Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image problem in Windows 8.1


  • This topic is locked This topic is locked
10 replies to this topic

#1 xklipse

xklipse

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 08 September 2016 - 05:18 PM

I'm not sure what to call this problem as it is a few different things but basically I can't run almost any .exe file.

It all started when the PC wasn't detecting me having any speakers plugged in so I pressed the power button and it said shutting down and the screen when black but the PC wouldn't power down. It seemed to linger on for awhile so I just held down the button to get it to shut off and now I have this problem.

I will get some combination of the following errors...

1. Bad Image
C:\WINDOWS\SYSTEM32\(Program name).dll is either not designed to run on Windows or it contains an error.

2. Windows cannot find 'C:\WINDOWS\system32\(Program name).exe'. Make sure you typed the name correctly, and then try again.

Firefox gives me the Bad Image error then says XPCOM is missing. Internet Explorer tells me 'this app cannot run on your PC' and both do this even in safe mode so the only way I was able to even get on a browser was using TOR. Almost every program I try gives either Bad Image or Windows cannot find.

I've tried just about every solution I've come across on the internet. The most common says to try a sfc scan. Well I can't open command prompt as administrator as that gives me the 'Windows cannot find' error. I struggled my way through all the non-loading services to finally get into a safe boot which did let me do a sfc scan but after verification gets to 2% it gives me an error.

I was also able to run a virus scan with Malwarebytes in safe mode since it wouldn't load up otherwise but it didn't really find anything and has made no difference.

Safe mode only seemed to make a handful of programs start working but even in safe mode the majority of exe files still give me a 'Windows cannot find' error.

 

Here are my FRST scan results.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Owner (administrator) on DX4380-EB35 (08-09-2016 18:10:44)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Mozilla Corporation) C:\Users\Owner\Tor Browser\Browser\firefox.exe
() C:\Users\Owner\Tor Browser\Tor\tor.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2141287361-1273931477-70163697-1001\...\Run: [simplesndvol] => C:\Program Files (x86)\SimpleSndVol\simplesndvol.exe [91648 2011-10-20] (hxxp://winreview.ru)
HKU\S-1-5-21-2141287361-1273931477-70163697-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-2141287361-1273931477-70163697-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-2141287361-1273931477-70163697-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
HKU\S-1-5-21-2141287361-1273931477-70163697-1001\...\Run: [NetBalancer] => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe [1801992 2014-12-12] (SeriousBit)
HKU\S-1-5-21-2141287361-1273931477-70163697-1001\...\MountPoints2: K - "K:\setup.exe"
SSODL: EldosMountNotificator-cbfs4 - {ECDCA612-17A4-4572-8CF7-0C6CB9CCF27A} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {ECDCA612-17A4-4572-8CF7-0C6CB9CCF27A} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {B92E729A-0FFB-4D5D-B339-AB1C78669718} => C:\WINDOWS\system32\cbfsMntNtf4.dll [2012-12-24] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {B92E729A-0FFB-4D5D-B339-AB1C78669718} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll [2012-12-24] (EldoS Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser.lnk [2016-07-24]
ShortcutTarget: Browser.lnk -> C:\Users\Owner\AppData\Roaming\Sync.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B10033BA-9B60-4EEF-9236-98EDF9AC056D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2141287361-1273931477-70163697-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2141287361-1273931477-70163697-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2141287361-1273931477-70163697-1001 -> {81A2C24C-4FB1-4EB0-92E8-6FC7894339A9} URL =

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nw6i4w8p.default-1434331951397
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-25] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Extension: (VKontakte.ru Downloader) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nw6i4w8p.default-1434331951397\extensions\vk@sergeykolosov.mp.xpi [2016-06-21]
FF Extension: (SaveFrom.net - helper) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nw6i4w8p.default-1434331951397\Extensions\helper-sig@savefrom.net.xpi [2016-08-24]
FF Extension: (Video DownloadHelper) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nw6i4w8p.default-1434331951397\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-09]
FF Extension: (Adblock Plus) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nw6i4w8p.default-1434331951397\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

