Getting Rundll32.exe Website Blocked Trojan

Status
Not open for further replies.

Nocando10

New Member
Thread author
Oct 17, 2019
2
After scan it says everything is all clean but this pop-up continues. Windows Server 2012R

Thanks, John


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by Administrator (17-10-2019 09:57:15)
Running from C:\Users\Administrator\Downloads
Windows Server 2012 R2 Standard (Update) (X64) (2017-05-31 17:46:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1957796329-2660591114-3025022003-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1957796329-2660591114-3025022003-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Active Directory Authentication Library for SQL Server (HKLM\...\{985F0D27-46AC-4473-8F67-720A39D7A1E4}) (Version: 14.0.800.90 - Microsoft Corporation)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Argos 7 Installers (HKLM-x32\...\{38E07150-3BC1-4A44-A5ED-4A08CF26C7AE}) (Version: 7.7.3 - Sepialine, Inc.)
Argos Agent (HKLM-x32\...\{E4818DE6-0D72-473D-8506-C8847817D514}) (Version: 7.7.3 - Sepialine, Inc.)
Argos Application Server (HKLM-x32\...\{FB4430C5-940C-4C21-89ED-0877B0F22833}) (Version: 7.7.3 - Sepialine, Inc.)
Argos Database (HKLM-x32\...\{CC819C97-E318-42BA-964C-F27F9083DEE4}) (Version: 7.7.3 - Sepialine, Inc.)
Argos Deploy App (HKLM-x32\...\{31EF9AAC-D5EE-454E-A174-325AEFC92D8E}) (Version: 7.7.3 - Sepialine, Inc.)
Argos Manager (HKLM-x32\...\{EB0C4B37-E17A-47C7-B5C8-FC08F403743F}) (Version: 7.7.3 - Sepialine, Inc.)
AVG Business Security (HKLM-x32\...\AVG Antivirus) (Version: 19.7.3103 - AVG Technologies)
BluEdge Service Manager (HKLM-x32\...\{F41EE0F5-E759-42DF-B5E3-75E0AA37C318}) (Version: 1.00.0000 - BluEdge)
Canon Remote Operation Viewer 2.2 (HKLM-x32\...\{46D9B9ED-478F-4E27-B326-B20AD8F6A633}) (Version: 1.0.0 - CANON)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
EFI Flexera License Manager (remove only) (HKLM-x32\...\EFILM) (Version: 11.12.1.2 - EFI)
Fiery User Software-5.8.0.16 (HKLM-x32\...\{1B62E9DB-BD5B-4966-BF75-B038119E61FA}) (Version: 5.8.0.16 - Electronics For Imaging)
FMAudit Onsite (HKLM-x32\...\FMAudit Onsite3.7.4.20061) (Version: 3.7.4.20061 - FMAudit (ECi))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
License Activation (remove only) (HKLM-x32\...\OFASQ) (Version: 1.3.0.9 - EFI)
LogMeIn (HKLM-x32\...\{C842B328-0D7A-48D5-93C3-13FD71CF5885}) (Version: 4.1.9630 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{8AFDCE81-6BDF-440F-9008-5C8CB886C91B}) (Version: 1.3.2977 - LogMeIn, Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{7DBBD69D-5D15-40C6-AB2B-35ACE08AAF41}) (Version: 14.0.800.90 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{22645997-D3F4-4056-A21A-88A018A90C1F}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{076FF390-D283-4174-B602-B0B7B72BD024}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2017 Policies RC1 (HKLM-x32\...\{2D37C37A-4A27-4C35-BC0A-F73173BC106B}) (Version: 14.0.800.90 - Microsoft Corporation)
Microsoft SQL Server 2017 RC1 (HKLM-x32\...\Microsoft SQL Server SQL2017RC1) (Version: - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service RC1 (HKLM\...\{55394560-332F-42A8-AB56-BE288663131E}) (Version: 14.0.17177.0 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{E9AB3735-231C-4FA1-BE93-D09EA368386B}) (Version: 14.0.3757.2 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 17.2 (HKLM-x32\...\{6ce0f2ad-2643-496c-9b48-d0587d3e10a9}) (Version: 14.0.17177.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 RC1 (HKLM\...\{A825DFF0-A610-49A3-BF7C-C5772A0F488B}) (Version: 14.0.800.90 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.3.6020.0 - Microsoft Corporation)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Service Pack 3 for SQL Server 2012 (KB3072779) (HKLM-x32\...\KB3072779) (Version: 11.3.6020.0 - Microsoft Corporation)
SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Batch Parser (HKLM\...\{0FF55602-38F3-4D41-B4A3-01254248C668}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Client Tools Extensions (HKLM\...\{683FA9A8-D65D-4235-83D8-9F4E6737F4CA}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Client Tools Extensions (HKLM\...\{F2FD3B29-E8D8-4967-BED3-DDBC61D1975C}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Common Files (HKLM-x32\...\{3EFBCF30-7835-40C0-A482-61FCD200D6B0}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Common Files (HKLM-x32\...\{5666DCCC-0A10-4DEA-9D72-0CBE4597B272}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Connection Info (HKLM\...\{1B420087-3F15-4584-84E7-17004B8F73DD}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Connection Info (HKLM\...\{6E7DE51A-63FC-4636-8110-D81FEABE11D8}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 DMF (HKLM\...\{33CA5408-FAF8-45EA-BC34-339D708D5CD2}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 DMF (HKLM\...\{75D22F08-F052-4D85-BB0D-98572ECAB0DC}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Integration Services Scale Out Management Portal (HKLM\...\{4886060D-2480-465D-8A1E-71297E66AC72}) (Version: 14.0.800.77 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Integration Services Scale Out Management Portal (HKLM\...\{90D6ACA0-1265-41EA-8EC6-FA686EDABEC2}) (Version: 14.0.800.77 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Management Studio Extensions (HKLM-x32\...\{1A240E41-E06A-4601-A64F-75E371DBA6A3}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Management Studio Extensions (HKLM-x32\...\{FD3B8367-14B9-4778-856D-8CFAA216FC20}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Shared Management Objects (HKLM\...\{53A9C556-6706-4B55-95F0-743E1A6F2C82}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Shared Management Objects (HKLM\...\{DE6154BD-9C09-4561-9B85-99536C37A9E2}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Shared Management Objects Extensions (HKLM\...\{0655C937-E277-49BA-A001-A5EB2D0B4E06}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 Shared Management Objects Extensions (HKLM\...\{CA0AD573-54A1-47BC-A050-4BACA38E4CC7}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 SQL Diagnostics (HKLM\...\{28D17C9F-CB6C-4E9B-932A-7E709CAD4366}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 XEvent (HKLM\...\{D1C9CE67-E0C6-4B18-B185-8CBA583FF9C8}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server 2017 RC1 XEvent (HKLM\...\{E13EF9DC-DD28-43D0-B861-40E04C93D490}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.3.6020.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{510DB6E6-7CF0-4B25-A51E-3AED7E25D507}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{CD1FA99A-EEF9-44BE-8A89-8FB17F1C5437}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{19EE06F5-A411-4AE3-8024-437639E0A063}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{BFDE25C2-FA72-4449-9A7B-B785DA052D99}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{14A0B7B6-1D73-42E1-AD69-CDBC9AEB979A}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden
Suffolk Construction PDM 4.4.24.94 (HKU\S-1-5-21-1645522239-926492609-725345543-500\...\a74e094571230d60) (Version: 3.0.9.12044 - Suffolk Construction)
Suffolk Construction PDM 4.4.24.94 (HKU\S-1-5-21-1645522239-926492609-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162019103341388\...\a74e094571230d60) (Version: 3.0.9.12044 - Suffolk Construction)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Zemana AntiMalware version 3.1.395 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.395 - Zemana)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2019-08-27] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2019-08-27] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]

