Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit/Malware? Fresh install BSOD when running GMER


  • This topic is locked This topic is locked
2 replies to this topic

#1 zarrala

zarrala

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 01 May 2017 - 06:55 PM

Hi all,

 

I formatted all my HDDS and SSD's last night to try and get rid of anything nasty on my system, I downloaded something about a month ago which Kaspersky or Anti Malwayre bytes did not pick up. (I downloaded free version of AVAST after I suspected something it and it got rid of it)

 

I have reinstalled windows 10 and ran GMER. It gives me a warning about Rootkit activity, so I tried to do a full system scan and the PC then BSOD.

 

I believe I have some type of Malware or Rootkit ect.

 

THIS SYSTEM HAS JUST HAD A FRESH INSTALL + SOME DRIVERS INSTALLED.

 

 

Thanks in advance

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05-2017
Ran by Zokki (administrator) on ZOKKI-PC (02-05-2017 09:50:13)
Running from F:\Downloads
Loaded Profiles: Zokki (Available Profiles: Zokki)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-05-02]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3593eb7a-a1be-477b-be1e-cecdad834044}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1291727821-945967215-2468135192-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default [2017-05-02]
CHR Extension: (Google Slides) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-02]
CHR Extension: (Google Docs) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-02]
CHR Extension: (Google Drive) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-02]
CHR Extension: (YouTube) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-02]
CHR Extension: (Google Sheets) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-02]
CHR Extension: (Google Docs Offline) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (Gmail) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492664 2017-04-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492664 2017-04-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425592 2017-04-26] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-19] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-19] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_e619501ce2023445\nvlddmkm.sys [14569520 2017-03-23] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-04-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47736 2017-04-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-04-26] (NVIDIA Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
U3 pglcypow; C:\Users\Zokki\AppData\Local\Temp\pglcypow.sys [56584 2017-05-02] (GMER) [File not signed] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-03 03:03 - 2017-05-03 03:03 - 00000000 ____D C:\Windows.old
2017-05-03 03:02 - 2017-05-03 03:02 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-03 03:02 - 2017-05-03 03:02 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-03 03:02 - 2017-05-03 03:02 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-03 03:02 - 2017-05-03 03:02 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-05-03 03:02 - 2017-05-03 03:02 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-05-03 03:02 - 2017-05-03 03:02 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-05-03 03:02 - 2017-05-03 03:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-03 03:02 - 2017-05-03 03:02 - 00000000 ____D C:\Program Files\MSBuild
2017-05-03 03:02 - 2017-05-03 03:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-03 03:02 - 2017-05-03 03:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-03 03:02 - 2017-05-03 03:02 - 00000000 ____D C:\inetpub
2017-05-03 03:02 - 2017-02-11 05:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-03 03:02 - 2017-02-11 05:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-03 03:02 - 2017-02-11 05:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-03 03:02 - 2017-02-11 05:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-03 03:02 - 2017-02-11 05:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-03 03:02 - 2017-02-11 05:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-02 09:48 - 2017-05-02 09:50 - 00000000 ____D C:\FRST
2017-05-02 09:31 - 2017-05-02 09:31 - 00688228 _____ C:\WINDOWS\Minidump\050217-11562-01.dmp
2017-05-02 09:29 - 2017-05-02 09:31 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-02 09:29 - 2017-05-02 09:29 - 00678732 _____ C:\WINDOWS\Minidump\050217-12937-01.dmp
2017-05-02 09:28 - 2017-05-02 09:31 - 769057327 ____N C:\WINDOWS\MEMORY.DMP
2017-05-02 09:27 - 2017-05-02 09:27 - 00000000 ____D C:\ProgramData\USOShared
2017-05-02 09:23 - 2017-05-02 09:39 - 00000000 ____D C:\Users\Zokki\AppData\Local\Google
2017-05-02 09:23 - 2017-05-02 09:23 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 09:23 - 2017-05-02 09:23 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-02 09:23 - 2017-05-02 09:23 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-02 09:23 - 2017-05-02 09:23 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-02 09:23 - 2017-05-02 09:23 - 00000000 ____D C:\Users\Zokki\AppData\Local\DBG
2017-05-02 09:23 - 2017-05-02 09:23 - 00000000 ____D C:\Users\Zokki\AppData\Local\CrashDumps
2017-05-02 09:23 - 2017-05-02 09:23 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-02 09:22 - 2017-05-02 09:22 - 00000000 ____D C:\Users\Zokki\AppData\Roaming\NVIDIA
2017-05-02 09:21 - 2017-05-02 09:33 - 00000000 ____D C:\Users\Zokki\AppData\Local\NVIDIA Corporation