Opera:
=======
OPR Extension: (SaveFrom.net helper) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2016-07-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [268464 2015-06-10] (Adobe Systems Incorporated) [File not signed]
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [207360 2013-08-22] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [92672 2013-08-22] (Microsoft Corporation) [File not signed]
S2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2013-10-08] (AMD) [File not signed]
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] () [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [37888 2013-08-22] () [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [109568 2013-08-22] (Microsoft Corporation) [File not signed]
S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [533504 2013-10-04] (Microsoft Corporation) [File not signed]
S3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1302528 2013-10-10] (Microsoft Corporation) [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations) [File not signed]
S2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [198656 2013-08-22] (Microsoft Corporation) [File not signed]
S2 Audiosrv; C:\Windows\System32\Audiosrv.dll [835072 2013-08-22] (Microsoft Corporation) [File not signed]
S2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [373248 2014-06-25] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [109568 2013-08-30] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [336896 2013-08-22] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [828416 2013-10-12] (Microsoft Corporation) [File not signed]
S3 BITS; C:\Windows\System32\qmgr.dll [1017856 2013-08-22] (Microsoft Corporation) [File not signed]
S4 BMService; C:\Program Files\SoftPerfect Bandwidth Manager\BMCore.exe [7047376 2014-11-24] (SoftPerfect Research) [File not signed]
R2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [261120 2013-09-21] (Microsoft Corporation) [File not signed]
S3 Browser; C:\Windows\System32\browser.dll [134144 2013-08-22] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [92160 2013-08-22] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [155136 2013-08-22] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [129536 2013-08-22] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [761344 2013-08-22] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [449536 2013-08-22] (Microsoft Corporation) [File not signed]
S2 DeviceAssociationService; C:\Windows\system32\das.dll [398848 2013-08-22] (Microsoft Corporation) [File not signed]
S3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [124928 2013-08-22] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [353792 2013-09-11] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [285696 2013-09-11] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [255488 2013-10-08] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [258560 2013-08-22] (Microsoft Corporation) [File not signed]
S2 DPS; C:\Windows\system32\dps.dll [170496 2013-08-22] (Microsoft Corporation) [File not signed]
S3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [201728 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Eaphost; C:\Windows\System32\eapsvc.dll [107008 2013-08-22] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\system32\efssvc.dll [40448 2013-08-22] () [File not signed]
S3 ePowerSvc; C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) [File not signed]
R2 EventLog; C:\Windows\System32\wevtsvc.dll [1669632 2013-08-22] (Microsoft Corporation) [File not signed]
S2 EventSystem; C:\Windows\system32\es.dll [468992 2013-08-22] (Microsoft Corporation) [File not signed]
S2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [329728 2013-08-21] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [655360 2013-08-22] (Microsoft Corporation) [File not signed]
S3 fdPHost; C:\Windows\system32\fdPHost.dll [21504 2013-08-22] () [File not signed]
S3 FDResPub; C:\Windows\system32\fdrespub.dll [33280 2013-08-22] () [File not signed]
S3 fhsvc; C:\Windows\system32\fhsvc.dll [118272 2013-08-22] (Microsoft Corporation) [File not signed]
S2 FontCache; C:\Windows\system32\FntCache.dll [1348608 2013-08-22] (Microsoft Corporation) [File not signed]
S2 gpsvc; C:\Windows\System32\gpsvc.dll [1311744 2013-08-22] (Microsoft Corporation) [File not signed]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-07-22] (Google Inc.) [File not signed]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-07-22] (Google Inc.) [File not signed]
S3 hidserv; C:\Windows\system32\hidserv.dll [32256 2013-08-22] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [29696 2013-08-22] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [97792 2013-08-22] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [261632 2013-08-22] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [405504 2013-08-22] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [321536 2013-08-21] (Microsoft Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2013-10-19] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [1104384 2013-10-12] (Microsoft Corporation) [File not signed]
S2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [903168 2013-10-08] (Microsoft Corporation) [File not signed]
S3 KeyIso; C:\Windows\system32\keyiso.dll [59392 2013-08-22] (Microsoft Corporation) [File not signed]
S3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [357888 2013-08-22] (Microsoft Corporation) [File not signed]
S2 LanmanServer; C:\Windows\system32\srvsvc.dll [324608 2013-08-22] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [284160 2013-08-22] (Microsoft Corporation) [File not signed]
S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [491520 2013-08-31] (Microsoft Corporation) [File not signed]
S3 lfsvc; C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll [357376 2013-08-31] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [269824 2013-08-22] (Microsoft Corporation) [File not signed]
S2 lmhosts; C:\Windows\System32\lmhsvc.dll [24576 2013-08-22] (Microsoft Corporation) [File not signed]
R2 LSM; C:\Windows\System32\lsm.dll [716288 2013-08-22] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [70656 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [114800 2015-01-28] (Mozilla Foundation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [878080 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [142848 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [150528 2013-08-22] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [62464 2013-08-22] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [55808 2013-08-21] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [435200 2013-08-22] (Microsoft Corporation) [File not signed]
S4 NAUpdate; c:\Program Files (x86)\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG) [File not signed]
S3 NcaSvc; C:\Windows\System32\ncasvc.dll [164352 2013-08-22] (Microsoft Corporation) [File not signed]
S3 NcbService; C:\Windows\System32\ncbservice.dll [151040 2013-08-22] (Microsoft Corporation) [File not signed]
S3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [73728 2013-08-22] (Microsoft Corporation) [File not signed]
S2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [128776 2014-12-12] (SeriousBit) [File not signed]
S3 Netlogon; C:\Windows\system32\netlogon.dll [832512 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [688640 2013-08-21] (Microsoft Corporation) [File not signed]
S3 Netman; C:\Windows\System32\netman.dll [254976 2013-08-22] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofmsvc.dll [525312 2013-08-22] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-08-09] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [387584 2013-08-22] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [29184 2013-08-22] (Microsoft Corporation) [File not signed]
S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation) [File not signed]
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation) [File not signed]
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4925184 2010-01-09] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [419328 2013-08-22] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [433664 2013-08-22] (Microsoft Corporation) [File not signed]