==================== Codecs (Whitelisted) ==================


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-01-26 23:08 - 2017-01-26 23:08 - 000046592 _____ () [File not signed] C:\Program Files (x86)\Canon Remote Operation Viewer 2.2\vitzlib.dll
2017-11-14 16:05 - 2014-11-27 15:37 - 000194048 _____ () [File not signed] C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\curllib.dll
2017-11-14 16:05 - 2014-11-27 15:37 - 000110592 _____ () [File not signed] C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\OpenLDAP.dll
2019-09-20 13:22 - 2019-09-20 13:22 - 000057344 _____ () [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\58202c83\009ccf6f_b664d501\Toshiba.Tasks.DLL
2019-09-20 13:22 - 2019-09-20 13:22 - 000719360 _____ () [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\61592b8c\009ccf6f_b664d501\Fma.Printing.DLL
2019-09-20 13:22 - 2019-09-20 13:22 - 000361472 _____ () [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\77003971\009ccf6f_b664d501\Fmao_compiled.DLL
2019-09-06 09:24 - 2019-09-06 09:24 - 000719360 _____ () [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\Fma.Printing.dll
2019-09-06 09:24 - 2019-09-06 09:24 - 000057344 _____ () [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\Toshiba.Tasks.dll
2019-09-27 07:33 - 2015-11-19 21:13 - 000181760 _____ () [File not signed] C:\Users\ADMINI~1.BAK\AppData\Local\Temp\RarSFX9\FSM\cfscore.dll
2019-09-27 07:33 - 2015-11-19 21:13 - 000194048 _____ () [File not signed] C:\Users\ADMINI~1.BAK\AppData\Local\Temp\RarSFX9\FSM\curllib.dll
2019-09-27 07:33 - 2015-11-19 21:13 - 000110592 _____ () [File not signed] C:\Users\ADMINI~1.BAK\AppData\Local\Temp\RarSFX9\FSM\OpenLDAP.dll
2019-09-27 07:33 - 2015-11-19 21:13 - 000674304 _____ () [File not signed] C:\Users\ADMINI~1.BAK\AppData\Local\Temp\RarSFX9\FSM\updater_lib\Win\GradInterface.dll
2017-01-26 23:08 - 2017-01-26 23:08 - 000049152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon Remote Operation Viewer 2.2\en-US\viewer.resources.dll
2017-01-26 23:08 - 2017-01-26 23:08 - 000034816 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon Remote Operation Viewer 2.2\VNCClient.dll
2007-11-18 23:42 - 2007-11-18 23:42 - 000304640 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\AUSSDRV.DLL
2010-09-12 12:00 - 2010-09-12 12:00 - 001987072 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\Cnp60M_D0D13.DLL
2010-09-10 03:00 - 2010-09-10 03:00 - 003187712 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\Cnp60MUI_D0D13.DLL
2017-11-14 16:05 - 2014-11-27 15:37 - 000190464 _____ (Carnegie Mellon University) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\libsasl.dll
2019-09-27 07:33 - 2015-11-19 21:13 - 000193536 _____ (Carnegie Mellon University) [File not signed] C:\Users\ADMINI~1.BAK\AppData\Local\Temp\RarSFX9\FSM\libsasl.dll
2019-09-20 13:22 - 2019-09-20 13:22 - 000094208 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\0260ff0a\009ccf6f_b664d501\FMAudit.Onsite.Services.DLL
2019-09-20 13:22 - 2019-09-20 13:22 - 000198656 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\08d4689c\009ccf6f_b664d501\Fmao.Common.DLL
2019-09-20 13:22 - 2019-09-20 13:22 - 000171520 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\1f174b7d\009ccf6f_b664d501\Fmao.Web.DLL
2019-09-20 13:22 - 2019-09-20 13:22 - 000317952 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\6ed47d94\009ccf6f_b664d501\Fmao.Data.DLL
2019-09-20 13:22 - 2019-09-20 13:22 - 000110592 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\b130b452\009ccf6f_b664d501\FMAudit.Common.DLL
2019-09-06 09:24 - 2019-09-06 09:24 - 000198656 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\Fmao.Common.dll
2019-09-06 09:24 - 2019-09-06 09:24 - 000317952 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\Fmao.Data.dll
2019-09-06 09:24 - 2019-09-06 09:24 - 000110592 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\FMAudit.Common.dll
2019-09-06 09:24 - 2019-09-06 09:24 - 000094208 _____ (ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\FMAudit.Onsite.Services.dll
2017-11-14 16:07 - 2015-08-25 14:07 - 000022016 _____ (Electronics For Imaging, Inc.) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\crashreport.dll
2017-11-14 15:59 - 2016-02-12 15:11 - 000221184 _____ (Electronics For Imaging, Inc.) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\harmonycxp_core.dll
2017-11-14 15:59 - 2016-02-12 15:11 - 002179072 _____ (Electronics For Imaging, Inc.) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\harmonycxp_efi_color.dll
2017-11-14 15:59 - 2016-02-12 15:11 - 002604544 _____ (Electronics For Imaging, Inc.) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\harmonycxp_efim.dll
2017-11-14 15:59 - 2016-02-12 15:11 - 007327744 _____ (Electronics For Imaging, Inc.) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\harmonycxp10.dll
2017-11-14 16:06 - 2017-11-14 16:06 - 004747264 _____ (Flexera Software LLC) [File not signed] C:\Program Files (x86)\EFI\EFILM\EFI_libFNP.dll
2017-08-29 13:22 - 2011-11-19 17:50 - 000259072 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpipp0vf.dll
2017-08-29 13:22 - 2013-01-31 11:06 - 000635904 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpippa4s.dll
2017-08-29 13:22 - 2007-10-18 14:18 - 000256512 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpzpp5i4.DLL
2017-08-29 13:22 - 2011-11-10 11:42 - 000015360 _____ (Hewlett-Packard Corporation, Microsoft Corporation) [File not signed] C:\Windows\System32\hpltlm5.dll
2016-06-15 05:36 - 2016-06-15 05:36 - 000052224 _____ (HP Inc.) [File not signed] C:\Windows\system32\hpbmiapi.dll
2016-06-15 05:36 - 2016-06-15 05:36 - 000012800 _____ (HP Inc.) [File not signed] C:\Windows\system32\hpboidps.dll
2016-06-15 05:36 - 2016-06-15 05:36 - 000013312 _____ (HP Inc.) [File not signed] C:\Windows\system32\hpbprops.dll
2016-06-15 05:36 - 2016-06-15 05:36 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2016-06-15 05:36 - 2016-06-15 05:36 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2016-07-30 12:05 - 2016-07-30 12:05 - 003661784 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2017-11-14 16:00 - 2004-04-06 05:10 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\MSVCP71.dll
