Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop acting strange and connection is slow


  • This topic is locked This topic is locked
10 replies to this topic

#1 lokomo

lokomo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 29 January 2017 - 08:46 PM

My pc is slow and acting strange..lots of pop up and cmd opening and closing...scanned with malware anti byte and lots of various antivirus but all returned with no results....denied admin access when i try to install av..Pls help..thanks

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01
Ran by Administrator (administrator) on DESKTOP-7GD2IUU (29-01-2017 12:57:45)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: jj & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946600 2015-10-16] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35576 2015-10-08] (Alienware)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-08-19] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-08-23] (Realtek Semiconductor)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3746560 2015-04-03] (Compal Inc.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1131008 2015-08-20] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.17.5.68 172.17.5.36
Tcpip\..\Interfaces\{9795f2bc-7e80-425e-908d-87ea6f2dbb08}: [DhcpNameServer] 172.17.5.68 172.17.5.36
 
Internet Explorer:
==================
HKU\S-1-5-21-3206455301-1028567036-3064878794-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-3206455301-1028567036-3064878794-500 -> DefaultScope {7F6AE55E-6CBE-47D9-A915-3A06AAA16936} URL = 
SearchScopes: HKU\S-1-5-21-3206455301-1028567036-3064878794-500 -> {7F6AE55E-6CBE-47D9-A915-3A06AAA16936} URL = 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-12] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-12] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-12] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-01-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-01-29] (Google Inc.)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318200 2015-07-01] (Windows ® Win 7 DDK provider)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [608664 2015-09-30] ()
S2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-29] (Creative Technology Ltd) [File not signed]
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [133640 2015-10-23] (Creative Technology Ltd)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [153328 2015-06-16] (Dell Inc.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2015-12-08] (Dell)
S2 Dell Product Registration; C:\Program Files\Alienware\Product Registration\PRSvc.exe [32104 2015-12-06] (Dell)
S2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-08] (Intel Corporation)
S2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [36112 2015-07-24] (Alienware)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-22] (McAfee, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-08-19] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [368552 2015-09-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-02] (iolo technologies, LLC)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-19] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [452096 2015-09-17] (Rivet Networks) [File not signed]
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-12] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [379896 2015-07-04] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-22] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
S3 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-18] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-22] (McAfee, Inc.)
S3 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-22] (McAfee, Inc.)
S3 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-30] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-16] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-30] (McAfee, Inc.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-10-16] (Synaptics Incorporated)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1723048 2015-06-11] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [142904 2015-09-17] (Rivet Networks, LLC.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-03] (McAfee, Inc.)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-09] (OSR Open Systems Resources, Inc.)
S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-13] (Intel Corporation)
S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel Corporation)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [36424 2015-07-14] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [33864 2015-07-14] ()
S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel Corporation)
R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [41472 2015-11-20] (Intel® Corporation)
S3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [5759240 2015-09-30] (Intel Corporation)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-03] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-03] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-03] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [529080 2015-06-29] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-03] (McAfee, Inc.)
S3 nhi; C:\Windows\System32\drivers\tbt81x.sys [122896 2015-06-26] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-05-30] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2015-10-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42600 2015-10-16] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [114976 2015-01-22] (Intel Corporation)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
C:\Windows\System32\drivers\ACPI.sys 6B6C39AB2CD7BEB6CFF624522E5449DE
C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
C:\Windows\system32\drivers\afd.sys F71FCE3C16F5B15FDD84580AA067C749
C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
C:\Windows\System32\drivers\appid.sys 2BBD3A492B93C7E669D01EE88977D7DE
C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
C:\Windows\system32\DRIVERS\bwcW10x64.sys 167B8B76B2A6C7E057D7C570884226B9
C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
C:\Windows\System32\drivers\BthEnum.sys 7F2165B51C19A5F59BCA94E0A1B1E0D3
C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
C:\Windows\system32\DRIVERS\BthLEEnum.sys C4D7018C3F40BA9448E470EE10EF0CA4
C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
C:\Windows\System32\drivers\bthpan.sys 09C3DB1B137B269A822F941D867A6BB6
C:\Windows\system32\DRIVERS\BTHport.sys 6D75ECFB3891B61B81225F36A0C408B8
C:\Windows\system32\DRIVERS\BTHUSB.sys F001B81D47CEBF96E60CE971FFCC45C4
C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
C:\Windows\System32\drivers\capimg.sys 72F5000354C73B0603F4B7D32371DA61
C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
C:\Windows\System32\drivers\cfwids.sys 4ECA59628D074CF45633EC7A3D7954D3
C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
C:\Windows\System32\Drivers\cng.sys 9F2AE73C6D42BA8573F8BF5E6860D5B8
C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
C:\Windows\System32\drivers\DellRbtn.sys 2F5EB7375FC3D9DBB81BDFFE2BCCB9D0
C:\Windows\System32\Drivers\dfsc.sys C9478D7DB7BE5D7ACE65CB1167F07320
C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
C:\Windows\System32\drivers\dptf_acpi.sys 4E918F6A259A489648420B7A42F3B20F
C:\Windows\System32\drivers\dptf_cpu.sys C1283B0BEE35F9AF3511E0EBA71F311C
C:\Windows\system32\DRIVERS\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
C:\Windows\System32\drivers\dxgkrnl.sys A2512BC5F2ABD84D8B3CB0D76ADB749A
C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
C:\Windows\System32\drivers\EMSC.SYS F004CC2B534F0020DCBC9C708799F9B3
C:\Windows\SysWOW64\drivers\EMSC.SYS 397F5485AEBEB5A2088276D93686B9C7
C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
C:\Windows\system32\DRIVERS\esif_lf.sys 99984B5D3378F8236F3A85E51ACEDD16
C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
C:\Windows\System32\Drivers\fastfat.sys 03DE0EC072C5EBD5B018CAD83F1E522A
C:\Windows\System32\drivers\fcvsc.sys 2C003DA244EDF9BC3FD058DCB3422798
C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
C:\Windows\System32\drivers\filecrypt.sys 8F12AB59336143B680F71B217B495AD2
C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
C:\Windows\System32\DRIVERS\fvevol.sys 421497634C86EF4B8F86D0EBC076728F
C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
C:\Windows\system32\DRIVERS\HdAudio.sys 0F93EBE9071A6BB1548BF0F816EEA24B
C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
C:\Windows\System32\drivers\HTTP.sys A403DAE4B083EB96BC6CEDB47639B4F8
C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