S2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
S2 PcaSvc; C:\Windows\System32\pcasvc.dll [471552 2013-09-19] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-22] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1443840 2013-08-22] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1477120 2013-08-21] (Microsoft Corporation) [File not signed]
R3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [124928 2013-08-22] (Microsoft Corporation) [File not signed]
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-07-19] () [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25600 2013-08-22] () [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [419328 2013-08-22] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [403456 2013-08-22] () [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [79360 2013-08-22] (Microsoft Corporation) [File not signed]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2899968 2013-08-22] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [221184 2013-10-10] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [297472 2013-08-22] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [256512 2013-08-21] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [101376 2013-08-22] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [534016 2013-08-22] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [223744 2013-08-22] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [177664 2013-08-21] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [164864 2013-08-22] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [79872 2013-08-22] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2013-08-22] () [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [761344 2013-08-22] (Microsoft Corporation) [File not signed]
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) [File not signed]
S2 SamSs; C:\Windows\system32\lsass.exe [45008 2013-08-22] (Microsoft Corporation) [File not signed]
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [188416 2013-08-22] (Microsoft Corporation) [File not signed]
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [130560 2013-08-22] (Microsoft Corporation) [File not signed]
S2 Schedule; C:\Windows\system32\schedsvc.dll [1212416 2013-08-22] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [155136 2013-08-22] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2013-08-22] (Microsoft Corporation) [File not signed]
S2 SENS; C:\Windows\System32\sens.dll [71680 2013-08-22] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [220672 2013-08-22] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [326656 2013-09-04] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [280576 2013-09-04] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [433664 2013-09-14] (Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [629760 2013-08-22] (Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [564736 2013-08-21] (Microsoft Corporation) [File not signed]
S3 smphost; C:\Windows\System32\smphost.dll [13312 2013-08-22] () [File not signed]
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2013-08-22] (Microsoft Corporation) [File not signed]
S2 Spooler; C:\Windows\System32\spoolsv.exe [798208 2013-08-22] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [6353952 2013-09-12] (Microsoft Corporation) [File not signed]
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [239616 2013-08-22] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [144384 2013-08-22] (Microsoft Corporation) [File not signed]
S2 stisvc; C:\Windows\System32\wiaservc.dll [634368 2013-08-22] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\system32\storsvc.dll [19968 2013-08-22] () [File not signed]
S3 StorSvc; C:\WINDOWS\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation) [File not signed]
S3 svsvc; C:\Windows\system32\svsvc.dll [13312 2013-08-22] () [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [716288 2013-08-22] (Microsoft Corporation) [File not signed]
S2 SysMain; C:\Windows\system32\sysmain.dll [1245696 2013-09-24] (Microsoft Corporation) [File not signed]
R2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [280576 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [147456 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [306688 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [248320 2013-08-21] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [1032704 2013-08-22] (Microsoft Corporation) [File not signed]
S2 Themes; C:\Windows\system32\themeservice.dll [50688 2013-08-22] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [70656 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [245760 2013-08-22] (Microsoft Corporation) [File not signed]
S2 TrkWks; C:\Windows\System32\trkwks.dll [122368 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [98816 2013-08-22] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2013-08-22] () [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [289280 2013-08-22] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\System32\upnphost.dll [436224 2013-08-22] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [307200 2013-08-21] () [File not signed]
S3 VaultSvc; C:\Windows\System32\vaultsvc.dll [248832 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [1283584 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1436160 2013-08-22] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [404480 2013-08-22] () [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1542144 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [453632 2013-09-17] (Microsoft Corporation) [File not signed]
R2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [365568 2013-09-21] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [459776 2013-09-12] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [41984 2013-08-22] () [File not signed]
S3 WcsPlugInService; C:\WINDOWS\SysWOW64\WcsPlugInService.dll [34304 2013-08-21] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [80896 2013-08-21] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [80896 2013-08-21] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [226816 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [198656 2013-08-21] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [215040 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [24576 2013-08-22] () [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [81408 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [100864 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [66048 2013-08-22] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [786432 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [589312 2013-08-21] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [220672 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2479616 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2030080 2013-08-21] (Microsoft Corporation) [File not signed]
R2 WlanSvc; C:\Windows\System32\wlansvc.dll [1503232 2013-09-21] (Microsoft Corporation) [File not signed]
S3 wlidsvc; C:\Windows\system32\wlidsvc.dll [1555456 2013-09-21] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [195072 2013-08-22] (Microsoft Corporation) [File not signed]
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1402368 2013-08-22] (Microsoft Corporation) [File not signed]
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1584128 2013-10-21] () [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2013-08-22] () [File not signed]
S3 WPCSvc; C:\WINDOWS\SysWOW64\wpcsvc.dll [11264 2013-08-21] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [84480 2013-08-22] (Microsoft Corporation) [File not signed]
S2 wscsvc; C:\Windows\System32\wscsvc.dll [133632 2013-08-22] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [844800 2013-08-22] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [657920 2013-08-21] (Microsoft Corporation) [File not signed]
S3 WSService; C:\Windows\System32\WSService.dll [3395920 2013-10-10] (Microsoft Corporation) [File not signed]
S3 wuauserv; C:\Windows\system32\wuaueng.dll [3532288 2013-10-06] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [100352 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [510464 2013-08-22] (Microsoft Corporation) [File not signed]