2017-11-14 16:00 - 2004-04-06 05:10 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\MSVCR71.dll
2019-09-20 13:22 - 2019-09-20 13:22 - 000041984 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\8e131bac\009ccf6f_b664d501\Cassini.DLL
2019-09-06 09:24 - 2019-09-06 09:24 - 000041984 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\Cassini.dll
2017-08-29 13:22 - 2008-07-06 17:57 - 000147456 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\filterpipelineprintproc.dll
2019-10-14 22:27 - 2019-10-14 22:27 - 000172032 _____ (NetToolWorks Inc.) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\f0e7aab7\00942040_b664d501\NetToolWorks.Snmp.DLL
2019-09-06 09:23 - 2019-09-06 09:23 - 000172032 _____ (NetToolWorks Inc.) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\NetToolWorks.Snmp.dll
2019-09-20 13:22 - 2019-09-20 13:22 - 000507392 _____ (Newtonsoft) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\6388f1ae\003abe3d_b664d501\Newtonsoft.Json.DLL
2019-09-06 09:23 - 2019-09-06 09:23 - 000507392 _____ (Newtonsoft) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Web\Bin\Newtonsoft.Json.dll
2013-11-18 14:27 - 2013-09-10 05:33 - 000148992 _____ (Océ-Technologies B.V.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\ocewpd2.dll
2013-11-18 14:27 - 2013-09-10 05:53 - 000749568 _____ (Océ-Technologies B.V.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\ocewpd2ab.dll
2013-11-18 14:27 - 2013-09-10 06:14 - 007124992 _____ (Océ-Technologies B.V.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\ocewpd2dm.dll
2013-11-18 14:27 - 2013-09-10 07:21 - 000081408 _____ (Océ-Technologies B.V.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\ocewpd2log.dll
2013-11-18 14:27 - 2013-09-10 05:51 - 000065024 _____ (Océ-Technologies B.V.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\ocewpd2pui.dll
2019-10-14 22:27 - 2019-10-14 22:27 - 000045056 _____ (PreEmptive Solutions, LLC) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\0d041405\00942040_b664d501\AxInterop.SHDocVw.DLL
2019-10-14 22:27 - 2019-10-14 22:27 - 000126976 _____ (PreEmptive Solutions, LLC) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\787e0689\00942040_b664d501\Interop.SHDocVw.DLL
2017-03-31 02:02 - 2017-03-31 02:02 - 001449472 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Sepialine\Argos7\Communication\x64\SQLite.Interop.dll
2017-08-29 13:22 - 2013-05-17 17:04 - 000195072 _____ (Sepialine Inc.) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\ArgPrint.dll
2019-09-20 13:22 - 2019-09-20 13:22 - 000147456 _____ (Telerik) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\0794067d\00942040_b664d501\RadToolbar.Net2.DLL
2019-09-20 13:22 - 2019-09-20 13:22 - 009932288 _____ (Telerik) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\5a96fe29\00942040_b664d501\Telerik.Web.UI.DLL
2019-09-20 13:22 - 2019-09-20 13:22 - 000253952 _____ (Telerik) [File not signed] C:\Program Files (x86)\FMAuditOnsite\Temp\AspNet\root\1afafec4\c2002aa\assembly\dl3\68abae18\00942040_b664d501\RadTabStrip.Net2.DLL
2017-11-14 16:05 - 2014-11-27 15:37 - 001016832 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\LIBEAY32.dll
2017-11-14 16:05 - 2014-11-27 15:37 - 000200192 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\SSLEAY32.dll
2019-09-27 07:33 - 2015-11-19 21:13 - 001016832 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\ADMINI~1.BAK\AppData\Local\Temp\RarSFX9\FSM\LIBEAY32.dll
2019-09-27 07:33 - 2015-11-19 21:13 - 000200192 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\ADMINI~1.BAK\AppData\Local\Temp\RarSFX9\FSM\SSLEAY32.dll
2017-11-14 16:00 - 2016-01-19 10:50 - 002154496 _____ (wxWidgets development team) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\wxbase30u_vc_12_EFI.dll
2017-11-14 16:00 - 2016-01-19 10:50 - 000139776 _____ (wxWidgets development team) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\wxbase30u_xml_vc_12_EFI.dll
2017-11-14 16:00 - 2016-01-19 10:50 - 005133312 _____ (wxWidgets development team) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Common Files\EFI\wxmsw30u_core_vc_12_EFI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\PROGRA~2\Fiery\APPLIC~1\COMMON~1\EFI;C:\PROGRA~2\Java\JRE18~1.0_2\bin;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio\;C:\PROGRA~2\COMMON~1\EFI;C:\PROGRA~2\COMMON~1\EFI\EFIES-~1;
HKU\S-1-5-21-1645522239-926492609-725345543-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1645522239-926492609-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162019103341388\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1957796329-2660591114-3025022003-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1957796329-2660591114-3025022003-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162019103341527\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.5 - 192.168.0.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe No File
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe No File
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{98CE7103-4147-478B-BEAA-45751E8BCAF1}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet, Inc. -> SafeNet Inc.)
FirewallRules: [{843A403E-53CB-45B7-8BB6-DC7C077F8DF5}] => (Allow) C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe (Electronics for Imaging, Inc.) [File not signed]
FirewallRules: [{2EB96A9D-B6F1-439E-9027-181F015AF7DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3EF0479A-1C4D-4980-B31A-93D57C1C486B}] => (Allow) C:\Program Files\AVG\Antivirus\x86\avgAdminClientService.exe No File
FirewallRules: [{AE014E19-A9D7-4EA5-9BAF-E7424FDEFEC6}] => (Allow) C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX10\FDU\Fiery Driver Updater.exe No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:930.65 GB) (Free:891.73 GB) (96%)
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2019 12:19:55 PM) (Source: MsiInstaller) (EventID: 10005) (User: BLUEDGE01)
Description: Product: Kaspersky Anti-Ransomware Tool for Business -- Error 27300. msierr Drvinst Failed To Install Driver

