 07:34 - 2020-02-24 17:43 - 000000852 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3998977143-2418715955-457950580-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.88.193 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe No File
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe No File
FirewallRules: [{256A184A-FD61-4958-B4D1-46FE4BD98BD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{186EA7A6-E717-4105-ACB9-087FC486EADB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:97.56 GB) (Free:2.5 GB) (3%)
Check "VSS" service
==================== Faulty Device Manager Devices ============
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (02/25/2020 02:48:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/25/2020 01:14:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/25/2020 12:50:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.553, time stamp: 0x5e3e03ac
Faulting module name: Qt5Qml.dll, version: 5.13.2.0, time stamp: 0x5e3cc1ad
Exception code: 0xc0000005
Fault offset: 0x00000000001011d2
Faulting process id: 0xe30
Faulting application start time: 0x01d5ebae577eb81f
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
Report Id: 82a12efa-57a3-11ea-a729-001e4fbe1867
Error: (02/25/2020 12:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.553, time stamp: 0x5e3e03ac
Faulting module name: Qt5Qml.dll, version: 5.13.2.0, time stamp: 0x5e3cc1ad
Exception code: 0xc0000005
Fault offset: 0x00000000001011d2
Faulting process id: 0xe30
Faulting application start time: 0x01d5ebae577eb81f
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
Report Id: 7fe6718f-57a3-11ea-a729-001e4fbe1867
Error: (02/25/2020 12:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.553, time stamp: 0x5e3e03ac
Faulting module name: Qt5Qml.dll, version: 5.13.2.0, time stamp: 0x5e3cc1ad
Exception code: 0xc0000005
Fault offset: 0x00000000001011d2
Faulting process id: 0x774
Faulting application start time: 0x01d5ebab8ddc1dbc
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
Report Id: 431cbde5-579f-11ea-a729-001e4fbe1867
Error: (02/25/2020 12:20:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.553, time stamp: 0x5e3e03ac
Faulting module name: Qt5Qml.dll, version: 5.13.2.0, time stamp: 0x5e3cc1ad
Exception code: 0xc0000005
Fault offset: 0x00000000001011d2
Faulting process id: 0x774
Faulting application start time: 0x01d5ebab8ddc1dbc
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
Report Id: 3eefcd6e-579f-11ea-a729-001e4fbe1867
Error: (02/25/2020 12:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: malwarebytes_assistant.exe, version: 4.0.0.553, time stamp: 0x5e3e0241
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x5e3cb983
Exception code: 0xc0000005
Fault offset: 0x000000000020d435
Faulting process id: 0xbe4
Faulting application start time: 0x01d5ebabf26e713d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 365e8801-579f-11ea-a729-001e4fbe1867
Error: (02/25/2020 10:28:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (02/25/2020 03:30:39 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/25/2020 03:30:38 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/25/2020 03:30:36 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/25/2020 03:30:35 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft Software Printer Driver required for printer OneNote is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/25/2020 03:30:30 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver AnyDesk v4 Printer Driver required for printer AnyDesk Printer is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/25/2020 03:30:29 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/25/2020 03:30:28 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Amyuni Document Converter 400 required for printer ABS PDF Driver v400 is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/25/2020 03:30:28 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HP LaserJet Professional M1212nf MFP required for printer NPI49C24B (HP LaserJet Professional M1212nf MFP) is unknown. Contact the administrator to install the driver before you log in again.
CodeIntegrity:
===================================
Date: 2020-02-25 15:32:40.845
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rkflt.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-02-25 15:32:40.813
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rkflt.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-02-25 15:32:05.698
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rkflt.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-02-25 15:32:05.667
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rkflt.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-02-25 15:32:05.635
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rkflt.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-02-25 15:32:05.604
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rkflt.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-02-25 14:47:28.057
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rkflt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-02-25 14:47:28.010
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rkflt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Dell Inc. A09 03/11/2008
Motherboard: Dell Inc. 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 93%
Total physical RAM: 2013.61 MB
Available physical RAM: 127.54 MB
Total Virtual: 4027.22 MB
Available Virtual: 726.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.56 GB) (Free:2.5 GB) NTFS
Drive d: (primery1) (Fixed) (Total:833.85 GB) (Free:378.53 GB) NTFS
Drive z: (ERP & Web Bk(M)) (Network) (Total:5393.99 GB) (Free:567.91 GB) NTFS
\\?\Volume{d2939cbc-963c-11e6-a19d-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D118D118)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.8 GB) - (Type=0F Extended)
==================== End of Addition.txt =======================