S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [231424 2013-08-22] (Microsoft Corporation) [File not signed]
R0 3ware; C:\Windows\System32\drivers\3ware.sys [108896 2013-08-22] (LSI) [File not signed]
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [523096 2013-10-08] (Microsoft Corporation) [File not signed]
R0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [79712 2013-08-22] (Microsoft Corporation) [File not signed]
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2013-08-22] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2013-08-22] (Microsoft Corporation) [File not signed]
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2013-08-22] (Microsoft Corporation) [File not signed]
R0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [567296 2013-08-22] (Microsoft Corporation) [File not signed]
R0 agp440; C:\Windows\System32\drivers\agp440.sys [62304 2013-08-22] (Microsoft Corporation) [File not signed]
S1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [76800 2013-08-22] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation) [File not signed]
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [12534784 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [619008 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.) [File not signed]
S3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
R0 amdsata; C:\Windows\System32\drivers\amdsata.sys [79200 2013-08-22] (Advanced Micro Devices) [File not signed]
R0 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259424 2013-08-22] (AMD Technologies Inc.) [File not signed]
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [25952 2013-08-22] (Advanced Micro Devices) [File not signed]
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [79528 2012-07-23] (Advanced Micro Devices) [File not signed]
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [26280 2012-07-23] (Advanced Micro Devices) [File not signed]
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices) [File not signed]
S2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [83456 2013-09-14] (Microsoft Corporation) [File not signed]
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [202592 2012-09-11] (AppEx Networks Corporation) [File not signed]
R0 arcsas; C:\Windows\System32\drivers\arcsas.sys [114016 2013-08-22] (PMC-Sierra, Inc.) [File not signed]
S3 AsyncMac; C:\Windows\system32\DRIVERS\asyncmac.sys [26624 2013-08-22] (Microsoft Corporation) [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [26464 2013-08-22] (Microsoft Corporation) [File not signed]
S3 AthBTPort; C:\Windows\system32\DRIVERS\btath_flt.sys [88728 2012-11-09] (Qualcomm Atheros) [File not signed]
R3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.) [File not signed]
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices) [File not signed]
S3 AVer330USB; C:\Windows\system32\DRIVERS\AVer330USB.sys [1514880 2014-02-20] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation) [File not signed]
R1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [50688 2013-08-22] (Microsoft Corporation) [File not signed]
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [33792 2013-08-22] (Microsoft Corporation) [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [35168 2013-08-22] (Microsoft Corporation) [File not signed]
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [102912 2013-08-22] (Microsoft Corporation) [File not signed]
S3 BTATH_A2DP; C:\Windows\system32\drivers\btath_a2dp.sys [344216 2012-11-09] (Qualcomm Atheros) [File not signed]
S3 btath_avdt; C:\Windows\system32\drivers\btath_avdt.sys [114840 2012-11-09] (Qualcomm Atheros) [File not signed]
R3 BTATH_BUS; C:\Windows\System32\drivers\btath_bus.sys [33944 2012-11-09] (Qualcomm Atheros) [File not signed]
S3 BTATH_HCRP; C:\Windows\System32\drivers\btath_hcrp.sys [178840 2012-11-09] (Qualcomm Atheros) [File not signed]
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros) [File not signed]
S3 BTATH_RCP; C:\Windows\System32\drivers\btath_rcp.sys [135832 2012-11-09] (Qualcomm Atheros) [File not signed]
S3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [576152 2012-11-09] (Qualcomm Atheros) [File not signed]
S3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation) [File not signed]
S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [53248 2013-08-22] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2013-08-22] (Microsoft Corporation) [File not signed]
S3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation) [File not signed]
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [63488 2013-08-22] (Microsoft Corporation) [File not signed]
S3 BthPan; C:\Windows\system32\DRIVERS\bthpan.sys [118272 2013-08-22] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [1200128 2013-08-22] (Microsoft Corporation) [File not signed]
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [77312 2013-08-22] (Microsoft Corporation) [File not signed]
S1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [375640 2012-12-24] (EldoS Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [88576 2013-08-22] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\drivers\cdrom.sys [164352 2013-08-22] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation) [File not signed]
R0 CLFS; C:\Windows\System32\drivers\CLFS.sys [377696 2013-08-22] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25472 2013-08-22] (Microsoft Corporation) [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [564520 2013-08-22] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2013-08-22] (Microsoft Corporation) [File not signed]
R3 condrv; C:\Windows\System32\drivers\condrv.sys [43008 2013-08-22] (Microsoft Corporation) [File not signed]
S1 dam; C:\Windows\System32\drivers\dam.sys [57696 2013-08-22] (Microsoft Corporation) [File not signed]
R1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [134656 2013-08-22] (Microsoft Corporation) [File not signed]
R0 disk; C:\Windows\System32\drivers\disk.sys [100192 2013-08-22] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [14560 2013-08-22] (Microsoft Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-11-26] (DT Soft Ltd) [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [1530200 2013-10-19] (Microsoft Corporation) [File not signed]
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) [File not signed]
S0 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [82784 2013-08-22] (Microsoft Corporation) [File not signed]
R0 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [114016 2013-08-22] (Microsoft Corporation) [File not signed]
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2013-08-22] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [200704 2013-08-22] (Microsoft Corporation) [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [217952 2013-08-22] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2013-08-22] (Microsoft Corporation) [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [79200 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2013-08-22] () [File not signed]
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [25088 2013-08-22] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [358752 2013-08-22] (Microsoft Corporation) [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [56672 2013-08-22] (Microsoft Corporation) [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [579416 2013-09-21] (Microsoft Corporation) [File not signed]
S3 FxPPM; C:\Windows\System32\drivers\fxppm.sys [27136 2013-08-22] (Microsoft Corporation) [File not signed]
R0 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [65888 2013-08-22] (Microsoft Corporation) [File not signed]
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation) [File not signed]
S3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [146272 2013-08-22] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [78336 2013-08-22] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [26624 2013-08-22] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [96768 2013-08-22] (Microsoft Corporation) [File not signed]
S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [41472 2013-08-22] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [33792 2013-08-22] (Microsoft Corporation) [File not signed]
R0 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] (Hewlett-Packard Company) [File not signed]