Error: (10/16/2019 12:16:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogMeInRC.exe, version: 4.1.0.6884, time stamp: 0x5bd1aece
Faulting module name: combase.dll, version: 6.3.9600.18666, time stamp: 0x58f3203f
Exception code: 0xc0000005
Fault offset: 0x0000000000037d5a
Faulting process id: 0xde4
Faulting application start time: 0x01d58431b094546b
Faulting application path: C:\Program Files (x86)\LogMeIn\x64\LogMeInRC.exe
Faulting module path: C:\Windows\SYSTEM32\combase.dll
Report Id: 5d7227e9-f030-11e9-80ce-109836b461d2
Faulting package full name:
Faulting package-relative application ID:

Error: (10/16/2019 10:55:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.1.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6974

Start Time: 01d5842f3588e354

Termination Time: 9289

Application Path: C:\Users\Administrator\Desktop\mbar\mbar.exe

Report Id: 00e106b8-f025-11e9-80ce-109836b461d2

Faulting package full name:

Faulting package-relative application ID:

Error: (10/16/2019 10:33:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.1.0.1840, time stamp: 0x5d5c13ae
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5cba0161
Exception code: 0xc0000005
Fault offset: 0x0018dc19
Faulting process id: 0x5ef0
Faulting application start time: 0x01d5841c187218f0
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: ef52e85b-f021-11e9-80ce-109836b461d2
Faulting package full name:
Faulting package-relative application ID:

Error: (10/16/2019 08:50:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: BLUEDGE01)
Description: Product: Kaspersky Anti-Ransomware Tool for Business -- Error 27300. msierr Drvinst Failed To Install Driver

Error: (10/16/2019 08:50:05 AM) (Source: MsiInstaller) (EventID: 10005) (User: BLUEDGE01)
Description: Product: Kaspersky Anti-Ransomware Tool for Business -- Error 27300. msierr Drvinst Failed To Install Driver

Error: (10/16/2019 07:38:03 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL SQLAgent$ARGOS. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (10/16/2019 07:38:03 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL MSSQL$ARGOS. The first four bytes (DWORD) of the Data section contains the Windows error code.


System errors:
=============
Error: (10/17/2019 09:57:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/17/2019 09:57:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/17/2019 09:56:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/17/2019 09:56:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/17/2019 09:55:52 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/17/2019 09:55:52 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/17/2019 09:54:52 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/17/2019 09:54:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


==================== Memory info ===========================

BIOS: Dell Inc. 2.0.8 01/12/2017
Motherboard: Dell Inc. 0MFXTY
Processor: Intel(R) Xeon(R) CPU E3-1220 v5 @ 3.00GHz
Percentage of memory in use: 97%
Total physical RAM: 8150.55 MB
Available physical RAM: 190.59 MB
Total Virtual: 11903.94 MB
Available Virtual: 1435.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.65 GB) (Free:891.73 GB) NTFS

\\?\Volume{6acdb199-4636-11e7-80b5-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931 GB) (Disk ID: 28A3B2B2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2019 02
Ran by Administrator (administrator) on BLUEDGE01 (Dell Inc. PowerEdge R230) (17-10-2019 09:55:49)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator & Administrator & (Available Profiles: Administrator & Administrator)
Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\BluEdge\Service Manager\BluEdgePluginServiceManager.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgAdminClientService.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(CANON INC.) [File not signed] C:\Program Files (x86)\Canon Remote Operation Viewer 2.2\viewer.exe
(ECi FMAudit) [File not signed] C:\Program Files (x86)\FMAuditOnsite\fmaonsite.exe
(EFI Software (Electronics for Imaging, Inc.) -> ) C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe
(EFI Software (Electronics for Imaging, Inc.) -> ) C:\Users\ADMINI~1.BAK\AppData\Local\Temp\RarSFX9\FSM\Fiery Software Manager.exe
(Electronics for Imaging, Inc) [File not signed] C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe
(Electronics for Imaging, Inc.) [File not signed] C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
(Electronics for Imaging, Inc.) [File not signed] C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
(Electronics for Imaging, Inc.) [File not signed] C:\Program Files (x86)\EFI\EFILM\EFI.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files (x86)\EFI\EFILM\lmgrd.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files (x86)\EFI\EFILM\lmgrd.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInRC.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ARGOS\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
(Oce Technologies b.v. -> Océ-Technologies B.V.) C:\Windows\System32\spool\drivers\x64\3\ocewpd2dp.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Agent\Agent.DesktopClient.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Agent\Agent.DesktopClient.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Agent\Agent.Hosts.AgentService.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\CanonOnBoard\AppServer.CanonOnBoard.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Communication\AppServer.Communication.Service.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\DeployApp\DeployApp.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\EfiPrintMeMobile\AppServer.EfiPrintMeMobile.Service.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\ExpressTerminal\AppServer.ExpressTerminals.Service.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\HPOnBoard\AppServer.HPOnBoard.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\HPOnBoardLarge\AppServer.HpLargeFormat.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Integration\AppServer.IntegrationService.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Maintenance\MaintenanceService.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Mobile\AppServer.MobileRelease.Service.exe
(Sepialine, Inc. -> Sepialine) C:\Program Files (x86)\Sepialine\Argos7\ReleaseBroker\AppServer.HostageReleaseBroker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [454384 2019-09-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [316336 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2014-10-31] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2014-10-31] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2019-09-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
Lsa: [Notification Packages] rassfm scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Fiery Command WorkStation 5.lnk [2017-11-14]
ShortcutTarget: Fiery Command WorkStation 5.lnk -> C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\Contents\WinOS\cws.exe (EFI Software -> Electronics for Imaging, Inc)
BootExecute: autocheck autochk /q /v *