C:\Windows\System32\drivers\iagpioe.sys CC30EA1A79DA077BE22453FA55A6543D
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorA.sys 7C5A1AE18F31C29804AD2D37FFBE9BFE
C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
C:\Windows\system32\DRIVERS\igdkmd64lp.sys 89E5BF77855A7B1689F602035A5C695A
C:\Windows\system32\drivers\RTKVHD64.sys 62AA58B1B5F264ED226F741087AB443E
C:\Windows\system32\DRIVERS\IntcDAud.sys B1679D907958C3F62EFDAA8BF1093209
C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
C:\Windows\System32\Drivers\ksecpkg.sys 903E6E28309F1566E58BCBD43F46C010
C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3
C:\Windows\System32\drivers\TeeDriverW8x64.sys 6ECDA51525C123C55ABC470F2144F925
C:\Windows\System32\drivers\mfeaack.sys B57322E3BC44A1F0A9C97B68A9EFF495
C:\Windows\System32\drivers\mfeavfk.sys 2BD453B97EF1B1DB5AA195A261F926F8
C:\Windows\System32\drivers\mfeelamk.sys D1780DF54D9DB0DF6801F8657D5F0A14
C:\Windows\System32\drivers\mfefirek.sys 9F9BC4DBB610F1AD600F619416A6144D
C:\Windows\System32\drivers\mfehidk.sys B98911F49EA2F83A9079315846BE1E53
C:\Windows\system32\DRIVERS\mfencbdc.sys 759ABC713BCA60F5508FC1455046670D
C:\Windows\system32\DRIVERS\mfencrk.sys 3924A68351C527CCB1AEF2DF486F0C35
C:\Windows\System32\drivers\mfewfpk.sys 34CA0FA858BC45FA83247AAD4976CCE7
C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E
C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C
C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA
C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D
C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF
C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64
C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C
C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA
C:\Windows\system32\drivers\mrxdav.sys 37C9EC0398BFC22C616711E41AE157D5
C:\Windows\System32\DRIVERS\mrxsmb.sys 61F9F27A8C3D7BCD287FE98A440421CE
C:\Windows\System32\DRIVERS\mrxsmb10.sys CCAD845F4D21D0E0E0468205EE865473
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC
C:\Windows\System32\drivers\bridge.sys A934DF064C503A31683DD7EECDBD327A
C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F
C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F
C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC
C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432
C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C
C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2
C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334
C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526
C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683
C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8
C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF
C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC
C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083
C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F
C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B
C:\Windows\System32\DRIVERS\nwifi.sys 536A0806CE2061A2157E65D4D8ABF30C
C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F
C:\Windows\System32\drivers\ndis.sys AFAECF904F1C343EBD50F91BC8D0DBE8
C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008
C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92
C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC
C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA
C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984
C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE
C:\Windows\System32\drivers\Ndu.sys D358DF634F52247CB43F0781218F4D6E
C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4
C:\Windows\System32\DRIVERS\netbt.sys F51C02D992A8D6BC5EC4D990F227D4C7
C:\Windows\System32\drivers\tbt81x.sys C9B3FA6BEEBF71D7328A2EED4F92928D
C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1
C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797
C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC
C:\Windows\System32\Drivers\NTFS.sys F6A2D0EC594A1039B0F9D42BB8EC0BD3
C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE
C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF
C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107
C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1
C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C
C:\Windows\System32\drivers\partmgr.sys 24AC0FD10325FBC2303B29A5F237AEB0
C:\Windows\System32\drivers\pci.sys 1D4E995955BDAE781C46CB97AE1CFB58
C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F
C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB
C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229
C:\Windows\System32\drivers\pdc.sys 48F3A3222CF340FE31535CB6D49C6D6F
C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A
C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF
C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED
C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17
C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5
C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806
C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021
C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D
C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289
C:\Windows\System32\drivers\rasl2tp.sys 381B8F2311A0375676B635EA5E7C8AB0
C:\Windows\System32\DRIVERS\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922
C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29
C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9
C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0
C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010
C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F
C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837
C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490
C:\Windows\System32\drivers\rfcomm.sys 60BFD9EE962C87747A0EB648634281ED
C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059
C:\Windows\System32\drivers\rt640x64.sys FBEFF38DE03450E03E6CD9E8E37A8C74
C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509
C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD
C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D
C:\Windows\System32\drivers\sdbus.sys E1137E39C3BB3EF9AF2243745D901D60
C:\Windows\System32\drivers\sdstor.sys 6A7F720BB322F8471FB40F42DD201290
C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35
C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824
C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C
C:\Windows\System32\drivers\serial.sys 88D58E1DAA6C5062DD3A26273106961F
C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6
C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251
C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23
C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98
C:\Windows\System32\drivers\Smb_driver_AMDASF.sys 832D3C483EF43D9ED5DA4499DF24CE7F
C:\Windows\System32\drivers\Smb_driver_Intel.sys 4C51055DA5FF23500EA6FE587EBE26E6
C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583
C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71
C:\Windows\System32\DRIVERS\srv.sys ACC1709EC7FE6EB8999DBC91C50C2B34
C:\Windows\System32\DRIVERS\srv2.sys AFBCFC946FAE7483E27BD316D03F94A5
C:\Windows\System32\DRIVERS\srvnet.sys 107C1EBE79710E4A759449BD6604245A
C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5
C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84
C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73
C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB
C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895
C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9
C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581
C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613
C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76
C:\Windows\System32\drivers\SynTP.sys E12C2C97DD962D8A761F3F586B0D536F
C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B
C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B
C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85
C:\Windows\system32\DRIVERS\tdx.sys E94274E6E163B63A12A5242CC8D0B39D
C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0
C:\Windows\System32\drivers\tpm.sys 169B0A246067457FEF8A18EED7EED9D5
C:\Windows\System32\drivers\tsusbflt.sys 48E828C66AB016E48F2CB4DD585315FD
C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE
C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6
C:\Windows\System32\drivers\TXEIx64.sys C7EC2E30EA72D94FB1C19DDE62550ED7
C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69
C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985
C:\Windows\System32\Drivers\UcmCx.sys 3995CC3DEDED258768B8EBC2F4C0DC73