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [994144 2013-08-22] (Microsoft Corporation) [File not signed]
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24416 2013-08-22] (Microsoft Corporation) [File not signed]
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [13824 2013-08-22] (Microsoft Corporation) [File not signed]
S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [107520 2013-08-22] (Microsoft Corporation) [File not signed]
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) [File not signed]
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) [File not signed]
R0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation) [File not signed]
R0 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412000 2013-08-22] (Intel Corporation) [File not signed]
S3 IntcAzAudAddService; C:\Windows\system32\drivers\RTKVHD64.sys [4083600 2012-07-10] (Realtek Semiconductor Corp.) [File not signed]
R0 intelide; C:\Windows\System32\drivers\intelide.sys [18272 2013-08-22] (Microsoft Corporation) [File not signed]
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\Windows\System32\drivers\intelppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [84992 2013-08-22] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [79360 2013-08-22] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [141824 2013-09-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2013-08-22] () [File not signed]
R0 isapnp; C:\Windows\System32\drivers\isapnp.sys [21856 2013-08-22] (Microsoft Corporation) [File not signed]
S3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [274784 2013-08-22] (Microsoft Corporation) [File not signed]
R3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [58208 2013-08-22] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [32256 2013-08-22] (Microsoft Corporation) [File not signed]
R3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [19456 2013-08-22] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [101208 2013-09-21] (Microsoft Corporation) [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [192864 2013-08-22] (Microsoft Corporation) [File not signed]
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21248 2013-08-22] (Microsoft Corporation) [File not signed]
S2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [59392 2013-08-22] (Microsoft Corporation) [File not signed]
R0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [109408 2013-08-22] (LSI Corporation) [File not signed]
R0 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [93536 2013-08-22] (LSI Corporation) [File not signed]
R0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) [File not signed]
R0 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82784 2013-08-22] (LSI Corporation) [File not signed]
S2 luafv; C:\Windows\system32\drivers\luafv.sys [123904 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2016-09-08] (Malwarebytes Corporation) [File not signed]
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) [File not signed]
R0 megasas; C:\Windows\System32\drivers\megasas.sys [56672 2013-08-22] (LSI Corporation) [File not signed]
R0 megasr; C:\Windows\System32\drivers\megasr.sys [575840 2013-08-22] (LSI Corporation, Inc.) [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation) [File not signed]
S3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed]
R3 mouclass; C:\Windows\System32\drivers\mouclass.sys [51040 2013-08-22] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\drivers\mouhid.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [101728 2013-08-22] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74240 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140288 2013-08-22] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [404992 2013-09-21] (Microsoft Corporation) [File not signed]
R2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [283648 2013-08-22] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [207360 2013-09-21] (Microsoft Corporation) [File not signed]
S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [115712 2013-08-22] (Microsoft Corporation) [File not signed]
S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [41824 2013-08-22] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2013-08-22] () [File not signed]
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [9728 2013-08-22] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17248 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [10624 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [66560 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7040 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6784 2013-08-22] (Microsoft Corporation) [File not signed]
R1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [37728 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [7936 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [13312 2013-08-22] (Microsoft Corporation) [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [78688 2013-08-22] (Microsoft Corporation) [File not signed]
R0 mvumis; C:\Windows\System32\drivers\mvumis.sys [63840 2013-08-22] (Marvell Semiconductor, Inc.) [File not signed]
R2 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [442368 2013-09-11] (Microsoft Corporation) [File not signed]
R1 nbdrv; C:\Windows\system32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit) [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [1119576 2013-09-21] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [43008 2013-08-22] (Microsoft Corporation) [File not signed]
S3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation) [File not signed]
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation) [File not signed]
S3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [24576 2013-08-22] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [60416 2013-08-22] (Microsoft Corporation) [File not signed]
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) [File not signed]
S3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation) [File not signed]
S3 NdisWanLegacy; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation) [File not signed]
S2 Ndu; C:\Windows\System32\drivers\Ndu.sys [103424 2013-08-22] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [48128 2013-08-22] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [282624 2013-08-22] (Microsoft Corporation) [File not signed]
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) [File not signed]
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23040 2013-08-22] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [39936 2013-08-22] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2013-08-22] (Microsoft Corporation) [File not signed]
R0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2013-08-22] (NVIDIA Corporation) [File not signed]
R0 nvstor; C:\Windows\System32\drivers\nvstor.sys [168288 2013-08-22] (NVIDIA Corporation) [File not signed]
R0 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [124768 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\System32\drivers\parport.sys [94208 2013-08-22] (Microsoft Corporation) [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [88928 2013-08-22] (Microsoft Corporation) [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [285536 2013-08-22] (Microsoft Corporation) [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [14688 2013-08-22] (Microsoft Corporation) [File not signed]
R0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [114528 2013-08-22] (Microsoft Corporation) [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50016 2013-08-22] (Microsoft Corporation) [File not signed]
R0 pdc; C:\Windows\System32\drivers\pdc.sys [86872 2013-09-21] (Microsoft Corporation) [File not signed]
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663040 2013-08-22] (Microsoft Corporation) [File not signed]
S3 PptpMiniport; C:\Windows\system32\DRIVERS\raspptp.sys [107520 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [151552 2013-08-22] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [47104 2013-08-22] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2013-08-22] (Microsoft Corporation) [File not signed]
S3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [97280 2013-09-21] (Microsoft Corporation) [File not signed]