2017-05-02 09:21 - 2017-05-02 09:21 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 09:21 - 2017-05-02 09:21 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 09:21 - 2017-05-02 09:21 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 09:21 - 2017-05-02 09:21 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 09:21 - 2017-05-02 09:21 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 09:21 - 2017-05-02 09:21 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 09:21 - 2017-05-02 09:21 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 09:21 - 2017-05-02 09:21 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-02 09:21 - 2017-05-02 09:21 - 00000000 ____D C:\Users\Zokki\AppData\Local\NVIDIA
2017-05-02 09:21 - 2017-05-02 09:21 - 00000000 ____D C:\Users\Zokki\AppData\Local\CEF
2017-05-02 09:21 - 2017-04-26 15:37 - 01882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-05-02 09:21 - 2017-04-26 15:37 - 01755256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-05-02 09:21 - 2017-04-26 15:37 - 01473144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-05-02 09:21 - 2017-04-26 15:37 - 01317496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-05-02 09:21 - 2017-04-26 15:37 - 00153720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-05-02 09:21 - 2017-04-26 15:37 - 00127608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-05-02 09:21 - 2017-04-26 15:37 - 00121464 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-05-02 09:21 - 2017-04-26 15:37 - 00057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-05-02 09:21 - 2017-04-26 15:37 - 00047736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-05-02 09:21 - 2017-04-26 15:03 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-05-02 09:21 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-05-02 09:21 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-05-02 09:21 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-05-02 09:21 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-05-02 09:21 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-05-02 09:21 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-05-02 09:17 - 2017-05-02 09:31 - 00000000 __SHD C:\Users\Zokki\IntelGraphicsProfiles
2017-05-02 09:17 - 2017-05-02 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-02 09:17 - 2017-05-02 09:17 - 00000000 ____D C:\Users\Zokki\AppData\Local\Comms
2017-05-02 09:16 - 2017-05-02 09:31 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-02 09:16 - 2017-05-02 09:16 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-05-02 09:16 - 2017-05-02 09:16 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-05-02 09:14 - 2017-05-02 09:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-02 09:14 - 2017-05-02 09:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-02 09:14 - 2017-05-02 09:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-02 09:14 - 2017-05-02 09:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-02 09:14 - 2017-05-02 09:16 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-02 09:14 - 2017-05-02 09:14 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-02 09:14 - 2017-03-28 11:25 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-05-02 09:14 - 2017-02-23 18:28 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-02 09:14 - 2017-02-23 18:28 - 02479160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-02 09:14 - 2017-02-23 18:28 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-02 09:14 - 2017-02-23 18:28 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-02 09:14 - 2017-02-23 18:28 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-02 09:14 - 2017-02-23 18:28 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-02 09:14 - 2017-02-23 18:28 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-02 09:14 - 2017-02-23 18:17 - 00136064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-05-02 09:14 - 2017-02-23 16:38 - 07807027 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-02 09:14 - 2017-01-26 10:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-02 09:14 - 2017-01-26 10:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-02 09:14 - 2017-01-26 10:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-02 09:14 - 2017-01-26 10:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-02 09:11 - 2017-05-02 09:11 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-02 09:11 - 2017-05-02 09:11 - 00002401 _____ C:\Users\Zokki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-02 09:11 - 2017-05-02 09:11 - 00000000 ___RD C:\Users\Zokki\OneDrive
2017-05-02 09:10 - 2017-05-02 09:11 - 00000000 ____D C:\Users\Zokki\AppData\Local\MicrosoftEdge
2017-05-02 09:10 - 2017-05-02 09:10 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-02 09:09 - 2017-05-02 09:23 - 00000000 ____D C:\Users\Zokki\AppData\Local\Packages
2017-05-02 09:09 - 2017-05-02 09:09 - 00000020 ___SH C:\Users\Zokki\ntuser.ini
2017-05-02 09:09 - 2017-05-02 09:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-02 09:09 - 2017-05-02 09:09 - 00000000 ____D C:\Users\Zokki\AppData\Roaming\Adobe
2017-05-02 09:09 - 2017-05-02 09:09 - 00000000 ____D C:\Users\Zokki\AppData\Local\TileDataLayer
2017-05-02 09:09 - 2017-05-02 09:09 - 00000000 ____D C:\Users\Zokki\AppData\Local\Publishers
2017-05-02 09:09 - 2017-05-02 09:09 - 00000000 ____D C:\Users\Zokki\AppData\Local\ConnectedDevicesPlatform
2017-05-02 09:08 - 2017-05-02 09:08 - 00000000 _SHDL C:\Users\Default\My Documents
2017-05-02 09:08 - 2017-03-19 06:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-02 09:07 - 2017-05-02 09:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-02 09:07 - 2017-05-02 09:07 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-02 09:07 - 2017-05-02 09:07 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-02 09:07 - 2017-05-02 09:07 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-02 09:07 - 2017-05-02 09:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-05-02 09:06 - 2017-05-02 09:06 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-02 09:06 - 2017-05-02 09:06 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-05-02 09:05 - 2017-05-02 09:37 - 01020294 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-02 09:05 - 2017-05-02 09:28 - 00000000 ____D C:\Users\Zokki