C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C
C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B
C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD
C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C
C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136
C:\Windows\System32\drivers\ufx01000.sys 5F0D997E6FC5A418D7673148CEF72887
C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13
C:\Windows\System32\drivers\ufxsynopsys.sys DB630FC660443D63EBAB2C830C298EFE
C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5
C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4
C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A
C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90
C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB
C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD
C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3
C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB
C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200
C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2
C:\Windows\System32\drivers\UsbHub3.sys 12A0B486EA13DF46C27B90CC2CE92FE5
C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1
C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE
C:\Windows\System32\drivers\usbser.sys CA6369870F91F3D367D26278E0AD0DDF
C:\Windows\System32\drivers\USBSTOR.SYS 37C2CD8587BF7F785381EB7B26916B52
C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159
C:\Windows\System32\Drivers\usbvideo.sys 4B13B61CBB9CC3CB373C60B930D648F5
C:\Windows\System32\drivers\USBXHCI.SYS 325727F01F03C504CF788618A13DC266
C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE
C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314
C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52
C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249
C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7
C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942
C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE
C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA
C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C
C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51
C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091
C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB
C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B
C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90
C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\system32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869
C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC
C:\Windows\system32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169
C:\Windows\System32\DRIVERS\wdiwifi.sys E70DDD8E2245CC67547B0861983912D8
C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4
C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166
C:\Windows\System32\drivers\wimmount.sys 413093D680826762AC809D0B65E17BE5
C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343
C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D
C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F
C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5
C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E
C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6
C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71
C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1
C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1
C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\System32\drivers\xboxgip.sys 80BC02A73A3949A7AEF34791206C7D7F
C:\Windows\System32\drivers\xinputhid.sys 1F1EF8E701859581251B52035C1C1CEF
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-30 00:31 - 2017-01-30 00:31 - 00000000 ____D C:\Users\jj\AppData\Roaming\Intel Corporation
2017-01-30 00:31 - 2017-01-29 10:39 - 00002360 _____ C:\Users\jj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-30 00:31 - 2017-01-29 10:39 - 00000000 ___RD C:\Users\jj\OneDrive
2017-01-30 00:30 - 2017-01-30 00:30 - 00004150 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-01-30 00:30 - 2017-01-30 00:30 - 00003580 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2017-01-30 00:30 - 2017-01-30 00:30 - 00003312 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2017-01-30 00:30 - 2017-01-30 00:30 - 00000000 ____D C:\Users\jj\AppData\Roaming\Dell
2017-01-30 00:30 - 2017-01-30 00:30 - 00000000 ____D C:\Users\jj\AppData\Local\NVIDIA
2017-01-30 00:30 - 2017-01-30 00:30 - 00000000 ____D C:\Users\jj\AppData\Local\ActiveSync
2017-01-30 00:30 - 2017-01-30 00:30 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-01-30 00:28 - 2017-01-30 00:28 - 00000020 ___SH C:\Users\jj\ntuser.ini
2017-01-30 00:28 - 2017-01-30 00:28 - 00000000 _SHDL C:\Users\jj\My Documents
2017-01-30 00:28 - 2017-01-30 00:28 - 00000000 _SHDL C:\Users\jj\Documents\My Videos
2017-01-30 00:28 - 2017-01-30 00:28 - 00000000 _SHDL C:\Users\jj\Documents\My Pictures
2017-01-30 00:28 - 2017-01-30 00:28 - 00000000 _SHDL C:\Users\jj\Documents\My Music
2017-01-30 00:28 - 2017-01-30 00:28 - 00000000 ____D C:\Users\jj\AppData\Roaming\Adobe
2017-01-30 00:28 - 2017-01-30 00:28 - 00000000 ____D C:\Users\jj\AppData\Local\VirtualStore
2017-01-30 00:28 - 2017-01-30 00:28 - 00000000 ____D C:\Users\jj\AppData\Local\TileDataLayer
2017-01-30 00:28 - 2017-01-30 00:28 - 00000000 ____D C:\Users\jj\AppData\Local\Publishers
2017-01-30 00:28 - 2017-01-29 10:30 - 00000000 ____D C:\Users\jj\AppData\Local\Packages
2017-01-30 00:28 - 2017-01-29 10:20 - 00000000 ____D C:\Users\jj
2017-01-30 00:27 - 2017-01-29 10:37 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Default\My Documents
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\Default User
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Users\All Users
2017-01-30 00:25 - 2017-01-30 00:25 - 00000000 _SHDL C:\Documents and Settings
2017-01-30 00:24 - 2017-01-30 00:24 - 00022744 _____ C:\Windows\system32\emptyregdb.dat
2017-01-30 00:23 - 2015-10-30 15:17 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-01-30 00:21 - 2017-01-29 10:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-30 00:20 - 2017-01-30 00:20 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-30 00:13 - 2017-01-30 00:13 - 00000000 ____D C:\Windows\system32\config\bbimigrate
2017-01-30 00:08 - 2017-01-30 00:15 - 00000000 ____D C:\Program Files (x86)\Intel
2017-01-30 00:08 - 2017-01-30 00:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-01-30 00:08 - 2017-01-30 00:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-01-30 00:08 - 2017-01-30 00:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-01-30 00:07 - 2017-01-30 00:21 - 00198936 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-30 00:07 - 2017-01-30 00:07 - 00000000 ____D C:\Windows\ServiceProfiles
2017-01-29 23:38 - 2017-01-29 23:38 - 00000000 _____ C:\Recovery.txt
2017-01-29 23:28 - 2017-01-30 00:27 - 00000000 ___DC C:\Windows\Panther
2017-01-29 23:28 - 2017-01-29 23:28 - 00000000 ____D C:\Windows\InfusedApps
2017-01-29 23:27 - 2017-01-30 00:14 - 00000000 ____D C:\Intel
2017-01-29 23:27 - 2017-01-29 23:28 - 00000000 ____D C:\Windows.old
2017-01-29 23:27 - 2017-01-29 23:27 - 00008192 _____ C:\Windows\system32\config\userdiff
2017-01-29 23:26 - 2017-01-29 23:26 - 00000000 ____D C:\Program Files\Synaptics
2017-01-29 23:25 - 2017-01-29 23:25 - 00000000 ____D C:\Windows\Setup
2017-01-29 23:25 - 2017-01-29 23:25 - 00000000 ____D C:\Windows\OCR
2017-01-29 23:25 - 2017-01-29 23:25 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-01-29 23:25 - 2017-01-29 23:25 - 00000000 ____D C:\Program Files\MSBuild
2017-01-29 23:25 - 2017-01-29 23:25 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-01-29 23:25 - 2017-01-29 23:25 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\winrm
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\0409
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\winrm
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\WCN
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\slmgr
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\0409
2017-01-29 23:24 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\DigitalLocker
2017-01-29 23:20 - 2015-10-30 15:19 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-29 23:20 - 2015-10-30 15:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-29 23:18 - 2017-01-29 23:38 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-01-29 23:18 - 2017-01-29 23:14 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2017-01-29 23:18 - 2017-01-29 23:14 - 00215943 _____ C:\Windows\SysWOW64\dssec.dat
2017-01-29 23:18 - 2017-01-29 23:14 - 00215943 _____ C:\Windows\system32\dssec.dat