S3 Rasl2tp; C:\Windows\system32\DRIVERS\rasl2tp.sys [120832 2013-08-22] (Microsoft Corporation) [File not signed]
S3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [84992 2013-08-22] (Microsoft Corporation) [File not signed]
S3 RasSstp; C:\Windows\system32\DRIVERS\rassstp.sys [96256 2013-08-22] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [408576 2013-08-22] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [195584 2013-08-22] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [27488 2013-08-22] (Microsoft Corporation) [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [258904 2013-10-12] (Microsoft Corporation) [File not signed]
S3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [167424 2013-09-11] (Microsoft Corporation) [File not signed]
S2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [80384 2013-08-22] (Microsoft Corporation) [File not signed]
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [259144 2013-02-28] (Realtek Semiconductor Corp.) [File not signed]
S2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows ® Codename Longhorn DDK provider) [File not signed]
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Realtek                                            ) [File not signed]
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation) [File not signed]
R0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107872 2013-08-22] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [40960 2013-08-22] () [File not signed]
R3 sdbus; C:\Windows\System32\drivers\sdbus.sys [236376 2013-09-21] (Microsoft Corporation) [File not signed]
R3 sdstor; C:\Windows\System32\drivers\sdstor.sys [78688 2013-08-22] (Microsoft Corporation) [File not signed]
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [69472 2013-08-22] (Microsoft Corporation) [File not signed]
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\System32\drivers\serial.sys [83456 2013-08-22] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2013-08-22] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [17408 2013-08-22] (Microsoft Corporation) [File not signed]
R0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Silicon Integrated Systems Corp.) [File not signed]
R0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2013-08-22] (Silicon Integrated Systems) [File not signed]
R0 spaceport; C:\Windows\System32\drivers\spaceport.sys [371032 2013-10-05] (Microsoft Corporation) [File not signed]
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [72032 2013-08-22] (Microsoft Corporation) [File not signed]
R1 spfdrv; C:\Windows\system32\DRIVERS\spfdrv.sys [41464 2014-10-28] (SoftPerfect) [File not signed]
S2 srv; C:\Windows\System32\DRIVERS\srv.sys [454656 2013-10-05] (Microsoft Corporation) [File not signed]
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [675328 2013-09-21] (Microsoft Corporation) [File not signed]
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [244224 2013-09-11] (Microsoft Corporation) [File not signed]
R0 stexstor; C:\Windows\System32\drivers\stexstor.sys [31072 2013-08-22] (Promise Technology, Inc.) [File not signed]
R0 storahci; C:\Windows\System32\drivers\storahci.sys [107872 2013-08-22] (Microsoft Corporation) [File not signed]
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [49984 2013-08-22] (Microsoft Corporation) [File not signed]
R0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) [File not signed]
R0 storvsc; C:\Windows\System32\drivers\storvsc.sys [45888 2013-08-22] (Microsoft Corporation) [File not signed]
R3 swenum; C:\Windows\System32\drivers\swenum.sys [14176 2013-08-22] (Microsoft Corporation) [File not signed]
R3 tap0901_openvpn_accl; C:\Windows\system32\DRIVERS\tap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project) [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2551640 2013-10-08] (Microsoft Corporation) [File not signed]
S3 TCPIP6; C:\Windows\system32\DRIVERS\tcpip.sys [2551640 2013-10-08] (Microsoft Corporation) [File not signed]
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [48640 2013-08-22] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [107520 2013-08-22] (Microsoft Corporation) [File not signed]
S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [37216 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TPM; C:\Windows\system32\drivers\tpm.sys [159584 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56320 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [29696 2013-08-22] (Microsoft Corporation) [File not signed]
S3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2013-08-22] (Microsoft Corporation) [File not signed]
R0 uagp35; C:\Windows\System32\drivers\uagp35.sys [64864 2013-08-22] (Microsoft Corporation) [File not signed]
R3 UASPStor; C:\Windows\System32\drivers\uaspstor.sys [74080 2013-08-22] (Microsoft Corporation) [File not signed]
R3 UCX01000; C:\Windows\System32\drivers\ucx01000.sys [189792 2013-08-22] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316928 2013-08-22] (Microsoft Corporation) [File not signed]
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) [File not signed]
R0 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [65888 2013-08-22] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\drivers\umbus.sys [46080 2013-08-22] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2013-08-22] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [121088 2013-08-22] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\drivers\usbccgp.sys [155480 2013-10-23] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [98304 2013-08-22] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\drivers\usbehci.sys [89952 2013-08-22] (Microsoft Corporation) [File not signed]
R3 usbfilter; C:\Windows\system32\DRIVERS\usbfilter.sys [57512 2012-07-02] (Advanced Micro Devices) [File not signed]
R3 usbhub; C:\Windows\System32\drivers\usbhub.sys [422240 2013-08-22] (Microsoft Corporation) [File not signed]
R3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [467800 2013-09-17] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\system32\DRIVERS\usbscan.sys [44544 2013-08-22] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [142688 2013-08-22] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [34816 2013-08-22] (Microsoft Corporation) [File not signed]
R3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [325464 2013-09-11] (Microsoft Corporation) [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [37728 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VerifierExt; C:\Windows\System32\drivers\VerifierExt.sys [175960 2013-09-14] (Microsoft Corporation) [File not signed]
S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [551776 2013-08-22] (Microsoft Corporation) [File not signed]
R0 viaide; C:\Windows\System32\drivers\viaide.sys [19808 2013-08-22] (VIA Technologies, Inc.) [File not signed]
R0 vmbus; C:\Windows\System32\drivers\vmbus.sys [97088 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation) [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [73568 2013-08-22] (Microsoft Corporation) [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [377696 2013-08-22] (Microsoft Corporation) [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [312160 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vpci; C:\Windows\System32\drivers\vpci.sys [69472 2013-08-22] (Microsoft Corporation) [File not signed]
S3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18776 2012-12-24] (EldoS Corporation) [File not signed]
R0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIA Technologies Inc.,Ltd) [File not signed]
R0 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305504 2013-08-22] (VIA Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2013-08-22] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [71680 2013-08-22] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [36864 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Wanarp; C:\Windows\system32\DRIVERS\wanarp.sys [79872 2013-08-22] (Microsoft Corporation) [File not signed]
S1 Wanarpv6; C:\Windows\system32\DRIVERS\wanarp.sys [79872 2013-08-22] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [839488 2013-08-22] (Microsoft Corporation) [File not signed]