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FC6D23B-C9AF-48BD-A193-4AB470C384D3} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [656968 2019-08-27] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {4AD538CC-E752-4450-B401-F7EAACB344E0} - System32\Tasks\Fiery Software Manager => C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe [6345360 2016-01-08] (EFI Software (Electronics for Imaging, Inc.) -> )
Task: {50A90F0A-149E-4D6E-94FC-C9F5255AAE6A} - System32\Tasks\Onsite_Watchdog => C:\Program Files (x86)\FMAuditOnsite\watchdog.bat [115 2019-09-06] () [File not signed] <==== ATTENTION
Task: {5AF41547-19E9-46B1-8865-CCE551A3CABC} - System32\Tasks\FPDUDaily => C:\Program Files (x86)\FPDU\Fiery Driver Updater.exe [9525984 2015-09-16] (EFI Software -> Electronics For Imaging, Inc.)
Task: {5BFE7D54-31D5-49DF-9D50-0625C586DEB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-31] (Google Inc -> Google Inc.)
Task: {5CBBF9E7-5105-446B-9C6B-0EC150763DAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-31] (Google Inc -> Google Inc.)
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [235520 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {82872699-9129-474F-B3D6-B4B9B849AA5F} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {8C5566D2-4586-40C2-BDDC-209F22DF6EB3} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2081712 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {9527F205-B800-4590-BDE7-40F541F3AB6D} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [94208 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {9A32997A-3ABD-4A39-9F14-B117E74FB7C6} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3990448 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {BECB97AA-1DA7-4D07-B2C6-40538762D930} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {CFB4562E-B346-461B-8F8F-E8CCA176F961} - System32\Tasks\LINQ_wxWidgets => C:\ProgramData\efiLINQ\efiLINQ.exe [2289664 2015-11-11] (Electronics For Imaging, Inc.) [File not signed] <==== ATTENTION
Task: {F2E8D2D6-DB12-4BB6-A174-989523135A6C} - System32\Tasks\CWS Analytics => C:\ProgramData\efiLINQ\efiLINQ.exe [2289664 2015-11-11] (Electronics For Imaging, Inc.) [File not signed] <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.5 192.168.0.6 71.243.0.12
Tcpip\..\Interfaces\{D2DEEFF7-F7D7-445B-9A0C-72B36A9BC34F}: [DhcpNameServer] 192.168.0.5 192.168.0.6 71.243.0.12