2017-01-29 23:18 - 2017-01-29 23:14 - 00209408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2017-01-29 23:18 - 2017-01-29 23:14 - 00015462 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2017-01-29 23:18 - 2017-01-29 23:14 - 00008798 _____ C:\Windows\SysWOW64\icrav03.rat
2017-01-29 23:18 - 2017-01-29 23:14 - 00008798 _____ C:\Windows\system32\icrav03.rat
2017-01-29 23:18 - 2017-01-29 23:14 - 00003683 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam
2017-01-29 23:18 - 2017-01-29 23:14 - 00001988 _____ C:\Windows\SysWOW64\ticrf.rat
2017-01-29 23:18 - 2017-01-29 23:14 - 00001988 _____ C:\Windows\system32\ticrf.rat
2017-01-29 23:18 - 2017-01-29 23:14 - 00000858 _____ C:\Windows\system32\DefaultQuestions.json
2017-01-29 23:18 - 2017-01-29 23:14 - 00000741 _____ C:\Windows\SysWOW64\NOISE.DAT
2017-01-29 23:18 - 2017-01-29 23:14 - 00000741 _____ C:\Windows\system32\NOISE.DAT
2017-01-29 23:18 - 2017-01-29 23:14 - 00000389 _____ C:\Windows\system32\AutoWorkplace.exe.config
2017-01-29 23:17 - 2017-01-30 00:28 - 00000000 ___RD C:\Windows\PurchaseDialog
2017-01-29 23:17 - 2017-01-30 00:28 - 00000000 ___RD C:\Windows\PrintDialog
2017-01-29 23:17 - 2017-01-30 00:28 - 00000000 ___RD C:\Windows\MiracastView
2017-01-29 23:17 - 2017-01-30 00:28 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-29 23:17 - 2017-01-30 00:25 - 00000000 ____D C:\Windows\rescache
2017-01-29 23:17 - 2017-01-30 00:25 - 00000000 ____D C:\Windows\Registration
2017-01-29 23:17 - 2017-01-30 00:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-29 23:17 - 2017-01-30 00:18 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-01-29 23:17 - 2017-01-30 00:18 - 00000000 ____D C:\Windows\system32\spool
2017-01-29 23:17 - 2017-01-30 00:18 - 00000000 ____D C:\Windows\system32\oobe
2017-01-29 23:17 - 2017-01-30 00:18 - 00000000 ____D C:\Windows\Help
2017-01-29 23:17 - 2017-01-30 00:16 - 00000000 ____D C:\ProgramData\USOPrivate
2017-01-29 23:17 - 2017-01-30 00:16 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-29 23:17 - 2017-01-30 00:13 - 00000000 ____D C:\Windows\appcompat
2017-01-29 23:17 - 2017-01-30 00:10 - 00000000 ____D C:\Windows\system32\Sysprep
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ___SD C:\Windows\system32\F12
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ___SD C:\Windows\system32\dsc
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\setup
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\MUI
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\migwiz
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\Dism
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\system32\Com
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\IME
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Program Files\Windows Journal
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-29 23:17 - 2017-01-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 __RSD C:\Windows\Media
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ___SD C:\Windows\SysWOW64\Nui
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ___SD C:\Windows\system32\Nui
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\SysWOW64\downlevel
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\SysWOW64\Bthprops
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\WinMetadata
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\MsDtc
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\MailContactsCalendarSync
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\icsxml
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\ias
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\downlevel
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\Bthprops
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\appraiser
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\ShellNew
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\Provisioning
2017-01-29 23:17 - 2017-01-29 23:18 - 00000000 ____D C:\Windows\L2Schemas
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ___SD C:\Windows\SysWOW64\Configuration
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ___SD C:\Windows\system32\Configuration
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ___RD C:\Windows\DesktopTileResources
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\Web
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\Vss
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\tracing
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\TAPI
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\SMI
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\ras
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\NDF
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\MsDtc
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\Ipmi
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\IME
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicyUsers
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\FxsTmp
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SysWOW64\AppLocker
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SystemResources
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SystemApps
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\winevt
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\ras
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\ProximityToast
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\PointOfService
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\Ipmi
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\InputMethod
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\inetsrv
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\IME
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\config\Journal
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\AppLocker
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\System
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SKB
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\security
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\schemas
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\SchCache
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\Resources
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\PLA
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\Performance
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\ModemLogs
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\InputMethod
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\Globalization
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\Cursors
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\Branding
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\bcastdvr
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\addins
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\ProgramData\Comms
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Program Files\Windows NT
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Program Files\Common Files\Services
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-01-29 23:17 - 2017-01-29 23:17 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-01-29 23:17 - 2017-01-29 10:57 - 00000000 ____D C:\Windows\AppReadiness
2017-01-29 23:17 - 2017-01-29 10:40 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-29 23:17 - 2017-01-29 10:29 - 00000000 ____D C:\Windows\system32\NDF
2017-01-29 23:17 - 2017-01-29 08:45 - 00000000 ___RD C:\Windows\DevicesFlow
2017-01-29 23:17 - 2017-01-29 08:45 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-01-29 23:15 - 2017-01-29 12:54 - 00000000 ____D C:\Windows\INF
2017-01-29 23:07 - 2017-01-29 23:25 - 00000000 ____D C:\Windows\CbsTemp
2017-01-29 22:58 - 2017-01-29 23:24 - 00000000 ____D C:\Windows\servicing
2017-01-29 22:58 - 2017-01-29 23:17 - 00000000 ____D C:\Windows\system32\SMI
2017-01-29 22:58 - 2017-01-29 10:42 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-01-29 22:58 - 2017-01-29 08:33 - 00032768 ___SH C:\Windows\system32\config\ELAM
2017-01-29 22:58 - 2015-10-30 14:33 - 00000164 _____ C:\Windows\system32\config\FP
2017-01-29 22:55 - 2017-01-29 23:38 - 00000000 ___HD C:\$SysReset
2017-01-29 12:57 - 2017-01-29 12:58 - 00037160 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-01-29 12:57 - 2017-01-29 12:57 - 00000000 ____D C:\FRST
2017-01-29 12:55 - 2017-01-29 12:56 - 02420736 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2017-01-29 12:18 - 2017-01-29 12:18 - 00154223 _____ C:\Users\Administrator\Downloads\DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.12B04_EN_WW.PDF