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) [File not signed]
R0 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [136536 2013-10-12] (Microsoft Corporation) [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [33632 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [78848 2013-08-22] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [16384 2013-08-22] (Microsoft Corporation) [File not signed]
S3 wpcfltr; C:\Windows\System32\DRIVERS\wpcfltr.sys [54304 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [26976 2013-08-22] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2013-08-22] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [117760 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) [File not signed]
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation) [File not signed]
S3 cpuz136; \??\C:\Users\Owner\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 NLNdisMP; \SystemRoot\system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; \SystemRoot\system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 19:09 - 2016-09-08 19:09 - 00000000 _____ C:\Recovery.txt
2016-09-08 17:47 - 2016-09-08 17:48 - 00038211 _____ C:\Users\Owner\Downloads\Addition.txt
2016-09-08 17:46 - 2016-09-08 18:10 - 00066914 _____ C:\Users\Owner\Downloads\FRST.txt
2016-09-08 17:40 - 2016-09-08 17:46 - 00000000 ____D C:\FRST
2016-09-08 17:36 - 2016-09-08 17:36 - 00001761 _____ C:\Users\Owner\Desktop\virus.txt
2016-09-08 17:29 - 2016-09-08 17:30 - 02397696 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-09-08 16:38 - 2016-09-08 16:38 - 00000000 ____D C:\CAT-Logs
2016-09-08 15:10 - 2016-09-08 17:38 - 00541694 _____ C:\WINDOWS\ntbtlog.txt
2016-09-08 14:45 - 2016-09-08 14:45 - 01242562 _____ C:\Users\Owner\Downloads\CAT.exe
2016-09-04 13:36 - 2016-09-04 13:37 - 00000000 ____D C:\Users\Owner\Desktop\My Voice
2016-09-04 12:52 - 2016-09-04 12:52 - 00000000 ____D C:\Users\Owner\Downloads\MAXON Cinema 4D R16 (keygen - MUS3) [ChingLiu]
2016-09-03 15:40 - 2016-09-03 15:40 - 00232448 _____ C:\Users\Owner\Downloads\Slayer - Blood Red [HQ] (With Lyrics).mp3.sfk
2016-09-03 15:18 - 2016-09-03 15:18 - 00072944 _____ C:\Users\Owner\Downloads\prime.zip
2016-09-03 15:18 - 2016-09-03 15:18 - 00040793 _____ C:\Users\Owner\Downloads\gidole.zip
2016-09-03 14:53 - 2016-09-03 14:53 - 00085182 _____ C:\Users\Owner\Downloads\SIMPLIFICA.zip
2016-09-03 12:27 - 2016-09-03 12:28 - 02007128 _____ C:\Users\Owner\Downloads\German.rar
2016-09-03 12:11 - 2016-09-03 12:15 - 19297196 _____ C:\Users\Owner\Downloads\Wermacht.rar
2016-09-02 19:35 - 2016-09-03 21:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-08-31 13:26 - 2016-08-31 13:26 - 01761488 _____ C:\Users\Owner\Downloads\Chipmunks - You Spin Me Right Round.mp3.sfk
2016-08-26 08:05 - 2016-08-26 08:06 - 01118499 _____ C:\Users\Owner\Downloads\vince.wma
2016-08-25 11:04 - 2016-08-25 11:28 - 00000000 ____D C:\Program Files\Recuva
2016-08-25 11:04 - 2016-08-25 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-08-25 11:01 - 2016-08-25 11:03 - 05473600 _____ (Piriform Ltd) C:\Users\Owner\Downloads\rcsetup153.exe
2016-08-24 03:50 - 2016-08-24 03:58 - 19352502 _____ C:\Users\Owner\Downloads\Bfxr_WIN.zip
2016-08-23 21:15 - 2016-08-23 21:28 - 00429512 _____ C:\Users\Owner\Downloads\Godsmack Awake With Lyrics! (Explicit) HD.mp3.sfk
2016-08-22 07:40 - 2016-08-22 07:42 - 93281093 _____ C:\Users\Owner\Downloads\After Effects Tutorial - Turn Footage into 3D Particles.webm
2016-08-22 06:38 - 2016-08-22 06:40 - 19191596 _____ C:\Users\Owner\Downloads\Saber   Element 3D V2 Tutorial - Combining SABER with Video Copilot E3D Text Layers - Sean Frangella.webm
2016-08-22 05:04 - 2016-09-04 12:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-08-20 13:33 - 2016-08-20 13:33 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-08-19 06:20 - 2016-08-19 06:20 - 00249544 _____ C:\Users\Owner\Downloads\Van Halen - On Fire.mp3.sfk
2016-08-09 02:40 - 2016-08-09 02:51 - 25370289 _____ C:\Users\Owner\Downloads\Pokemon FireRed_ Claarff Face-off - PART 118 - Game Grumps.3gp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 17:43 - 2013-10-27 16:57 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-08 17:43 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-08 17:37 - 2013-10-27 16:45 - 00000000 ____D C:\Users\Owner
2016-09-08 17:37 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-08 17:35 - 2015-06-25 23:35 - 00000378 _____ C:\WINDOWS\Tasks\BreakfastBunny.job
2016-09-08 17:35 - 2015-06-12 23:35 - 00000348 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job
2016-09-08 17:07 - 2014-12-16 03:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-08 16:48 - 2013-10-27 12:56 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2141287361-1273931477-70163697-1001
2016-09-08 16:44 - 2016-07-22 05:21 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-08 16:43 - 2016-07-22 05:21 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-08 16:33 - 2015-06-14 21:18 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-08 16:22 - 2013-11-27 17:41 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-09-08 15:26 - 2015-07-24 22:16 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Folder
2016-09-08 14:05 - 2013-10-30 14:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2016-09-08 13:55 - 2013-11-01 21:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-09-08 13:50 - 2013-10-27 12:52 - 00000000 ____D C:\Users\Owner\Documents\Bluetooth Folder
2016-09-08 13:46 - 2013-08-22 10:44 - 04855936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-06 22:41 - 2013-10-31 17:04 - 00000000 ____D C:\Users\Owner\Desktop\My Music
2016-09-06 21:46 - 2015-09-22 20:02 - 00000000 ____D C:\Users\Owner\Desktop\To Youtube
2016-09-06 20:48 - 2014-06-23 15:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity
2016-09-06 03:30 - 2015-02-03 20:54 - 00000000 ____D C:\Users\Owner\Desktop\Photoshop
2016-09-06 03:30 - 2014-12-27 19:53 - 00000132 _____ C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-04 19:44 - 2013-12-15 15:14 - 00000000 ____D C:\Users\Owner\Documents\Cubase Projects
2016-09-04 19:29 - 2015-06-24 12:17 - 00000000 ___RD C:\Users\Owner\dwhelper3
2016-09-04 13:40 - 2014-06-28 07:01 - 00000000 ____D C:\Users\Owner\Desktop\Games
2016-09-04 13:33 - 2014-07-05 12:48 - 00000000 ____D C:\Users\Owner\Desktop\stuff
2016-09-03 13:14 - 2016-04-27 17:32 - 00000953 _____ C:\Users\Owner\Desktop\MeshLab.lnk
2016-09-03 13:14 - 2015-06-17 12:23 - 00000887 _____ C:\Users\Owner\Desktop\Handbrake.lnk
2016-09-02 19:58 - 2016-07-25 04:57 - 00000000 ____D C:\Users\Owner\Documents\VideoCopilot
2016-09-02 19:27 - 2016-02-27 22:29 - 00001249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2016-09-02 19:15 - 2016-04-10 21:51 - 00001565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-09-02 19:15 - 2016-04-10 21:51 - 00001553 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-09-02 19:15 - 2016-04-10 21:51 - 00001553 _____ C:\ProgramData\Desktop\Adobe Application Manager.lnk
2016-08-23 21:11 - 2013-03-04 05:11 - 00000000 ____D C:\ProgramData\Temp
2016-08-20 13:33 - 2015-01-22 01:14 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-10 01:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2014-07-31 02:37 - 2014-07-29 14:37 - 0000044 ____H () C:\Program Files (x86)\888fd8a7.tmp
2014-12-27 19:53 - 2016-09-06 03:30 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-24 21:10 - 2016-05-01 20:57 - 0065617 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
2016-04-24 21:10 - 2016-05-01 20:57 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
2016-04-24 21:10 - 2016-05-01 20:57 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
2016-04-24 21:10 - 2016-05-01 20:57 - 0004552 _____ () C:\Users\Owner\AppData\Roaming\CamStudio.cfg
2016-07-24 08:11 - 2016-06-25 16:05 - 0564224 ___SH () C:\Users\Owner\AppData\Roaming\Sync.exe
2016-04-24 21:08 - 2016-05-01 20:52 - 0000096 _____ () C:\Users\Owner\AppData\Roaming\version2.xml
2015-08-18 03:50 - 2015-08-18 05:51 - 0004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-27 22:43 - 2015-06-27 02:01 - 0007603 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2015-06-14 21:13 - 2015-06-14 21:13 - 0000000 _____ () C:\Users\Owner\AppData\Local\Temp.dat