Internet Explorer:
==================
HKU\S-1-5-21-1957796329-2660591114-3025022003-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKU\S-1-5-21-1957796329-2660591114-3025022003-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10162019103341527\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2017-11-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2017-11-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2017-11-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2017-11-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2019-10-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-16]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-16]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-16]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-16]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-16]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-16]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArgBrokerSvc; C:\Program Files (x86)\Sepialine\Argos7\ReleaseBroker\AppServer.HostageReleaseBroker.exe [45200 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgCanonOnBoardSvc; C:\Program Files (x86)\Sepialine\Argos7\CanonOnBoard\AppServer.CanonOnBoard.exe [188544 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgCommSvc; C:\Program Files (x86)\Sepialine\Argos7\Communication\AppServer.Communication.Service.exe [236696 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgEfiSvc; C:\Program Files (x86)\Sepialine\Argos7\EfiPrintMeMobile\AppServer.EfiPrintMeMobile.Service.exe [30360 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgHpLarge; C:\Program Files (x86)\Sepialine\Argos7\HPOnBoardLarge\AppServer.HpLargeFormat.exe [38024 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgHpOnBoardSvc; C:\Program Files (x86)\Sepialine\Argos7\HPOnBoard\AppServer.HPOnBoard.exe [61568 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgIntgrSvc; C:\Program Files (x86)\Sepialine\Argos7\Integration\AppServer.IntegrationService.exe [51856 2017-03-31] (Sepialine, Inc. -> Sepialine)
S3 ArgKMOnBoardSvc; C:\Program Files (x86)\Sepialine\Argos7\KonicaMinoltaOnBoard\AppServer.KonicaMinoltaOnBoard.exe [183952 2017-03-31] (Sepialine, Inc. -> Sepialine)
S3 ArgKyoceraOnBoardSvc; C:\Program Files (x86)\Sepialine\Argos7\KyoceraOnBoard\AppServer.KyoceraOnBoard.Service.exe [42648 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgMaintSvc; C:\Program Files (x86)\Sepialine\Argos7\Maintenance\MaintenanceService.exe [24696 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgMobileSvc; C:\Program Files (x86)\Sepialine\Argos7\Mobile\AppServer.MobileRelease.Service.exe [76952 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 ArgosAgentSvc; C:\Program Files (x86)\Sepialine\Argos7\Agent\Agent.Hosts.AgentService.exe [31368 2017-03-31] (Sepialine, Inc. -> Sepialine)
S3 ArgRicohOnBoardSvc; C:\Program Files (x86)\Sepialine\Argos7\RicohOnBoard\AppServer.RicohOnBoard.Service.exe [88208 2017-03-31] (Sepialine, Inc. -> Sepialine)
S3 ArgSharpOnBoardSvc; C:\Program Files (x86)\Sepialine\Argos7\SharpOnBoard\AppServer.SharpOnBoard.Service.exe [16528 2017-03-31] (Sepialine, Inc. -> Sepialine)
S3 ArgToshibaOnBoardSvc; C:\Program Files (x86)\Sepialine\Argos7\ToshibaOnBoard\AppServer.ToshibaOnBoard.exe [396936 2017-03-31] (Sepialine, Inc. -> Sepialine)
S3 ArgXeroxOnBoardSvc; C:\Program Files (x86)\Sepialine\Argos7\XeroxOnBoard\AppServer.XeroxOnBoard.Service.exe [246416 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [405120 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgAdminClient; C:\Program Files\AVG\Antivirus\avgAdminClientService.exe [87728 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 BluEdge Service Manager; C:\Program Files (x86)\BluEdge\Service Manager\BluEdgePluginServiceManager.exe [48128 2018-08-23] () [File not signed]
R2 EFI ES1000; C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [11776 2009-10-19] (Electronics for Imaging, Inc.) [File not signed]
R2 EFI License Manager; C:\Program Files (x86)\EFI\EFILM\lmgrd.exe [1499440 2017-11-14] (Flexera Software LLC -> Flexera Software LLC)
R2 ExpressTerminalsSvc; C:\Program Files (x86)\Sepialine\Argos7\ExpressTerminal\AppServer.ExpressTerminals.Service.exe [53400 2017-03-31] (Sepialine, Inc. -> Sepialine)
R2 Fiery Data Collector; C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe [749056 2016-01-18] (Electronics for Imaging, Inc) [File not signed]
R2 FMAuditOnsite; C:\Program Files (x86)\FMAuditOnsite\fmaonsite.exe [66560 2019-09-06] (ECi FMAudit) [File not signed]
S3 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [421624 2019-09-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [594168 2019-09-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48128 2014-07-24] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$ARGOS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ARGOS\MSSQL\Binn\sqlservr.exe [163008 2015-10-20] (Microsoft Corporation -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S2 ofaApp; C:\Program Files (x86)\EFI\OFASQ2\ofaApp.exe [2531008 2017-11-14] (EFI Software -> )
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-21] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S4 SQLAgent$ARGOS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ARGOS\MSSQL\Binn\SQLAGENT.EXE [448704 2015-10-20] (Microsoft Corporation -> Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-09-04] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2019-10-16] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [209816 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42552 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [169672 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [88200 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1031048 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [478144 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [387440 2019-10-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [534768 2015-07-23] (QLogic Corporation -> QLogic Corporation)
S3 b06diag; C:\Windows\System32\drivers\bxdiaga.sys [91376 2014-12-18] (QLogic Corporation -> QLogic Corporation)
R3 bccfg4; C:\Windows\System32\drivers\bccfg4.sys [32392 2015-12-31] (Dell Inc. -> Dell Inc.)
R0 bcraid4; C:\Windows\System32\drivers\bcraid4.sys [646792 2015-12-31] (Dell Inc. -> Dell Inc.)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [204464 2015-12-02] (QLogic Corporation -> QLogic Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [541424 2015-12-01] (QLogic Corporation -> QLogic Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3519728 2016-03-29] (QLogic Corporation -> QLogic Corporation)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.)
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116832 2019-10-16] (Malwarebytes Corporation -> Malwarebytes)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [117760 2016-07-09] (Microsoft Windows -> Microsoft Corporation)
S0 percsas3; C:\Windows\System32\drivers\percsas3.sys [69968 2016-09-20] (Avago Technologies U.S. Inc. -> Avago Technologies)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R4 kl1; system32\DRIVERS\kl1.sys [X]
R4 klflt; \SystemRoot\system32\DRIVERS\klflt.sys [X]
R4 klgse; system32\DRIVERS\klgse.sys [X]
R4 klhk; \SystemRoot\system32\DRIVERS\klhk.sys [X]
R4 KLIF; system32\DRIVERS\klif.sys [X]
R4 klpd; system32\DRIVERS\klpd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-17 09:55 - 2019-10-17 09:56 - 000030819 _____ C:\Users\Administrator\Downloads\FRST.txt
2019-10-17 09:55 - 2019-10-17 09:55 - 001616384 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2019-10-17 09:39 - 2019-10-17 09:39 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3762150B.sys
2019-10-16 13:49 - 2019-10-16 13:49 - 276754637 _____ C:\Users\Administrator\Desktop\BLUEDGE01_Printers.printerExport
2019-10-16 12:17 - 2019-10-17 09:56 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\4
2019-10-16 12:06 - 2019-10-16 12:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2019-10-16 12:01 - 2019-10-16 12:01 - 000829920 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_decryptor_TeslaCrypt3.exe