2017-01-29 11:53 - 2017-01-29 11:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
2017-01-29 11:35 - 2017-01-29 11:35 - 00000304 ____H C:\Windows\Tasks\User_Feed_Synchronization-{571E1C8A-6E59-413E-B09E-181AB8F555C8}.job
2017-01-29 11:04 - 2017-01-29 11:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-01-29 11:00 - 2017-01-29 11:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-01-29 11:00 - 2017-01-29 11:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-01-29 10:59 - 2017-01-29 10:59 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-01-29 10:59 - 2017-01-29 10:59 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-01-29 10:59 - 2017-01-29 10:59 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-01-29 10:59 - 2017-01-29 10:59 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-01-29 10:59 - 2017-01-29 10:59 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-01-29 10:59 - 2017-01-29 10:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2017-01-29 10:59 - 2017-01-29 10:59 - 00000000 ____D C:\Users\Administrator
2017-01-29 10:43 - 2017-01-29 12:50 - 00736154 _____ C:\Windows\ntbtlog.txt
2017-01-29 10:43 - 2017-01-29 10:43 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-29 10:41 - 2017-01-29 10:41 - 01087268 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
2017-01-29 10:41 - 2017-01-29 10:41 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-01-29 10:41 - 2017-01-29 10:41 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-01-29 10:41 - 2017-01-29 10:41 - 00000000 ____D C:\Windows\system32\DAX2
2017-01-29 10:41 - 2017-01-29 10:41 - 00000000 ____D C:\Program Files\Realtek
2017-01-29 10:39 - 2017-01-29 10:39 - 00003284 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-29 10:37 - 2017-01-29 10:37 - 00000000 ____D C:\Users\jj\AppData\Roaming\Skype
2017-01-29 10:35 - 2017-01-29 10:40 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-29 10:35 - 2017-01-29 10:40 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-29 10:35 - 2017-01-29 10:35 - 00003980 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-29 10:35 - 2017-01-29 10:35 - 00003748 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-29 10:25 - 2017-01-29 10:26 - 01065376 _____ (Google Inc.) C:\Users\jj\Downloads\ChromeSetup (1).exe
2017-01-29 10:22 - 2017-01-29 10:35 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-29 10:21 - 2017-01-29 10:22 - 01065376 _____ (Google Inc.) C:\Users\jj\Downloads\ChromeSetup.exe
2017-01-29 10:21 - 2017-01-29 10:21 - 00000000 ____D C:\Users\jj\AppData\Local\Google
2017-01-29 10:20 - 2017-01-29 10:37 - 00000000 __SHD C:\Users\jj\IntelGraphicsProfiles
2017-01-29 10:20 - 2017-01-29 10:20 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-01-29 10:20 - 2015-09-30 20:39 - 00105472 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-01-29 10:20 - 2015-09-30 20:39 - 00101376 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2017-01-29 10:18 - 2017-01-29 10:20 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-01-29 10:08 - 2017-01-29 10:08 - 00004106 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{215B700B-0585-4BC3-B5AA-D8B31C65247B}
2017-01-29 10:08 - 2017-01-29 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-29 10:05 - 2017-01-29 10:11 - 00000000 ____D C:\Users\jj\AppData\Local\MicrosoftEdge
2017-01-29 10:02 - 2017-01-29 10:02 - 00013928 ____N C:\bootsqm.dat
2017-01-29 09:00 - 2017-01-29 09:00 - 00000000 ____D C:\Users\jj\Documents\Alienware TactX
2017-01-29 08:46 - 2017-01-29 08:46 - 00000000 ____D C:\Users\jj\AppData\Local\Comms
2017-01-29 08:39 - 2017-01-29 08:39 - 00000000 ____D C:\Users\jj\Documents\AlienFX
2017-01-29 08:37 - 2017-01-29 08:37 - 00000000 ____H C:\Users\jj\Documents\Default.rdp
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-30 00:30 - 2016-02-17 11:34 - 00000000 ____D C:\ProgramData\PCDr
2017-01-30 00:28 - 2016-02-17 11:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-30 00:24 - 2016-02-17 11:38 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-30 00:24 - 2016-02-17 11:23 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2017-01-30 00:23 - 2016-02-17 11:31 - 00890062 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-01-30 00:22 - 2016-02-17 11:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installations
2017-01-30 00:18 - 2016-02-17 11:29 - 00000000 ____D C:\Windows\Downloaded Installations
2017-01-30 00:18 - 2016-02-17 11:09 - 00000000 ____D C:\Windows\SysWOW64\sda
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\XP32
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Winblue64
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Winblue32
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Win864
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Win832
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Win764
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Win732
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Win1064
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Win1032
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Vista64
2017-01-30 00:16 - 2016-02-17 11:29 - 00000000 ____D C:\ProgramData\Vista32
2017-01-30 00:16 - 2016-02-17 11:20 - 00000000 ____D C:\Users\Public\Creative
2017-01-30 00:16 - 2016-02-17 11:16 - 00000000 ____D C:\ProgramData\USOShared
2017-01-30 00:15 - 2016-02-17 11:37 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2017-01-30 00:15 - 2016-02-17 11:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-30 00:15 - 2016-02-17 11:36 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-01-30 00:15 - 2016-02-17 11:35 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2017-01-30 00:15 - 2016-02-17 11:34 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-01-30 00:15 - 2016-02-17 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-30 00:15 - 2016-02-17 11:34 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-30 00:15 - 2016-02-17 11:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-30 00:15 - 2016-02-17 11:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-30 00:15 - 2016-02-17 11:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-01-30 00:15 - 2016-02-17 11:30 - 00000000 ____D C:\ProgramData\Intel
2017-01-30 00:15 - 2016-02-17 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2017-01-30 00:15 - 2016-02-17 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2017-01-30 00:15 - 2016-02-17 11:22 - 00000000 ____D C:\ProgramData\Killer
2017-01-30 00:15 - 2016-02-17 11:22 - 00000000 ____D C:\ProgramData\Downloaded Installations
2017-01-30 00:15 - 2016-02-17 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-01-30 00:15 - 2016-02-17 11:20 - 00000000 ____D C:\Program Files (x86)\Creative
2017-01-30 00:15 - 2016-02-17 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2017-01-30 00:15 - 2016-02-17 11:18 - 00000000 ____D C:\ProgramData\iolo
2017-01-30 00:15 - 2016-02-17 11:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-30 00:15 - 2016-02-17 11:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-30 00:15 - 2016-02-17 11:01 - 00000000 ____D C:\ProgramData\Dell
2017-01-30 00:14 - 2016-02-17 11:37 - 00000000 ____D C:\Program Files\mcafee.com
2017-01-30 00:14 - 2016-02-17 11:37 - 00000000 ____D C:\Program Files\mcafee
2017-01-30 00:14 - 2016-02-17 11:37 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-30 00:14 - 2016-02-17 11:37 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-30 00:14 - 2016-02-17 11:36 - 00000000 ____D C:\Program Files\Dell
2017-01-30 00:14 - 2016-02-17 11:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-30 00:14 - 2016-02-17 11:29 - 00000000 ____D C:\Program Files (x86)\Alienware On-Screen Display
2017-01-30 00:14 - 2016-02-17 11:23 - 00000000 ____D C:\Program Files\Intel
2017-01-30 00:14 - 2016-02-17 11:22 - 00000000 ____D C:\Program Files\Killer Networking
2017-01-30 00:14 - 2016-02-17 11:21 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2017-01-30 00:14 - 2016-02-17 11:21 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2017-01-30 00:14 - 2016-02-17 11:17 - 00000000 ____D C:\Program Files\Alienware
2017-01-30 00:14 - 2016-02-17 11:16 - 00000000 ____D C:\Program Files\DIFX
2017-01-30 00:14 - 2016-02-17 11:06 - 00000000 ____D C:\backup
2017-01-30 00:14 - 2016-02-17 10:56 - 00000000 ____D C:\MFG
2017-01-29 12:54 - 2016-02-17 11:31 - 00881036 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-29 10:57 - 2016-02-17 11:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-29 10:11 - 2016-02-17 11:37 - 00000000 ____D C:\ProgramData\McAfee
2017-01-29 09:00 - 2016-02-17 11:37 - 00000000 ____D C:\Program Files (x86)\McAfee
 