2017-05-02 09:05 - 2017-05-02 09:05 - 00939752 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-05-02 09:05 - 2017-05-02 09:05 - 00000000 _SHDL C:\Users\Zokki\My Documents
2017-05-02 09:05 - 2017-05-02 09:05 - 00000000 _SHDL C:\Users\Zokki\Documents\My Videos
2017-05-02 09:05 - 2017-05-02 09:05 - 00000000 _SHDL C:\Users\Zokki\Documents\My Pictures
2017-05-02 09:05 - 2017-05-02 09:05 - 00000000 _SHDL C:\Users\Zokki\Documents\My Music
2017-05-02 09:05 - 2017-05-02 09:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-05-02 09:05 - 2017-05-02 09:05 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-05-02 09:05 - 2017-05-02 09:05 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-05-02 09:05 - 2017-05-02 09:05 - 00000000 ____D C:\Program Files\Realtek
2017-05-02 09:04 - 2017-05-02 09:06 - 00217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-02 09:04 - 2017-05-02 09:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-02 09:04 - 2017-05-02 09:04 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-02 08:54 - 2017-05-02 09:09 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-02 08:54 - 2017-05-02 08:57 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-02 08:54 - 2017-05-02 08:54 - 00000036 _____ C:\WINDOWS\progress.ini
2017-05-02 08:48 - 2017-05-02 09:09 - 00000000 ___HD C:\$GetCurrent
2017-05-02 08:48 - 2017-05-02 09:09 - 00000000 ____D C:\Windows10Upgrade
2017-05-02 08:48 - 2017-05-02 08:48 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-05-02 08:45 - 2017-05-02 08:45 - 00020354 _____ C:\WINDOWS\system32\results.xml
2017-05-02 08:44 - 2017-05-02 08:44 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2017-05-02 08:44 - 2017-05-02 08:44 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2017-05-02 08:43 - 2017-05-02 09:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-05-02 08:43 - 2017-05-02 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2017-05-02 08:43 - 2017-05-02 08:43 - 00057560 _____ C:\Users\Zokki\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-02 08:43 - 2017-05-02 08:43 - 00002783 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2017-05-02 08:43 - 2017-05-02 08:43 - 00000000 ____D C:\Users\Zokki\AppData\Roaming\Intel Corporation
2017-05-02 08:43 - 2017-05-02 08:43 - 00000000 ____D C:\ProgramData\Qualcomm
2017-05-02 08:42 - 2017-05-02 08:42 - 00000000 ____D C:\ProgramData\Downloaded Installations
2017-05-02 08:42 - 2017-05-02 08:42 - 00000000 ____D C:\Program Files\Qualcomm Atheros
2017-05-02 08:42 - 2014-03-14 21:08 - 03896920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-05-02 08:42 - 2014-03-14 19:14 - 00628440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-05-02 08:42 - 2014-03-14 16:42 - 00947928 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-05-02 08:42 - 2014-03-12 19:19 - 57362432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-05-02 08:42 - 2014-03-11 23:50 - 00853784 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-05-02 08:42 - 2014-03-11 12:06 - 01738032 _____ C:\WINDOWS\system32\SStudio.dll
2017-05-02 08:42 - 2014-03-07 12:57 - 02794200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2017-05-02 08:42 - 2014-03-06 18:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-05-02 08:42 - 2014-03-05 07:11 - 01048824 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-05-02 08:42 - 2014-03-05 07:11 - 00889592 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-05-02 08:42 - 2014-03-05 07:11 - 00724728 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-05-02 08:42 - 2014-03-05 07:11 - 00246008 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-05-02 08:42 - 2014-03-04 22:27 - 02831576 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-05-02 08:42 - 2014-03-03 22:21 - 01019608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-05-02 08:42 - 2014-02-27 22:02 - 02162992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-05-02 08:42 - 2014-02-26 10:48 - 00942384 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOSettingsIPC.dll
2017-05-02 08:42 - 2014-02-26 10:47 - 05751048 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2017-05-02 08:42 - 2014-02-18 20:12 - 01042520 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-05-02 08:42 - 2014-02-18 20:12 - 00882776 _____ (Waves Audio Ltd.) C:\WINDOWS\SysWOW64\MaxxAudioAPOShell.dll
2017-05-02 08:42 - 2014-02-18 16:48 - 02396760 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2017-05-02 08:42 - 2014-02-18 16:48 - 01424984 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2017-05-02 08:42 - 2014-02-18 16:48 - 01423960 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2017-05-02 08:42 - 2014-02-16 22:30 - 28314200 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
2017-05-02 08:42 - 2014-02-16 22:30 - 14742104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-05-02 08:42 - 2014-02-16 22:30 - 12816472 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2017-05-02 08:42 - 2014-02-16 22:30 - 03927640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnN64.dll