2019-10-16 10:52 - 2019-10-16 10:52 - 001031048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2019-10-16 10:52 - 2019-10-16 10:52 - 000478144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2019-10-16 10:52 - 2019-10-16 10:52 - 000387440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2019-10-16 10:52 - 2019-10-16 10:52 - 000363952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2019-10-16 10:52 - 2019-10-16 10:52 - 000209816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2019-10-16 10:52 - 2019-10-16 10:52 - 000169672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2019-10-16 10:52 - 2019-10-16 10:52 - 000088200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2019-10-16 10:52 - 2019-10-16 10:52 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2019-10-16 10:52 - 2019-10-16 10:52 - 000003904 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2019-10-16 10:52 - 2019-10-16 10:52 - 000001849 _____ C:\Users\Public\Desktop\AVG Business Security.lnk
2019-10-16 10:52 - 2019-10-16 10:52 - 000001849 _____ C:\ProgramData\Desktop\AVG Business Security.lnk
2019-10-16 10:52 - 2019-10-16 10:52 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2019-10-16 10:52 - 2019-10-16 10:52 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2019-10-16 10:52 - 2019-10-16 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2019-10-16 10:52 - 2019-10-16 10:52 - 000000000 ____D C:\Program Files\Common Files\AVG
2019-10-16 10:51 - 2019-10-16 10:51 - 000000000 ____D C:\Program Files\AVG
2019-10-16 10:49 - 2019-10-16 10:50 - 369699352 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Downloads\avg_business_antivirus_setup_offline.exe
2019-10-16 10:46 - 2019-10-16 10:52 - 000000000 ____D C:\ProgramData\AVG
2019-10-16 10:45 - 2019-10-16 10:45 - 000270160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Downloads\avg_antivirus_free_setup.exe
2019-10-16 10:43 - 2019-10-16 10:43 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7411D49E.sys
2019-10-16 10:37 - 2019-10-17 09:50 - 000000000 ____D C:\Users\Administrator\Desktop\mbar
2019-10-16 10:37 - 2019-10-17 09:50 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-10-16 10:37 - 2019-10-16 10:37 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.10.3.1001.exe
2019-10-16 09:36 - 2019-10-16 10:01 - 000000000 ____D C:\Test
2019-10-16 09:13 - 2019-10-16 09:13 - 001653760 _____ (Emsisoft Ltd.) C:\Users\Administrator\Downloads\decrypt_HildaCrypt.exe
2019-10-16 09:05 - 2019-10-16 09:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\mbam
2019-10-16 08:50 - 2019-10-16 12:19 - 011979307 _____ C:\Users\Administrator\AppData\Local\Temp\bases.cab
2019-10-16 08:26 - 2019-10-17 09:56 - 000000000 ____D C:\FRST
2019-10-16 08:22 - 2019-10-17 09:56 - 005499066 _____ C:\Windows\ZAM.krnl.trace
2019-10-16 08:22 - 2019-10-16 08:22 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2019-10-16 08:22 - 2019-10-16 08:22 - 000003490 _____ C:\Windows\system32\Tasks\AMHelper
2019-10-16 08:22 - 2019-10-16 08:22 - 000001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2019-10-16 08:22 - 2019-10-16 08:22 - 000001232 _____ C:\ProgramData\Desktop\Zemana AntiMalware.lnk
2019-10-16 08:22 - 2019-10-16 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-10-16 08:22 - 2019-10-16 08:22 - 000000000 ____D C:\Program Files (x86)\Zemana
2019-10-16 08:21 - 2019-10-16 08:21 - 012668536 _____ (Zemana Ltd. ) C:\Users\Administrator\Downloads\AntiMalware_Setup.exe
2019-10-16 08:20 - 2019-10-16 08:20 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-10-16 08:20 - 2019-10-16 08:20 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-10-16 08:10 - 2019-10-16 08:10 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Roaming\Kaspersky Anti-Ransomware Tool for Business
2019-10-16 08:10 - 2019-10-16 08:10 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-10-16 08:09 - 2019-10-16 12:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Installer for Kaspersky Anti-Ransomware Tool for Business
2019-10-16 08:09 - 2019-10-16 08:09 - 078616136 _____ (AO Kaspersky Lab) C:\Users\Administrator\Downloads\KART_4.0.0.861_en-US.exe
2019-10-16 08:09 - 2019-10-16 08:09 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Kaspersky Anti-Ransomware Tool for Business
2019-10-16 08:04 - 2019-10-16 08:04 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-16 07:48 - 2019-10-16 08:20 - 000116832 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-10-16 07:48 - 2019-10-16 08:20 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-10-16 07:47 - 2019-10-16 10:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-16 07:47 - 2019-10-16 08:20 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-10-16 07:47 - 2019-10-16 08:20 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-16 07:47 - 2019-10-16 07:47 - 066367928 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.627-1.0.12633.exe
2019-10-16 07:47 - 2019-10-16 07:47 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-16 07:47 - 2019-10-16 07:47 - 000001883 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-16 07:47 - 2019-10-16 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-16 07:47 - 2019-10-16 07:47 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-14 22:23 - 2019-10-14 22:23 - 000026412 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\SsmD773.tmp
2019-10-14 19:02 - 2019-10-14 19:02 - 105870821 _____ C:\Users\administrator.BAKER\Downloads\iP-P1v1.0_PS_Driver_Win.zip.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 001927972 _____ C:\VC_RED.cab.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 001402211 _____ C:\Users\administrator.BAKER\Downloads\Bluedge Reports.zip.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000931096 _____ C:\Users\administrator.BAKER\Desktop\Drawings Sheets.pdf.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000904720 _____ C:\msdia80.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000431956 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\dd_vcredistMSI52D0.txt.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000425076 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\dd_vcredistMSI52ED.txt.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000411992 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\dd_vcredistMSI52D9.txt.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000369296 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\dd_vcredistMSI58DF.txt.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000097312 _____ C:\install.res.1036.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000096288 _____ C:\install.res.3082.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000096288 _____ C:\install.res.1031.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000095264 _____ C:\install.res.1040.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000091168 _____ C:\install.res.1033.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000081440 _____ C:\install.res.1041.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000079904 _____ C:\install.res.1042.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000076320 _____ C:\install.res.1028.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000075808 _____ C:\install.res.2052.dll.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000039036 _____ C:\Users\Administrator\AppData\Local\Temp\ARWConfig-c624726d-1ac9-48fe-ac54-1034a35214d4.xml.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000039036 _____ C:\Users\Administrator\AppData\Local\Temp\ARWConfig-ac531c24-db7d-4ca4-b4a8-2bd670307d34.xml.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000039036 _____ C:\Users\Administrator\AppData\Local\Temp\ARWConfig-193c36fd-ce91-4d9c-bb79-ea76d2227883.xml.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000014661 _____ C:\Users\Administrator\Desktop\DECRYPT_INFORMATION.html
2019-10-14 19:02 - 2019-10-14 19:02 - 000012830 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\dd_vcredistUI58DF.txt.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000011526 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\dd_vcredistUI52D9.txt.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000011444 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\dd_vcredistUI52D0.txt.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000011428 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\dd_vcredistUI52ED.txt.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000000029 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\jawshtml.html.sun
2019-10-14 19:02 - 2019-10-14 19:02 - 000000012 _____ C:\Users\Administrator\Desktop\sun_id
2019-09-27 07:33 - 2019-10-16 07:59 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX9
2019-09-27 07:32 - 2019-10-16 07:59 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\1