==================== Files in the root of some directories =======
 
2017-01-29 10:41 - 2017-01-29 10:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {c53e5b9d-e146-11e6-a659-d275c807a3b0}
                        {c53e5b9b-e146-11e6-a659-d275c807a3b0}
                        {c53e5b9c-e146-11e6-a659-d275c807a3b0}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {c53e5baa-e146-11e6-a659-d275c807a3b0}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0
 
Firmware Application (101fffff)
-------------------------------
identifier              {c53e5b9b-e146-11e6-a659-d275c807a3b0}
description             EFI USB Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {c53e5b9c-e146-11e6-a659-d275c807a3b0}
description             EFI DVD/CDROM
 
Firmware Application (101fffff)
-------------------------------
identifier              {c53e5b9d-e146-11e6-a659-d275c807a3b0}
description             EFI Network
 
Firmware Application (101fffff)
-------------------------------
identifier              {c53e5b9e-e146-11e6-a659-d275c807a3b0}
description             Network Boot-IPV4: 2C-60-0C-A9-96-7D
 
Firmware Application (101fffff)
-------------------------------
identifier              {c53e5b9f-e146-11e6-a659-d275c807a3b0}
description             Network Boot-IPV6: 2C-60-0C-A9-96-7D
 
Firmware Application (101fffff)
-------------------------------
identifier              {c53e5ba0-e146-11e6-a659-d275c807a3b0}
description             Unknown Device: 
 
Firmware Application (101fffff)
-------------------------------
identifier              {c53e5ba1-e146-11e6-a659-d275c807a3b0}
device                  unknown
description             Unknown Device: 
 
Firmware Application (101fffff)
-------------------------------
identifier              {d85ced18-e150-11e6-a2c1-806e6f6e6963}
description             Unknown Device: 
 
Windows Boot Loader
-------------------
identifier              {c53e5ba6-e146-11e6-a659-d275c807a3b0}
device                  ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{c53e5ba7-e146-11e6-a659-d275c807a3b0}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{c53e5ba7-e146-11e6-a659-d275c807a3b0}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {c53e5ba6-e146-11e6-a659-d275c807a3b0}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {c53e5baa-e146-11e6-a659-d275c807a3b0}
nx                      OptIn
bootmenupolicy          Standard
 