2017-05-02 08:42 - 2014-02-16 22:30 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-05-02 08:42 - 2014-02-16 22:30 - 02040920 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-05-02 08:42 - 2014-02-16 22:30 - 01933400 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2017-05-02 08:42 - 2014-02-06 13:28 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2017-05-02 08:42 - 2014-01-31 19:28 - 00938608 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2017-05-02 08:42 - 2014-01-31 19:27 - 01313904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2017-05-02 08:42 - 2014-01-28 13:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-05-02 08:42 - 2013-10-11 13:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-05-02 08:42 - 2013-08-20 19:37 - 00605496 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-05-02 08:42 - 2013-08-14 17:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-05-02 08:42 - 2013-08-14 17:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-05-02 08:42 - 2013-06-25 14:47 - 00871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2017-05-02 08:42 - 2013-06-25 14:47 - 00162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2017-05-02 08:42 - 2013-06-25 14:46 - 00582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2017-05-02 08:42 - 2013-04-03 16:13 - 00906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2017-05-02 08:42 - 2012-08-31 21:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-05-02 08:42 - 2012-08-31 21:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-05-02 08:42 - 2012-08-31 21:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-05-02 08:42 - 2012-08-31 21:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-05-02 08:42 - 2012-08-31 21:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-05-02 08:42 - 2012-01-30 13:43 - 00836544 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-05-02 08:42 - 2012-01-10 12:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-05-02 08:42 - 2011-12-20 17:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-05-02 08:42 - 2011-11-22 18:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-05-02 08:42 - 2011-09-02 16:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-05-02 08:42 - 2011-09-02 16:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-05-02 08:42 - 2011-09-02 16:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-05-02 08:42 - 2011-08-23 19:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2017-05-02 08:42 - 2011-03-17 14:17 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-05-02 08:42 - 2011-03-07 19:11 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-05-02 08:42 - 2010-11-08 09:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-05-02 08:42 - 2010-11-08 09:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-05-02 08:42 - 2010-11-08 09:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-05-02 08:42 - 2010-11-08 09:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-05-02 08:42 - 2010-11-08 09:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-05-02 08:42 - 2010-11-08 09:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-05-02 08:42 - 2010-11-03 20:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-05-02 08:42 - 2010-09-27 11:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-05-02 08:42 - 2010-07-22 18:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-05-02 08:42 - 2009-11-24 11:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-05-02 08:42 - 2009-11-24 11:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-05-02 08:42 - 2009-11-24 11:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-05-02 08:42 - 2009-11-24 11:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-05-02 08:41 - 2017-05-02 08:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-02 08:41 - 2017-05-02 08:42 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-05-02 08:41 - 2017-05-02 08:41 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-05-02 08:41 - 2017-03-23 15:44 - 00521656 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-05-02 08:41 - 2017-03-23 15:44 - 00427448 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-05-02 08:41 - 2014-02-26 17:16 - 02080472 ____R (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-05-02 08:41 - 2014-02-18 19:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-05-02 08:41 - 2013-10-16 05:43 - 00209096 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-05-02 08:41 - 2013-10-11 14:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-05-02 08:41 - 2013-10-07 02:26 - 00501184 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2017-05-02 08:41 - 2013-10-07 02:26 - 00487360 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2017-05-02 08:41 - 2013-10-07 02:26 - 00415680 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2017-05-02 08:41 - 2013-09-10 06:02 - 06217904 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-05-02 08:41 - 2013-09-10 06:02 - 00313520 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-05-02 08:41 - 2013-09-10 06:01 - 01938608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-05-02 08:41 - 2013-09-10 06:01 - 00260272 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-05-02 08:41 - 2013-06-21 13:01 - 00109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-05-02 08:41 - 2012-03-08 13:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-05-02 08:41 - 2011-05-31 11:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-05-02 08:40 - 2017-05-02 09:17 - 00000000 ____D C:\Intel
2017-05-02 08:40 - 2017-05-02 09:06 - 00000000 ____D C:\Program Files (x86)\Intel
2017-05-02 08:40 - 2017-05-02 08:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2017-05-02 08:40 - 2017-05-02 08:40 - 00000000 ____D C:\Users\Zokki\Intel
2017-05-02 08:40 - 2017-05-02 08:40 - 00000000 ____D C:\ProgramData\Intel
2017-05-02 08:40 - 2012-07-26 12:36 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wdfres.dll
2017-05-02 08:40 - 2012-06-03 00:35 - 00000003 _____ C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2017-05-02 08:39 - 2017-05-02 09:21 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-02 08:39 - 2017-05-02 09:06 - 00000000 ____D C:\Program Files\Intel
2017-05-02 08:37 - 2017-05-02 08:37 - 00000010 _____ C:\WINDOWS\GSetup.ini
2017-05-01 23:23 - 2017-05-01 23:23 - 00000000 ____D C:\Users\Zokki\AppData\Local\VirtualStore