Files to move or delete:
====================
C:\Users\Owner\VideoEnhancerSetup.exe


Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\5dacdf0e-3991-4f32-820f-83acdbabd7d7.exe
C:\Users\Owner\AppData\Local\Temp\aae.exe
C:\Users\Owner\AppData\Local\Temp\COMAP.EXE
C:\Users\Owner\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_FreeScreenVideoRecorder.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_FreeYouTubeDownload.exe
C:\Users\Owner\AppData\Local\Temp\nsq410A.tmp.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\ose00001.exe
C:\Users\Owner\AppData\Local\Temp\PlaySound.dll
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\safeguard.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\SRLDetectionLibrary1958211946284465724.dll
C:\Users\Owner\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\wininit.exe => MD5 is legit
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\SysWOW64\explorer.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\SysWOW64\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\SysWOW64\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\SysWOW64\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2016-09-08 13:44

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 09 September 2016 - 08:00 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

2.

Please post the Addition.txt that was produced by FRST.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 xklipse

xklipse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 09 September 2016 - 10:11 AM

Hi and thank you for the help

 

Getting AdwCleaner to run was problematic. I got about 15 pop ups in a row saying C:\WINDOWS\SYSTEM32\schannel.dll is either designed to not run on Windows or it contains an error.

 

Running the program in safe mode only gave me one .dll error when starting it up but while running the scan I got a few more saying the same thing about a PlayTo.dll. I'm not sure if that will effect the results or not.

 

# AdwCleaner v6.010 - Logfile created 09/09/2016 at 11:01:07
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-24.2 [Local]
# Operating System : Windows 8.1  (X64)
# Username : Administrator - DX4380-EB35
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{214E251B-BF42-BF18-588C-42DA92658DB4}


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1125 Bytes] - [09/09/2016 11:01:07]
C:\AdwCleaner\AdwCleaner[R0].txt - [2948 Bytes] - [28/07/2015 17:28:00]
C:\AdwCleaner\AdwCleaner[R1].txt - [952 Bytes] - [08/09/2016 20:56:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [2516 Bytes] - [28/07/2015 17:29:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [1017 Bytes] - [08/09/2016 20:58:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [1754 Bytes] - [09/09/2016 10:56:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1562 Bytes] ##########

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 09 September 2016 - 06:08 PM

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 
 
 
Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
 
 
How is the computer running after all of this?

Edited by fireman4it, 09 September 2016 - 06:08 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 xklipse

xklipse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 09 September 2016 - 07:59 PM

After running Malwarebytes and restarting I get a pop up error as soon as I get to the desktop saying 'windows cannot find WINSTA.dll', not sure if that causes any problems with the scan.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-09-09
Scan Time: 8:28 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.09.10
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359560
Time Elapsed: 16 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.InstallCore, C:\Users\Owner\AppData\Local\Temp\ICReinstall_FreeScreenVideoRecorder.exe, Quarantined, [d549442c5d3d4ee8848cfbe0cb360af6],
PUP.Optional.InstallCore, C:\Users\Owner\Downloads\FreeScreenVideoRecorder.exe, Quarantined, [8f8f8fe1faa05adc4ec26972629f2fd1],
PUP.Optional.Bundler, C:\Users\Owner\Downloads\dvrsetup.exe, Quarantined, [4fcf89e7e6b4f640a60d4a0f81814cb4],

Physical Sectors: 0
(No malicious items detected)


(end)



#6 xklipse

xklipse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 09 September 2016 - 08:37 PM

I am unable to run Windows Repair All-In-One

It first checks that the files haven't been corrupted which goes fine then the next window says Main Form Initializing, Loading Controls... and just sits at 5% no matter how long I wait. In safe mode it still just sits at 5%, the program isn't froze as I can hover over the X button which moves around, it just seems to stall out at 5%.



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 10 September 2016 - 01:59 PM

Try it again. It may take along time for it to work.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 xklipse

xklipse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 10 September 2016 - 03:20 PM

I have left it going for the past few hours, hasn't moved past 5% of Loading Controls. I haven't actually gotten to the program itself yet.



#9 xklipse

xklipse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 13 September 2016 - 01:22 PM

Any update? I am unable to run that program Windows Repair.



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 16 September 2016 - 06:48 AM

Did you also try this in Safemode?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:25 AM

Posted 29 September 2016 - 07:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users