Resume from Hibernate
---------------------
identifier              {c53e5baa-e146-11e6-a659-d275c807a3b0}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {c53e5ba6-e146-11e6-a659-d275c807a3b0}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {c53e5ba7-e146-11e6-a659-d275c807a3b0}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume4
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2017-01-29 09:19
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 lokomo

lokomo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 29 January 2017 - 08:52 PM

sorry...addition is here

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Administrator (29-01-2017 12:59:28)
Running from C:\Users\Administrator\Desktop
Windows 10 Home Version 1511 (X64) (2017-01-29 16:27:39)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3206455301-1028567036-3064878794-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3206455301-1028567036-3064878794-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3206455301-1028567036-3064878794-1000 - Administrator - Disabled)
Guest (S-1-5-21-3206455301-1028567036-3064878794-501 - Limited - Disabled)
jj (S-1-5-21-3206455301-1028567036-3064878794-1001 - Administrator - Enabled) => C:\Users\jj
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Alienware Command Center (HKLM-x32\...\InstallShield_{34D90D8B-A2AB-47C3-97CB-363D9923C5E7}) (Version: 4.5.19.1 - Dell Inc.)
Alienware Command Center (Version: 4.5.19.1 - Dell Inc.) Hidden
Alienware Customer Connect (HKLM-x32\...\{99E581C6-471C-46CA-989E-3B17EB7E3F27}) (Version: 1.3.2.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Alienware Graphics Amplifier Software Installer (HKLM-x32\...\InstallShield_{6AAC93BE-2E1D-4E49-8DDD-2DDF00AB4B33}) (Version: 2.0.16.0 - Dell Inc.)
Alienware Graphics Amplifier Software Installer (Version: 2.0.16.0 - Dell Inc.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.19C - )
Alienware On-Screen Display (x32 Version: 0.33.0.19C - ) Hidden
Dell Foundation Services (HKLM\...\{91E2DDB6-DC13-4585-8A10-04C6AB6F87A4}) (Version: 3.1.1900.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
EMSC (x32 Version: 0.0.0.28 - Compal Electronics, Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1236 - Rivet Networks) Hidden
Killer E240x Drivers (Version: 1.1.56.1236 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1236 - Rivet Networks) Hidden
Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1236 - Rivet Networks)
Killer Wireless Drivers (HKLM-x32\...\{7457A1F5-DDFA-4A08-949F-08F8E0F242B7}) (Version: 1.1.56.1236 - Rivet Networks)
Killer Wireless-AC 1535 Drivers (Version: 1.1.56.1236 - Rivet Networks) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4119 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Product Registration (HKLM-x32\...\InstallShield_{B96204EB-3051-4B4F-9534-ED13FE7095D1}) (Version: 2.2.27.0 - Dell Inc.)
Product Registration (Version: 2.2.27.0 - Dell Inc.) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 12.0.0.102 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7589 - Realtek Semiconductor Corp.)
Sound Blaster Recon3Di (HKLM-x32\...\{53B1C46E-DFB7-4F9F-9CC7-D41940BB0419}) (Version: 1.01.07 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.15 - Synaptics Incorporated)
Thunderbolt™ Software (HKLM-x32\...\{E265C71F-14DA-462C-A06A-CBA776B695F1}) (Version: 15.2.32.250 - Intel Corporation)
Windows Driver Package - Kionix, Inc. (kiox_ff_driver) Sensor I/O devices  (09/27/2015 1.1.4.0) (HKLM\...\D3AAC76E82CD195552A5A6A3E4A9F8E75724E30F) (Version: 09/27/2015 1.1.4.0 - Kionix, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13ACD94A-6FD4-4D7F-B543-4119C958E72F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {17B9E673-4A9B-4C60-A619-CCE51DEE4260} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-29] (Google Inc.)
Task: {1B17A402-A9E9-43F7-B80C-C31412224DE2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {2020C41B-E278-4196-9861-46FC30AA6A9B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {5DC9C3BD-1A1D-418F-9308-6885C25F22DB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2015-05-20] (PC-Doctor, Inc.)
Task: {602AD6FB-55A5-4339-B5CF-B175B6B89DCE} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {9EF3BCEF-1518-4530-84CF-0CC76DB68B71} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A04831BE-A4B9-47A0-9576-B3EA3B064C3C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {B81C9FAF-1959-4E2E-822A-220C51199819} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-07-22] (McAfee, Inc.)
Task: {BED2FDC6-D8DD-4DC6-A53B-1480B7A3D6C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-29] (Google Inc.)
Task: {C189C060-7674-4127-A01E-721CBC6C1BC2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {CD1D1828-B0A0-4953-A6B6-055667BD1E6B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2015-05-20] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{571E1C8A-6E59-413E-B09E-181AB8F555C8}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 15:18 - 2015-10-30 15:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-10-30 15:17 - 2015-10-30 15:17 - 02652784 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-30 15:17 - 2015-10-30 15:17 - 02652784 _____ () C:\Windows\System32\CoreUIComponents.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 15:24 - 2015-10-30 15:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3206455301-1028567036-3064878794-500\Control Panel\Desktop\\Wallpaper -> $(runtime.windows)\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 172.17.5.68 - 172.17.5.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{FF0DAE85-AEC6-4256-BA36-56C52C96675C}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DDB7D549-D944-4742-8E9A-1E76394BC2E0}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{702CE377-B4BA-417C-9B1E-0CE7E88A1E1E}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{DE28222C-D555-465C-B479-C58811FA9D32}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{F1AA0F96-E535-4FF0-B2E2-924660EAAB0D}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Network Controller
Description: Network Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/29/2017 10:44:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-7GD2IUU)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/29/2017 10:43:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-7GD2IUU)
Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/29/2017 10:43:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-7GD2IUU)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/29/2017 10:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.6.1.1030, time stamp: 0x55d32301
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0381738d
Faulting process id: 0x1aec
Faulting application start time: 0x01d279d8e4128667
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 7c08b1b6-dea8-42e5-a90b-8630a81fd6c8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/29/2017 10:40:06 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/29/2017 10:05:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.6.1.1030, time stamp: 0x55d32301
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03797395
Faulting process id: 0x114c
Faulting application start time: 0x01d279d40f59aad7
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: f8263289-05a6-4270-bebd-d97b3a313ba2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/29/2017 10:05:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/29/2017 10:03:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (01/29/2017 10:03:05 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (01/29/2017 10:03:05 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
 
System errors:
=============
Error: (01/29/2017 12:59:47 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/29/2017 12:59:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (01/29/2017 12:59:35 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/29/2017 12:59:31 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/29/2017 12:59:31 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/29/2017 12:59:31 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/29/2017 12:59:31 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/29/2017 12:59:31 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/29/2017 12:59:31 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/29/2017 12:59:29 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-7GD2IUU)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2017-01-30 00:24:53.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-30 00:21:30.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-30 00:08:40.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N3150 @ 1.60GHz
Percentage of memory in use: 42%
Total physical RAM: 1962.02 MB
Available physical RAM: 1127.04 MB
Total Virtual: 3114.02 MB
Available Virtual: 2365.32 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:99.13 GB) (Free:73.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 70522194)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 03 February 2017 - 03:37 PM

Greetings lokomo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 03 February 2017 - 05:26 PM

Greetings.