2017-05-01 23:23 - 2011-04-12 18:28 - 00000000 ____D C:\Users\Zokki\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-03 03:04 - 2017-03-19 07:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-03 03:03 - 2017-03-19 07:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-03 03:02 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-05-03 03:02 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-05-03 03:02 - 2017-03-19 06:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-05-03 03:02 - 2017-03-19 06:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-05-03 03:02 - 2017-03-19 06:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-05-03 03:02 - 2017-03-19 06:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-05-03 03:02 - 2017-03-19 06:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-05-03 03:02 - 2017-03-19 06:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-05-03 03:02 - 2017-03-19 06:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-05-03 03:02 - 2017-03-19 06:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-05-03 03:02 - 2017-03-19 06:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-05-03 03:02 - 2017-03-19 06:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-05-03 03:02 - 2017-03-19 06:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-05-03 03:02 - 2017-03-19 06:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-05-03 03:02 - 2017-03-19 06:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-05-03 03:02 - 2017-03-19 06:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-05-03 03:02 - 2017-03-19 06:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-05-03 03:02 - 2017-03-19 06:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-05-03 03:02 - 2017-03-19 06:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-05-03 03:02 - 2017-03-19 06:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-05-03 03:02 - 2017-03-19 06:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-05-03 03:02 - 2017-03-19 06:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-05-03 03:02 - 2017-03-19 06:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-05-03 03:02 - 2017-03-19 06:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-05-03 03:02 - 2017-03-19 06:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-05-03 03:02 - 2017-03-19 06:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-02 16:20 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-02 09:29 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-02 09:29 - 2017-03-19 07:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-02 09:27 - 2017-03-19 07:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-02 09:22 - 2017-03-19 07:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-02 09:16 - 2017-03-18 21:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-02 09:14 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-02 09:08 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-02 09:08 - 2017-03-19 07:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-02 09:07 - 2017-03-19 07:03 - 00000000 __RSD C:\WINDOWS\Media
2017-05-02 09:07 - 2017-03-19 07:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-02 09:07 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-02 09:07 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-02 09:07 - 2017-03-18 21:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-05-02 09:07 - 2009-07-14 13:20 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-02 09:06 - 2017-03-19 07:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-05-02 09:06 - 2017-03-19 07:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-05-02 09:06 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-05-02 09:06 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-02 09:06 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-05-02 09:06 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\schemas
2017-05-02 09:06 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-05-02 09:06 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-05-02 09:05 - 2017-03-19 12:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-02 09:05 - 2017-03-19 07:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-05-02 09:05 - 2017-03-19 07:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-05-02 09:05 - 2017-03-19 07:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-02 09:05 - 2017-03-18 21:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-02 09:00 - 2009-07-14 14:45 - 00021664 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-02 09:00 - 2009-07-14 14:45 - 00021664 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
 
==================== Files in the root of some directories =======
 
2017-05-02 09:05 - 2017-05-02 09:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-02 09:04
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 PM

Posted 02 May 2017 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
===
 
No malware was found on your logs. This is just a cleanup of items that are not required.
 
 
Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
 
Please copy the entire contents of the code box below to a new file.
 
 
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Zokki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02]
U3 pglcypow; C:\Users\Zokki\AppData\Local\Temp\pglcypow.sys [56584 2017-05-02] (GMER) [File not signed] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Zokki\AppData\Local\Temp\pglcypow.sys
 
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
 
Please let me know what problem persists with this computer.
 
==
 
Before suggesting any other tool please let me know why you have used GMER tool what problems you are having with this computer.
 
 


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 PM

Posted 08 May 2017 - 07:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users