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-17 09:56 - 2017-07-26 10:03 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl
2019-10-17 08:57 - 2017-06-06 13:45 - 000000000 ____D C:\ProgramData\LogMeIn
2019-10-17 07:34 - 2017-11-14 16:18 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Roaming\Fiery Software Manager
2019-10-17 07:34 - 2017-11-14 15:58 - 000000157 _____ C:\Users\administrator.BAKER\AppData\Roaming\com.efi.FierySoftwareManager
2019-10-16 23:00 - 2017-11-15 00:00 - 000000000 ____D C:\Exports
2019-10-16 12:32 - 2017-11-14 13:27 - 000003554 _____ C:\Windows\system32\Tasks\FPDUDaily
2019-10-16 12:32 - 2017-11-14 13:27 - 000000121 _____ C:\Users\administrator.BAKER\AppData\Roaming\com.efi.FieryPrinterDriverUpdater
2019-10-16 12:32 - 2017-11-14 13:27 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Roaming\Fiery Driver Updater
2019-10-16 12:31 - 2018-08-31 21:10 - 000257928 _____ C:\Users\Administrator\AppData\Local\Temp\ArmUI.ini
2019-10-16 12:22 - 2017-05-31 13:54 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957796329-2660591114-3025022003-500
2019-10-16 10:33 - 2019-03-08 09:25 - 000000000 ____D C:\Scans
2019-10-16 10:12 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-10-16 09:08 - 2017-10-13 22:54 - 000000000 ____D C:\Users\administrator.BAKER\Desktop\DocuPro Extract 2017-10-13 10.54.17 PM
2019-10-16 08:52 - 2017-08-02 14:51 - 000003592 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1645522239-926492609-725345543-500
2019-10-16 08:47 - 2013-08-22 09:25 - 000008192 ___SH C:\Windows\system32\config\ELAM
2019-10-16 07:59 - 2019-04-28 16:13 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX8
2019-10-16 07:59 - 2018-10-23 10:08 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX7
2019-10-16 07:59 - 2018-08-30 13:33 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2019-10-16 07:59 - 2018-08-30 13:28 - 000000000 ____D C:\Users\Administrator\Documents\Impose
2019-10-16 07:59 - 2018-08-25 14:36 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX6
2019-10-16 07:59 - 2018-04-25 10:01 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX5
2019-10-16 07:59 - 2018-01-30 10:50 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX4
2019-10-16 07:59 - 2018-01-16 20:56 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX3
2019-10-16 07:59 - 2017-12-19 14:31 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX2
2019-10-16 07:59 - 2017-11-17 13:09 - 000000000 ____D C:\Users\administrator.BAKER\Downloads\HP5200
2019-10-16 07:59 - 2017-11-16 09:20 - 000000000 ____D C:\Users\administrator.BAKER\AppData\LocalLow\Adobe
2019-10-16 07:59 - 2017-11-16 09:20 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\Adobe
2019-10-16 07:59 - 2017-11-16 09:01 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX1
2019-10-16 07:59 - 2017-11-15 16:57 - 000000000 ____D C:\Users\administrator.BAKER\Desktop\x64
2019-10-16 07:59 - 2017-11-15 16:00 - 000000000 ____D C:\ProgramData\FSM
2019-10-16 07:59 - 2017-11-15 09:52 - 000000000 ____D C:\Users\administrator.BAKER\Downloads\Remote_Operator_Software_V220
2019-10-16 07:59 - 2017-11-14 16:18 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\RarSFX0
2019-10-16 07:59 - 2017-11-14 16:06 - 000000000 ____D C:\ProgramData\FNP
2019-10-16 07:59 - 2017-11-14 16:06 - 000000000 ____D C:\ProgramData\FLEXnet
2019-10-16 07:59 - 2017-11-14 16:05 - 000000000 ____D C:\ProgramData\FDC
2019-10-16 07:59 - 2017-11-14 16:03 - 000000000 ____D C:\ProgramData\Image Enhance Visual Editor
2019-10-16 07:59 - 2017-11-14 16:02 - 000000000 ____D C:\ProgramData\Fiery Command WorkStation
2019-10-16 07:59 - 2017-11-14 15:59 - 000000000 ____D C:\ProgramData\SafeNet Sentinel
2019-10-16 07:59 - 2017-11-14 15:59 - 000000000 ____D C:\ProgramData\efiLINQ
2019-10-16 07:59 - 2017-11-14 15:58 - 000000000 ___HD C:\Fiery Software Manager
2019-10-16 07:59 - 2017-11-14 15:58 - 000000000 ____D C:\Users\administrator.BAKER\AppData\LocalLow\Sun
2019-10-16 07:59 - 2017-11-14 15:58 - 000000000 ____D C:\Users\administrator.BAKER\AppData\LocalLow\Oracle
2019-10-16 07:59 - 2017-11-14 15:58 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\hsperfdata_Administrator
2019-10-16 07:59 - 2017-11-14 15:58 - 000000000 ____D C:\ProgramData\Sun
2019-10-16 07:59 - 2017-11-14 15:58 - 000000000 ____D C:\ProgramData\Oracle
2019-10-16 07:59 - 2017-11-14 15:53 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Roaming\EFI
2019-10-16 07:59 - 2017-11-14 13:29 - 000000000 ____D C:\Users\administrator.BAKER\Documents\Visual Studio 2015
2019-10-16 07:59 - 2017-11-14 13:29 - 000000000 ____D C:\Users\administrator.BAKER\Documents\SQL Server Management Studio
2019-10-16 07:59 - 2017-11-14 13:29 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\VsHub
2019-10-16 07:59 - 2017-11-14 13:27 - 000000000 ___HD C:\Fiery Driver Updater
2019-10-16 07:59 - 2017-11-14 13:27 - 000000000 ____D C:\ProgramData\efiApps
2019-10-16 07:59 - 2017-11-14 13:18 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\SsmsSetup
2019-10-16 07:59 - 2017-11-14 13:18 - 000000000 ____D C:\ProgramData\VsTelemetry
2019-10-16 07:59 - 2017-11-14 13:18 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-16 07:59 - 2017-11-13 13:39 - 000000000 ____D C:\Users\administrator.BAKER\Downloads\iP-P1v1.0_PS_Driver_Win
2019-10-16 07:59 - 2017-11-13 13:37 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Roaming\Xerox
2019-10-16 07:59 - 2017-10-13 22:46 - 000000000 ____D C:\ProgramData\PDM
2019-10-16 07:59 - 2017-10-13 22:41 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Apps\2.0
2019-10-16 07:59 - 2017-08-30 17:05 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\{B3A7EF23-014E-4877-B72E-9156422F0749}
2019-10-16 07:59 - 2017-08-30 17:05 - 000000000 ____D C:\ProgramData\Sepialine
2019-10-16 07:59 - 2017-08-29 14:09 - 000000000 ____D C:\Argos7Installers
2019-10-16 07:59 - 2017-08-29 13:22 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-10-16 07:59 - 2017-08-29 13:12 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Temp
2019-10-16 07:59 - 2017-08-29 13:09 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Xerox
2019-10-16 07:59 - 2017-07-26 10:12 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Roaming\ClassicShell
2019-10-16 07:59 - 2017-07-26 10:12 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Roaming\Adobe
2019-10-16 07:59 - 2017-07-26 10:12 - 000000000 ____D C:\Users\administrator.BAKER
2019-10-16 07:59 - 2017-06-06 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\LMIDC11.tmp
2019-10-16 07:59 - 2017-06-02 06:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2264_9464
2019-10-16 07:59 - 2017-06-01 20:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2264_31129
2019-10-16 07:59 - 2017-06-01 05:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2264_229
2019-10-16 07:59 - 2017-05-31 19:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2264_3449
2019-10-16 07:59 - 2017-05-31 16:19 - 000000000 ____D C:\ProgramData\LSI
2019-10-16 07:59 - 2017-05-31 14:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\2264_2192
2019-10-16 07:59 - 2017-05-31 13:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2019-10-16 07:59 - 2017-05-31 13:55 - 000000000 ____D C:\ProgramData\ClassicShell
2019-10-16 07:59 - 2017-05-31 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\CR_339BF.tmp
2019-10-16 07:59 - 2017-05-31 13:48 - 000000000 ____D C:\ProgramData\Adobe
2019-10-16 07:59 - 2017-05-31 13:46 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2019-10-16 07:59 - 2017-05-31 13:46 - 000000000 ____D C:\Users\Administrator
2019-10-16 07:59 - 2013-08-22 11:39 - 000000000 __RHD C:\Users\Public\Libraries
2019-10-16 07:59 - 2013-08-22 11:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-16 07:59 - 2013-08-22 11:39 - 000000000 ____D C:\PerfLogs
2019-10-16 07:38 - 2018-08-30 13:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\CWSLogs
2019-10-15 23:00 - 2018-01-17 20:00 - 000257928 _____ C:\Users\administrator.BAKER\AppData\Local\Temp\ArmUI.ini
2019-10-14 23:16 - 2018-01-16 20:56 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-10-14 22:10 - 2017-11-14 13:29 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Local\Temp\VSRemoteSettings
2019-10-14 21:12 - 2017-07-26 10:14 - 000002232 ____H C:\Users\administrator.BAKER\Documents\Default.rdp
2019-10-14 19:34 - 2017-11-14 16:12 - 000000000 ____D C:\Users\administrator.BAKER\AppData\Roaming\CWSLogs
2019-10-10 13:32 - 2017-05-31 13:53 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-10 13:32 - 2017-05-31 13:53 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-10 13:32 - 2017-05-31 13:53 - 000002163 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-08 17:18 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-10-07 19:26 - 2017-05-31 13:52 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-07 19:26 - 2017-05-31 13:52 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-07 19:26 - 2017-05-31 13:52 - 000000000 ____D C:\Program Files (x86)\Google
2019-09-27 10:30 - 2017-06-06 13:45 - 000000964 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2019-09-27 10:30 - 2017-06-06 13:45 - 000000000 ____D C:\Program Files (x86)\LogMeIn
2019-09-27 08:37 - 2017-06-06 13:45 - 000122128 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2019-09-27 08:37 - 2017-06-06 13:45 - 000117488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2019-09-22 08:41 - 2014-03-18 05:54 - 000959052 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-22 08:36 - 2013-08-22 10:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-20 22:39 - 2013-08-22 09:25 - 000008192 ___SH C:\Windows\system32\config\BBI
2019-09-20 11:22 - 2017-12-20 13:55 - 000003380 _____ C:\Windows\system32\Tasks\Onsite_Watchdog
2019-09-20 11:22 - 2017-12-20 13:54 - 000000000 ____D C:\Program Files (x86)\FMAuditOnsite

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-13 02:38
==================== End of FRST.txt ============================
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Sorry for this delay.

If you still need help please advise I will review your logs and reply.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top