I notice you booted into Safe Mode with Networking. Does your computer run fine in that state?

With which browser(s) are you getting pop ups?

Plesae do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3206455301-1028567036-3064878794-500 -> DefaultScope {7F6AE55E-6CBE-47D9-A915-3A06AAA16936} URL = 
SearchScopes: HKU\S-1-5-21-3206455301-1028567036-3064878794-500 -> {7F6AE55E-6CBE-47D9-A915-3A06AAA16936} URL = 
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • Browser?
  • Fixlist
  • MTB.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 06 February 2017 - 10:07 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 lokomo

lokomo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 07 February 2017 - 05:51 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by hihiihi (08-02-2017 22:46:56) Run:2
Running from C:\Users\hihiihi\Desktop
Loaded Profiles: hihiihi (Available Profiles: hihiihi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3206455301-1028567036-3064878794-500 -> DefaultScope {7F6AE55E-6CBE-47D9-A915-3A06AAA16936} URL =
SearchScopes: HKU\S-1-5-21-3206455301-1028567036-3064878794-500 -> {7F6AE55E-6CBE-47D9-A915-3A06AAA16936} URL =
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

 

 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by hihiihi (administrator) on 08-02-2017 at 22:48:52
Running from "C:\Users\hihiihi\AppData\Local\Microsoft\Windows\INetCache\IE\61LIJKYZ"
Microsoft Windows 10 Home  (X64)
Model: ES1-131-C4UB Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet 2 (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-UOQVVAP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 2C-60-0C-A9-96-7D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2406:3003:1060::186(Preferred)
   Lease Obtained. . . . . . . . . . : Wednesday, February 8, 2017 10:35:28 PM
   Lease Expires . . . . . . . . . . : Friday, February 10, 2017 10:35:28 PM
   Link-local IPv6 Address . . . . . : fe80::cc81:63da:e208:e466%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 116.88.73.62(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Wednesday, February 8, 2017 10:35:18 PM
   Lease Expires . . . . . . . . . . : Friday, February 10, 2017 10:35:18 PM
   Default Gateway . . . . . . . . . : fe80::205:73ff:fea0:627%4
                                       fe80::205:73ff:fea0:628%4
                                       fe80::205:73ff:fea0:62a%4
                                       fe80::205:73ff:fea0:629%4
                                       116.88.72.1
   DHCP Server . . . . . . . . . . . : 172.17.0.231
   DHCPv6 IAID . . . . . . . . . . . : 70017036
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-27-32-65-2C-60-0C-A9-96-7D
   DNS Servers . . . . . . . . . . . : 2404:e800:103:3::68
                                       2404:e800:3:3::36
                                       172.17.5.68
                                       172.17.5.36
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 70-77-81-43-F1-7C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9D8B5DDE-07C2-4B91-8652-387CEDBDCEB0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3041:241c:8ba7:b6c1(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3041:241c:8ba7:b6c1%5(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 234881024
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-27-32-65-2C-60-0C-A9-96-7D
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  2404:e800:103:3::68

Name:    google.com
Addresses:  2404:6800:4003:c01::65
   172.217.24.110

Pinging google.com [2404:6800:4003:c00::64] with 32 bytes of data:
Reply from 2404:6800:4003:c00::64: time=3ms
Reply from 2404:6800:4003:c00::64: time=3ms

Ping statistics for 2404:6800:4003:c00::64:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 3ms, Average = 3ms
Server:  UnKnown
Address:  2404:e800:103:3::68

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=208ms
Reply from 2001:4998:44:204::a7: time=208ms

Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 208ms, Maximum = 208ms, Average = 208ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  4...2c 60 0c a9 96 7d ......Realtek PCIe GBE Family Controller
  2...70 77 81 43 f1 7c ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      116.88.72.1     116.88.73.62     10
      116.88.72.0    255.255.248.0         On-link      116.88.73.62    266
     116.88.73.62  255.255.255.255         On-link      116.88.73.62    266
    116.88.79.255  255.255.255.255         On-link      116.88.73.62    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      116.88.73.62    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      116.88.73.62    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    266 ::/0                     fe80::205:73ff:fea0:627
  4    266 ::/0                     fe80::205:73ff:fea0:628
  4    266 ::/0                     fe80::205:73ff:fea0:62a
  4    266 ::/0                     fe80::205:73ff:fea0:629
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:90d7:3041:241c:8ba7:b6c1/128
                                    On-link
  4    266 2406:3003:1060::186/128  On-link
  4    266 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::3041:241c:8ba7:b6c1/128
                                    On-link
  4    266 fe80::cc81:63da:e208:e466/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    266 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

**** End of log ****

 

 

 

 

i don't get redirected when I'm in safe mode...Using IE..Thanks...and I notice lots of weird files exe or dlls


Edited by lokomo, 07 February 2017 - 05:53 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 07 February 2017 - 05:57 PM

Thanks.

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Malwarebytes Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Once completed a JRT.txt document will open on your desktop
  • Copy and paste the contents in your reply
  • Boot into Normal Boot and test computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Update on computer behavior

Edited by Oh My!, 07 February 2017 - 06:04 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 lokomo

lokomo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 09 February 2017 - 12:56 PM

# AdwCleaner v6.043 - Logfile created 10/02/2017 at 15:52:21
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-09.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : hihiihi - DESKTOP-UOQVVAP
# Running from : C:\Users\hihiihi\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1000 Bytes] - [10/02/2017 15:52:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1073 Bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by hihiihi (Administrator) on Fri 02/10/2017 at 15:53:57.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 0

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F6AE55E-6CBE-47D9-A915-3A06AAA16936} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/10/2017 at 15:55:54.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

pc is ok now...is there any root kit or anything inside my pc...cause previously when I used codomo's firewall...lots of china vendor on the trusted vendor list



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 09 February 2017 - 02:20 PM

No rootkit.

Let's run these 2 programs.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 12 February 2017 - 02:13 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 15 February 2017 - 01:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users